**Update july 2021: not maintained nor used anymore.** I stopped using Jenkins and won't be maintaining this repository anymore. Here are a few reasons: * [jenkins-php.org](https://jenkins-php.org/) ([project's archive here](https://github.com/sebastianbergmann/php-jenkins-template)) said goodbye too and pointed to Gitlab-CI, * many plugins used here have merged or disappeared, with quite some loss of functionnality, * updates of Jenkins and its plugins are too frequent, and may break things unexpectedly, * Jenkins is hella heavy, both for memory and CPU (Gitlab too...), and I prefer taking a more eco-friendly road (testing [Laminar](https://laminar.ohwg.net/) right now :-) **Important : this playbook is quick'n dirty and work in progress. Carefully review before using it.** This Ansible playbook aims at setting a Jenkins CI host linked to Gitea repositories. It will : - install jenkins from pkg.jenkins.io - install the default JDK - install the Jenkins plugins requested for the jenkins-php.org templates - create a jenkins user `gitea` with restricted access just to launch a job - creates the specified jobs - install NginX and set up 2 vhost as recommended in https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy Most of the configuration should be available in the inventory. It is launched usually like this : `ansible-playbook site.yml` ## Prerequisites ### Prerequisites for the Jenkins hosts Hosts should be accessible via SSH as the root user (else, add the usual `remote_user`/`become` instructions in ansible.cfg) and with the Python prerequisite of Ansible (usually `python-minimal`). Only tested on Debian 10 amd64 so far, with Ansible 2.7.7. Note : to test or to limit to one particular host : ``` ansible foo.bar.com -m ping ansible-playbook -l foo.bar.com -v -C -D site.yml ``` ### Prerequisites for the repositories None at the moment : this playbook will not configure Gitea or anything else outside Jenkins. The webhooks and the access to allow Jenkins to clone/pull the repositories are to be done manually (a recap will be displayed at the end of the playbook). ### Prerequisites for the projects Nothing mandatory except the [`build.xml`](http://jenkins-php.org/automation.html) file at the root of each project. See examples in the `roles/jenkins-php-v1/files/skeletons/` directory. ## Directory layout We follow (more or less) the recommendations of https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html with : - `site.yml` : master playbook - `ansible.cfg` and `inventory.yml` : the first one set up some default configurations and introduce the second one : the inventory. - `roles/common/`, `roles/fooapp/` : the roles with their tree `tasks/main.yml`, `files/`, `handlers/main.yml`, ... - `group_vars/group1.yml` and `host_vars/hostname1.yml` : variables dedicated to a group or a host respectively. Note : contrary to some recommendations, I prefer to set some variables in the inventory instead of `host_vars` and `group_vars`. For a small playbook like this one, it seems acceptable and it makes it easier to look where to adapt. ## TODO - stop execution if host is running an untested system ? - update plugins, or at least display a warning when they are not up to date. - integrate docker-plugin nicely - lookup more throroughfully at [configuration as code plugin](https://plugins.jenkins.io/configuration-as-code/) - test [Job DSL](https://plugins.jenkins.io/job-dsl/) (but jenkins-php.org gives only the .xml and job-dsl can't yet generate the groovy code of an existing job) - use jenkins-cli to maintain credentials.xml ? It's not really easy to manipulate in Ansible at the moment... ## License [CC-BY-SA 3.0](http://creativecommons.org/licenses/by-sa/3.0/) like http://jenkins-php.org/ by [Sebastian Bergmann](http://sebastian-bergmann.de/) and his contributors.