Integrating Gerrit with Jenkins for Automated Code Review and CI Pipeline

Background

The team uses Gerrit for code management and code review, and wants to automatically trigger a Jenkins pipeline when a review is submitted and merged. This guide records the steps and pitfalls encountered while configuring Gerrit Trigger, focusing only on the trigger configuration and omitting server‑side details.

Gerrit Configuration

Start a Gerrit instance quickly with Docker. Gerrit runs on HTTP port 8080 and SSH port 29418. The CANONICAL_WEB_URL environment variable sets the server's web address.

docker run --name gerrit -itd \
-p 8088:8080 \
-p 29418:29418 \
-e CANONICAL_WEB_URL=http://192.168.1.200:8088 gerritcodereview/gerrit

After the container starts, install any required plugins or skip that step. Log in with the default admin account and create a Jenkins user.

Generate an SSH key for the Jenkins user inside the container:

[root@zeyang-nuc-service ~]# kubectl exec -it jenkins-6ccf555769-sfdw6 -n devops bash
bash-4.2$ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgI jenkins@jenkins-6ccf555769-sfdw6
The key's randomart image is:
+---[RSA 2048]----+
|   .+o     .     |
|   .. .   . .    |
|  .  = +   =   . |
|  E.. =.o.+ + . .|
|   ..o..So . + o |
|   .o+*.* o   =  |
|    o+oX + + .   |
|     .. * * o    |
|       . =.+     |
+----[SHA256]-----+

The private key resides at /var/jenkins_home/.ssh/id_rsa and the public key at /var/jenkins_home/.ssh/id_rsa.pub . Copy the content of the public key and add it to the Jenkins user in Gerrit (click ADD ).

Add the Jenkins user to the Non‑interactive Users group (BROWSE > Groups > Non‑Interactive Users > Members).

Create a repository and set simple permissions:

refs/* : read Non-interactive Users
refs/heads/* : Label Code-Review Non-interactive Users

Create the Event Streaming Users group (Gerrit 2.7+) and add the Jenkins user to it.

Enable streaming events for all projects (BROWSE > repos > All‑Projects > Access > Global Capabilities > Stream Events) and allow the group:

allow Event Streaming Users

At this point Gerrit configuration is complete.

Jenkins Configuration

Install the Gerrit Hook plugin; the Gerrit icon appears in the Jenkins system management UI.

If you encounter Connection error : com.jcraft.jsch.JSchException: Auth fail , it is usually an SSH‑key problem.

Add the Gerrit Trigger to a pipeline job.

Create a Code Review

[root@zeyang-nuc-service devops]# ls
aa,txt  aasss,txt  sss  test.txt
[root@zeyang-nuc-service devops]# echo 123 >test.txt
[root@zeyang-nuc-service devops]# git add .
[root@zeyang-nuc-service devops]# git commit -m "init"
[master 77f6474] init
1 file changed, 1 insertion(+), 1 deletion(-)
[root@zeyang-nuc-service devops]# git push origin HEAD:refs/for/master
Username for 'http://192.168.1.200:8088': admin
Password for 'http://[email protected]:8088':
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 253 bytes | 253.00 KiB/s, done.
Total 2 (delta 1), reused 0 (delta 0)
remote: Resolving deltas: 100% (1/1)
remote: Processing changes: refs: 1, new: 1, done
remote: SUCCESS
remote:   http://192.168.1.200:8088/c/devops/+/21 init [NEW]
To http://192.168.1.200:8088/devops
* [new branch]      HEAD -> refs/for/master

After the review is merged, the Jenkins pipeline is triggered automatically.

Pipeline as Code

//Pipeline params
String BRANCH_NAME = "${env.GERRIT_BRANCH}"
String PROJECT_NAME = "devops"
String PROJECT_URL = "http://192.168.1.200:8088/devops"
currentBuild.description = "Trigger By ${BRANCH_NAME}"
//Pipeline
pipeline{
agent {
node {  label "build"   // specify node label
}
}
options{
skipDefaultCheckout()
}
triggers {
// configure Gerrit trigger
gerrit  customUrl: '',
gerritProjects: [[branches: [[compareType: 'ANT', pattern: '**']],
compareType: 'PLAIN',
disableStrictForbiddenFileVerification: false,
pattern: "${PROJECT_NAME}"]],
serverName: 'devops',
triggerOnEvents: [changeMerged()]
}
stages{
stage("GetCode"){
steps{
echo "========executing GetCode========"
// checkout code
checkout([$class: 'GitSCM', branches: [[name: "${BRANCH_NAME}"]],
doGenerateSubmoduleConfigurations: false,
extensions: [],
submoduleCfg: [],
userRemoteConfigs: [[url: "${PROJECT_URL}"]]])
}
}
}
post{
always{
echo "========always========"
cleanWs()
}
success{
echo "========pipeline executed successfully ========"
}
failure{
echo "========pipeline execution failed========"
}
}
}

With this Jenkinsfile, Gerrit events such as changeMerged() automatically start the pipeline, retrieve the code, and run the defined stages. The setup demonstrates a practical DevOps workflow where every change must pass a code review before being merged and built.

Conclusion

The integration of Gerrit and Jenkins is now functional; further steps can add build and deployment stages. Using Gerrit for code review simplifies the review process, and the automated pipeline ensures consistent CI/CD execution.