Integrating Gerrit with Jenkins for Automated Code Review and CI Pipeline

Background

The team uses Gerrit for code management and code review, and wants to automatically trigger a Jenkins pipeline when a review is submitted and merged. This guide records the steps and pitfalls encountered while configuring Gerrit Trigger, focusing only on the trigger configuration and omitting server‑side details.

Gerrit Configuration

Start a Gerrit instance quickly with Docker. Gerrit runs on HTTP port 8080 and SSH port 29418. The CANONICAL_WEB_URL environment variable sets the server's web address.

docker run --name gerrit -itd \
-p 8088:8080 \
-p 29418:29418 \
-e CANONICAL_WEB_URL=http://192.168.1.200:8088 gerritcodereview/gerrit

After the container starts, install any required plugins or skip that step. Log in with the default admin account and create a Jenkins user.

Generate an SSH key for the Jenkins user inside the container:

[root@zeyang-nuc-service ~]# kubectl exec -it jenkins-6ccf555769-sfdw6 -n devops bash<br>bash-4.2$ id<br>uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)<br>bash-4.2$ ssh-keygen<br>Generating public/private rsa key pair.<br>Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):<br>Created directory '/var/jenkins_home/.ssh'.<br>Enter passphrase (empty for no passphrase):<br>Enter same passphrase again:<br>Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.<br>Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.<br>The key fingerprint is:<br>SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgI jenkins@jenkins-6ccf555769-sfdw6<br>The key's randomart image is:<br>+---[RSA 2048]----+<br>|   .+o     .     |<br>|   .. .   . .    |<br>|  .  = +   =   . |<br>|  E.. =.o.+ + . .|<br>|   ..o..So . + o |<br>|   .o+*.* o   =  |<br>|    o+oX + + .   |<br>|     .. * * o    |<br>|       . =.+     |<br>+----[SHA256]-----+

The private key resides at /var/jenkins_home/.ssh/id_rsa and the public key at /var/jenkins_home/.ssh/id_rsa.pub. Copy the content of the public key and add it to the Jenkins user in Gerrit (click ADD ).

Add the Jenkins user to the Non‑interactive Users group (BROWSE > Groups > Non‑Interactive Users > Members).

Create a repository and set simple permissions:

refs/* : read Non-interactive Users<br>refs/heads/* : Label Code-Review Non-interactive Users

Create the Event Streaming Users group (Gerrit 2.7+) and add the Jenkins user to it.

Enable streaming events for all projects (BROWSE > repos > All‑Projects > Access > Global Capabilities > Stream Events) and allow the group: allow Event Streaming Users At this point Gerrit configuration is complete.

Jenkins Configuration

Install the Gerrit Hook plugin; the Gerrit icon appears in the Jenkins system management UI.

If you encounter Connection error : com.jcraft.jsch.JSchException: Auth fail , it is usually an SSH‑key problem.

Add the Gerrit Trigger to a pipeline job.

Create a Code Review

[root@zeyang-nuc-service devops]# ls<br>aa,txt  aasss,txt  sss  test.txt<br>[root@zeyang-nuc-service devops]# echo 123 >test.txt<br>[root@zeyang-nuc-service devops]# git add .<br>[root@zeyang-nuc-service devops]# git commit -m "init"<br>[master 77f6474] init<br> 1 file changed, 1 insertion(+), 1 deletion(-)<br>[root@zeyang-nuc-service devops]# git push origin HEAD:refs/for/master<br>Username for 'http://192.168.1.200:8088': admin<br>Password for 'http://[email protected]:8088':<br>Enumerating objects: 3, done.<br>Counting objects: 100% (3/3), done.<br>Delta compression using up to 8 threads.<br>Compressing objects: 100% (2/2), done.<br>Writing objects: 100% (2/2), 253 bytes | 253.00 KiB/s, done.<br>Total 2 (delta 1), reused 0 (delta 0)<br>remote: Resolving deltas: 100% (1/1)<br>remote: Processing changes: refs: 1, new: 1, done<br>remote: SUCCESS<br>remote:   http://192.168.1.200:8088/c/devops/+/21 init [NEW]<br>To http://192.168.1.200:8088/devops<br> * [new branch]      HEAD -> refs/for/master

After the review is merged, the Jenkins pipeline is triggered automatically.

Pipeline as Code

//Pipeline params<br>String BRANCH_NAME = "${env.GERRIT_BRANCH}"<br>String PROJECT_NAME = "devops"<br>String PROJECT_URL = "http://192.168.1.200:8088/devops"<br>currentBuild.description = "Trigger By ${BRANCH_NAME}"<br><br>//Pipeline<br>pipeline{<br>    agent {<br>        node {  label "build"   // specify node label<br>        }<br>    }<br>    options{<br>        skipDefaultCheckout()<br>    }<br>    triggers {<br>        // configure Gerrit trigger<br>        gerrit  customUrl: '',<br>                gerritProjects: [[branches: [[compareType: 'ANT', pattern: '**']],<br>                compareType: 'PLAIN',<br>                disableStrictForbiddenFileVerification: false,<br>                pattern: "${PROJECT_NAME}"]],<br>                serverName: 'devops',<br>                triggerOnEvents: [changeMerged()]<br>    }<br>    stages{<br>        stage("GetCode"){<br>            steps{<br>                echo "========executing GetCode========"<br>                // checkout code<br>                checkout([$class: 'GitSCM', branches: [[name: "${BRANCH_NAME}"]],<br>                                      doGenerateSubmoduleConfigurations: false,<br>                                      extensions: [],<br>                                      submoduleCfg: [],<br>                                      userRemoteConfigs: [[url: "${PROJECT_URL}"]]])<br>            }<br>        }<br>    }<br>    post{<br>        always{<br>            echo "========always========"<br>            cleanWs()<br>        }<br>        success{<br>            echo "========pipeline executed successfully ========"<br>        }<br>        failure{<br>            echo "========pipeline execution failed========"<br>        }<br>    }<br>}

With this Jenkinsfile, Gerrit events such as changeMerged() automatically start the pipeline, retrieve the code, and run the defined stages. The setup demonstrates a practical DevOps workflow where every change must pass a code review before being merged and built.

Conclusion

The integration of Gerrit and Jenkins is now functional; further steps can add build and deployment stages. Using Gerrit for code review simplifies the review process, and the automated pipeline ensures consistent CI/CD execution.