Makes Codebuild buildjobs a Jenkins Agent.
- Using something like the ECS Plugin with Fargate works great for Jenkins builds that are not creating docker images.
- Using the official Codebuild Plugin for Jenkins works great if you want your build being mostly defined in the
Buildspec.yml
file. However what if you want to use theJenkinsfile
for pipeline code? - This plugin is a derivative of the CodeBuilder Plugin that Loren Segal wrote. I wanted the plugin to be able to use the off the shelf images coming out of codebuild for a few reasons:
- The latest AWS official images are always cached in the CodeBuild environment. Using your own custom image easily adds 3-5 minutes per build based on my experience with it.
- If your primary build methodology is containers, you dont actually care much about the base image since most of the work is happening in the dockerfile.
- To this end eliminating the maintenence of the agent image and getting Jenkins Agents to connect was the primary goal, as well as enabling any custom logic via a custom
buildspec.yml
within the jenkins cloud interface.
- Install the plugin from the update center
- You need a CodeBuild build project. An out of the box one will do. Many of the parameters we are going to be overriding, see
CodeBuildLauncher
in the source if you want to know which ones.- Option 1 CLI:
# Optional command to create a bare IAM role named "jenkins-default" aws iam create-role \ --role-name jenkins-default \ --assume-role-policy-document \ '{"Version":"2012-10-17","Statement":[{"Effect": "Allow","Principal":{"Service":"codebuild.amazonaws.com"},"Action":"sts:AssumeRole"}]}' # Create the project named "jenkins-build" using our service role aws codebuild create-project \ --name jenkins-build \ --service-role nick-default \ --artifacts type=NO_ARTIFACTS \ --environment type=LINUX_CONTAINER,image=aws/codebuild/docker:18.09.0,computeType=BUILD_GENERAL1_SMALL \ --source $'type=NO_SOURCE, buildspec=version:0.2\nphases:\n build:\n commands:\n - exit 1'
- Option 2 CFT, with a use case if you require the build agent internally on a VPC. Use the CFT from
cft/example_cft.yml
- Option 1 CLI:
- Configure the plugin
- Here we need to know a little bit more on how we plan on the image connecting to jenkins. Will it go through a websocket, direct connection or tunnel via proxy? I will explain a simple case, but each case will be different.
- Add a new cloud via
Manage Jenkins --> Manage Nodes and Clouds --> Configure Clouds
- See
resources/images/param1.png
andresources/images/param2.png
. If jenkins is running as a role with the correct permisisons, AWS Credentials can be ignored. If not, an IAM user should be setup with needed permissions- Permissions needed by the jenkins master/controller:
- Sid: CodeBuild Action: - "codebuild:List*" - "codebuild:Describe*" - "codebuild:Get*" - "codebuild:StartBuild" - "codebuild:StopBuild" - "codebuild:BatchGet*" Resource: - "*"
- Permissions needed by the jenkins master/controller:
- Select the proper region. The Codebuild Project Name parameter will dynamically load projects it finds, select the correct one.
- label - whatever you want to label this agent type. Something like
codebuild-agent
- Compute Type - Select the desired amount of resources
- Environment Type and Docker Image - Here you need to know what you are launching. Is it an ARM container, or an X86/AMD64 one? Is it a windows container? Is it a custom container you have built out of ECR? See help text to fill out these 2 parameters
- Leave the defaults for
Disable reconnect
andAgent Timeout
unless using ECR, real help. - Buildspec is where this plugin gets interesting. Are you using a custom docker image or off the shelf? If using an off the shelf image from AWS like
aws/codebuild/amazonlinux2-aarch64-standard:2.0
it doesnt have jenkins agents deployed to it. So we need to add those pieces. If you are using your own custom image-
Using off the shelf image, example below.
- Key takeaways: Do not use in production, figure out how to pull binaries from somewhere local in AWS like S3 or the jenkins master itself. Also this assumes you want the docker daemon available to uou.
version: 0.2 phases: install: #If you use the Ubuntu standard image 2.0 or later, you must specify runtime-versions. #If you specify runtime-versions and use an image other than Ubuntu standard image 2.0, the build fails. #runtime-versions: # name: version # name: version commands: - curl --create-dirs -fsSLo /usr/share/jenkins/agent.jar https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/main/remoting/4.13.3/remoting-4.13.3.jar - chmod 755 /usr/share/jenkins && chmod 644 /usr/share/jenkins/agent.jar && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar - mkdir -p /home/jenkins/.jenkins && mkdir -p /home/jenkins/agent - curl --create-dirs -fsSLo /usr/local/bin/jenkins-agent https://raw.githubusercontent.com/carpnick/docker-inbound-agent/master/jenkins-agent - chmod +x /usr/local/bin/jenkins-agent && ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave pre_build: commands: - which dockerd-entrypoint.sh >/dev/null && dockerd-entrypoint.sh || exit 0 # - command build: commands: - /usr/local/bin/jenkins-agent $JENKINS_CODEBUILD_PROXY_CREDENTIALS $JENKINS_CODEBUILD_DISABLE_SSL_VALIDATION $JENKINS_CODEBUILD_NORECONNECT -workDir /home/jenkins/agent
- Key takeaways: Do not use in production, figure out how to pull binaries from somewhere local in AWS like S3 or the jenkins master itself. Also this assumes you want the docker daemon available to uou.
-
Using JNLP image from Jenkins like this one:
version: 0.2 phases: pre_build: commands: - which dockerd-entrypoint.sh >/dev/null && dockerd-entrypoint.sh || exit 0 build: commands: - /usr/local/bin/jenkins-agent $JENKINS_CODEBUILD_PROXY_CREDENTIALS $JENKINS_CODEBUILD_DISABLE_SSL_VALIDATION $JENKINS_CODEBUILD_NORECONNECT -workDir /home/jenkins/agent
-
Param3.png
shows the rest of the params you can set. These are typical JNLP params for jenkins. If you dont know how to use them, I would suggest looking here
- Write a pipeline to verify connectivity
node("codebuild-agent"){ echo "Hello World" }
- If you have issues, look at the jenkins log on the master/controller
- Fork into your own namespace
- Environment setup
- Requires Java 17. We use Coretto.
- Export JAVA_HOME, IE:
export JAVA_HOME=/Library/Java/JavaVirtualMachines/temurin-17.jdk/Contents/Home
- Make sure you have a new version of maven:
brew install maven
mvn verify
ormvn clean install
to build- To run a local instance
mvn clean hpi:run
ormvn clean compile hpi:run
- Useful Maven calls
- Use for debug logging -
mvn clean compile hpi:run -Djava.util.logging.config.file=resources/logging.properties
- Use for debug logging -
- When updating the
pom.xml
specifically jenkins dependencies like modules and plugins, use https://repo.jenkins-ci.org/public/org to determine correct versions. While there might be newer versions in maven central or other repositories, it will fail in Github Actions.
- Jenkins.get().getComputer().get_all()[1].getJnlpMac()
Open issues here in Github
Refer to our contribution guidelines
Licensed under MIT, see LICENSE