Jenkins โ CI/CD Server¶
Jenkins is an extensible open-source automation server commonly used to build, test, and deploy software. Below are recommended patterns, a sample declarative Jenkinsfile, and security notes.
When to use Jenkins¶
- Flexible pipelines that require many plugins or legacy integrations.
- On-prem CI/CD where hosted runners are not an option.
- Integrations with enterprise tooling (AD, artifact stores, custom agents).
Recommended setup¶
- Run Jenkins as a container or on a dedicated VM. Use persistent storage for
JENKINS_HOME. - Use the recommended Kubernetes or Docker agent model for scalable builds.
- Keep plugin set minimal and review plugin security advisories regularly.
Example: Declarative Jenkinsfile¶
pipeline {
agent any
environment {
REGISTRY = 'myregistry.example.com/myteam'
}
stages {
stage('Checkout') {
steps { checkout scm }
}
stage('Build') {
steps { sh 'docker build -t ${REGISTRY}/myapp:${GIT_COMMIT::8} .' }
}
stage('Test') {
steps { sh 'pytest -q' }
post { always { junit 'reports/*.xml' } }
}
stage('Scan') {
steps { sh 'trivy image --exit-code 1 ${REGISTRY}/myapp:${GIT_COMMIT::8} || true' }
}
stage('Push') {
when { branch 'main' }
steps {
sh 'docker push ${REGISTRY}/myapp:${GIT_COMMIT::8}'
}
}
}
post {
success { echo 'Build succeeded' }
failure { mail to: 'oncall@example.com', subject: "Build failed: ${env.JOB_NAME}", body: 'See Jenkins for details' }
}
}
Security & best practices¶
- Use credentials store for secrets (Jenkins Credentials), and avoid printing secrets in logs.
- Limit who can create jobs and use role-based access control (RBAC) where possible.
- Keep the Jenkins server and plugins up-to-date; enable CSRF protection and use TLS on the web UI.
- Prefer ephemeral build agents (Kubernetes, Docker) over long-running agents.
If you'd like, I can add a sample Jenkinsfile in examples/jenkins/ and a short guide on setting up Jenkins on AKS or a VM.