Skip to content

Add GHA CI: Jenkins container, job matrix, and pipeline #1

Add GHA CI: Jenkins container, job matrix, and pipeline

Add GHA CI: Jenkins container, job matrix, and pipeline #1

Workflow file for this run

# GHA CI: run Jenkins container, install ci-demo as a Pipeline job, trigger basic job matrix.
name: CI (Jenkins)
on:
push:
branches: [master, main, feature/gha-ci]
pull_request:
branches: [master, main, feature/gha-ci]
jobs:
jenkins-ci:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build Jenkins image with plugins
run: |
docker build -t jenkins-ci-demo -f .github/Dockerfile.jenkins .
- name: Start Jenkins
run: |
docker run -d --name jenkins \
-u root \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "$PWD/.github/scripts/jenkins-disable-security.groovy:/usr/share/jenkins/ref/init.groovy.d/disable-security.groovy:ro" \
-v "$PWD/.github/scripts/jenkins-add-master-label.groovy:/usr/share/jenkins/ref/init.groovy.d/add-master-label.groovy:ro" \
-p 8080:8080 \
-e JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true -Dpermissive-script-security.enabled=no_security" \
jenkins-ci-demo \
/usr/local/bin/jenkins.sh
echo "Jenkins container started. Initial log:"
sleep 5
docker logs jenkins 2>&1 | tail -60
- name: Wait for Jenkins
run: |
echo "Waiting for Jenkins to be ready..."
max=90
for i in $(seq 1 $max); do
if curl -sf http://localhost:8080/login >/dev/null; then
echo "Jenkins is up."
break
fi
echo " ... waiting for Jenkins ($i/$max)"
sleep 5
done
if ! curl -sf http://localhost:8080/login >/dev/null; then
echo "Jenkins did not become ready. Container status and last 80 lines of logs:"
docker ps -a --filter name=jenkins
docker logs jenkins 2>&1 | tail -80
exit 1
fi
echo "Waiting 30s for init scripts (disable security) and plugin activation..."
sleep 30
- name: Verify Jenkins API accessible
run: |
code=$(curl -s -o /tmp/api-out -w "%{http_code}" "http://localhost:8080/api/json")
if [ "$code" != "200" ]; then
echo "Jenkins API returned $code (expected 200). Security may not be disabled. Response:"
head -c 500 /tmp/api-out
exit 1
fi
echo "Jenkins API OK (unauthenticated)."
- name: Get Jenkins CLI
run: |
curl -s -o jenkins-cli.jar "http://localhost:8080/jnlpJars/jenkins-cli.jar"
java -jar jenkins-cli.jar -s http://localhost:8080 version || (echo "Jenkins CLI failed"; exit 1)
- name: Create ci-demo job (Jenkins CLI)
env:
REPO_URL: "https://github.com/${{ github.repository }}.git"
BRANCH: "${{ github.ref_name }}"
run: |
sed -e "s|REPO_URL_PLACEHOLDER|${REPO_URL}|g" \
-e "s|BRANCH_PLACEHOLDER|${BRANCH}|g" \
.github/jenkins-job-config.xml > job-config.xml
java -jar jenkins-cli.jar -s http://localhost:8080 create-job ci-demo < job-config.xml || true
java -jar jenkins-cli.jar -s http://localhost:8080 update-job ci-demo < job-config.xml
- name: Verify Pipeline job exists (Jenkins CLI)
run: |
java -jar jenkins-cli.jar -s http://localhost:8080 get-job ci-demo > /dev/null
echo "Job ci-demo exists."
- name: Trigger first build (may fail until script is approved)
continue-on-error: true
run: |
java -jar jenkins-cli.jar -s http://localhost:8080 build ci-demo -p conf_file=.ci/job_matrix_gha.yaml -s -v || true
- name: Approve pipeline scripts
run: |
script='import jenkins.model.Jenkins; def sa = Jenkins.instance.getExtensionList("org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval")[0].get(); sa.preapproveAll(); sa.save(); return "OK";'
out=$(curl -s -X POST --data-urlencode "script=$script" "http://localhost:8080/scriptText")
echo "$out"
- name: Trigger build and wait (Jenkins CLI)
run: |
java -jar jenkins-cli.jar -s http://localhost:8080 build ci-demo -p conf_file=.ci/job_matrix_gha.yaml -s -v
- name: Show Jenkins build console
run: |
echo "=== Jenkins pipeline console (last build) ==="
curl -s "http://localhost:8080/job/ci-demo/lastBuild/consoleText" || echo "Could not fetch console"