Create your first Jenkins project (with git as SCM)

First, make sure you've installed Jenkins.

For a project that uses git as SCM we need to install the git plugin.
You can easily do this when going to /pluginManager/available

Filter on git and install at least the GIT-plugin

Now after you've installed that you can create a new project (or Item in Jenkins terms):

Give it a proper name and select Build a free-style software project 
At the Source Code Management section, you select git and enter in the location of your git-repository.

When you get the error:

Failed to connect to repository :
stderr: Host key verification failed. 
fatal: The remote end hung up unexpectedly

It's time to make sure the Jenkins user (default=jenkins) has an ssh key.

So let's create an ssh key for the user jenkins first.
You can place them in the home directory of Jenkins, default: /var/lib/jenkins/.ssh

Make sure the id_rsa and id_rsa.pub (or whatever names you gave to your keys) have the correct permissions:

$ sudo chmod 600 ~/.ssh/id_rsa
$ sudo chmod 600 ~/.ssh/id_rsa.pub

I recommend testing a git clone when you're logged in as jenkins, to add the unknown host to you known_hosts file. Otherwise Jenkins will hang at this point.

 

Now go back to you Jenkins Item.
As branche I fill in develop (because I like to Continious Integrate with the develop branche) see also my article over Git Flow.

Now add a Build step "Execute shell" and place this for you Django project:

#!/bin/bash -ex
cd $WORKSPACE
virtualenv -q ve
source ./ve/bin/activate
pip install -r requirements.txt
pip install -r requirements-testing.txt
cd $WORKSPACE/src/your-project
cp settings_example.py settings.py
cd $WORKSPACE/src
export mysql_user=jenkins
export mysql_pwd=password
python manage.py collectstatic --link --noinput
cd $WORKSPACE
py.test . --junitxml=./test_results.xml --ignore=ve
coverage run --source . -m py.test . --ignore ve && coverage html
./linters.sh >> linters.txt


# when you came this far, you can actually build the real thing!

#deactivate
#cd /var/www/pydocs/your-project/t-your-project
#source /home/user/virtualenvs/t-your-project/bin/activate
#git pull
#pip install -r requirements.txt
#cd /var/www/pydocs/your-project/t-your-project/src
#python manage.py syncdb --migrate --noinput
#python manage.py collectstatic --link --noinput
#sudo supervisorctl restart your-project_testing
#sudo /usr/sbin/nginx -s reload
#deactivate

This wil pull changes from the git repository, make an virtual environment in the folder ve.
Install all the requirements recursively from requirements.txt (from your repo), set the settings based on settings_example.py.
Make sure the credentials for the user and password of your database are set in the environment.

Settings.py looks like this, so it can retrieve those environment settings:

import os 
mysql_user = os.environ['mysql_user']
mysql_pwd = os.environ['mysql_pwd']

It then runs syncdb with migrations.

It then runs all the tests and IGNORES the virtualenv folder it just created, hence the --ignore=ve and outputs the test-results into test_results.xml.

And it performs the linters found in linters.sh and the output is saved to linters.txt

Now you probably want to show these artifacts aswell, hence, add a Post-build action:

Archive the artifacts, with value: linters.txt, htmlcov/**

And another post-build action named Publish Junit test result report with the value: test_results.xml

To make sure your git repo get's polled every 15 minuts (to check if there are updates, hence to do a built), fill in Poll SCM with the value: H/15 * * * *

 

Now if you want the user jenkins to restart your Nginx, or refresh the supervisor files as a sudo user, but you don't want jenkins to have sudo permissions for everything, edit your sudo file like so:

$ sudo visudo

And add these lines to the bottom:

Defaults:jenkins !requiretty,!lecture
jenkins ALL=NOPASSWD:/usr/sbin/nginx
jenkins ALL=NOPASSWD:/usr/bin/supervisorctl

To make sure anonymous users don't have read access, you'd have to install this plugin:

https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin

And add the role "Anonymous, and select nothing"

For "authenticated" you can only select the Read for Job.