Integrating Gerrit with Jenkins for Automated Code Review and CI Pipelines
This guide explains how to set up Gerrit in Docker, configure SSH keys and user groups, install the Gerrit Trigger plugin in Jenkins, and create a Jenkinsfile so that a successful code review automatically triggers a Jenkins pipeline, providing a streamlined DevOps workflow.
Background: The team uses Gerrit for code management and code review and wants Jenkins pipelines to be triggered automatically when a review is merged.
Gerrit configuration: Gerrit is started quickly with Docker using the command:
docker run --name gerrit -itd \
-p 8088:8080 \
-p 29418:29418 \
-e CANONICAL_WEB_URL=http://192.168.1.200:8088 gerritcodereview/gerritAfter the container starts, the required plugins are installed, a Jenkins user is created, and an SSH key pair is generated inside the Jenkins container:
[root@zeyang-nuc-service ~]# kubectl exec -it jenkins-6ccf555769-sfdw6 -n devops bash
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.
SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgI jenkins@jenkins-6ccf555769-sfdw6The public key ( /var/jenkins_home/.ssh/id_rsa.pub ) is copied into Gerrit’s Jenkins user configuration. The Jenkins user is added to the Non‑interactive Users group and to the Event Streaming Users group, and repository permissions are set (e.g., refs/* : read Non‑interactive Users , refs/heads/* : Label Code‑Review Non‑interactive Users ). Stream Events are enabled in the All‑Projects global capabilities.
Jenkins configuration: The Gerrit Hook plugin is installed, the Gerrit server appears in Jenkins system management, and a Gerrit Trigger is added to a pipeline job. Authentication errors are usually caused by missing or mismatched SSH keys.
Testing the trigger: A change is pushed to Gerrit with:
git push origin HEAD:refs/for/masterAfter the review is merged, Gerrit sends the trigger to Jenkins, which starts the pipeline.
Pipeline as code: An example Jenkinsfile demonstrates how to read Gerrit parameters, checkout the source code, and define stages with post actions:
//Pipeline params
String BRANCH_NAME = "${env.GERRIT_BRANCH}"
String PROJECT_NAME = "devops"
String PROJECT_URL = "http://192.168.1.200:8088/devops"
currentBuild.description = "Trigger By ${BRANCH_NAME}"
pipeline{
agent { node { label "build" } }
options{ skipDefaultCheckout() }
triggers {
gerrit customUrl: '',
gerritProjects: [[branches: [[compareType: 'ANT', pattern: '**']],
compareType: 'PLAIN',
pattern: "${PROJECT_NAME}"]],
serverName: 'devops',
triggerOnEvents: [changeMerged()]
}
stages{
stage("GetCode"){
steps{
checkout([$class: 'GitSCM', branches: [[name: "${BRANCH_NAME}"]],
userRemoteConfigs: [[url: "${PROJECT_URL}"]]])
}
}
}
post{
always{ cleanWs() }
success{ echo "pipeline executed successfully" }
failure{ echo "pipeline execution failed" }
}
}With these configurations, Gerrit‑triggered builds run automatically, providing a smooth DevOps workflow for code review and continuous integration.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.