BestHub
Sign in
Operations 8 min read

Integrating Gerrit with Jenkins for Automated Code Review Triggered Pipelines

This guide explains how to set up a Gerrit instance, configure SSH keys and permissions, install the Gerrit Trigger plugin in Jenkins, and create a Jenkins pipeline that automatically runs when a review is merged, providing a complete end‑to‑end CI/CD workflow.

DevOps Cloud Academy
DevOps Cloud Academy
DevOps Cloud Academy
Integrating Gerrit with Jenkins for Automated Code Review Triggered Pipelines

Background – The team uses Gerrit for code management and code review and wants a Jenkins pipeline to be triggered automatically when a review is merged. The article focuses on Gerrit Trigger configuration and omits server‑level details to keep the setup simple.

Gerrit configuration – A Gerrit container can be started quickly with Docker. The essential command is:

docker run --name gerrit -itd \
-p 8088:8080 \
-p 29418:29418 \
-e CANONICAL_WEB_URL=http://192.168.1.200:8088 gerritcodereview/gerrit

After the container starts, install any required plugins via the web UI, then log in with the default admin account and create a Jenkins user.

Jenkins SSH‑key setup – Inside the Jenkins pod, generate an RSA key pair:

[root@zeyang-nuc-service ~]# kubectl exec -it jenkins-6ccf555769-sfdw6 -n devops bash
bash-4.2$ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.
SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgI jenkins@jenkins-6ccf555769-sfdw6

The private key resides at /var/jenkins_home/.ssh/id_rsa and the public key at /var/jenkins_home/.ssh/id_rsa.pub. Copy the public key content and add it to the Gerrit Jenkins user (via the “ADD” button).

Gerrit user and group permissions – Add the Jenkins user to the Non‑interactive Users group (BROWSE → Groups → Non‑Interactive Users → Members). Create a repository and set basic permissions:

refs/* :read Non-interactive Users
refs/heads/* :Label Code-Review Non-interactive Users

Create an Event Streaming Users group (Gerrit 2.7+) and add the Jenkins user. Then enable the global capability “Stream Events” for that group in All‑Projects: allow Event Streaming Users At this point Gerrit is ready to emit events to Jenkins.

Jenkins configuration – Install the “Gerrit Trigger” plugin, which adds a Gerrit icon in the system management UI. In a pipeline job, add the Gerrit Trigger and configure it to listen for changeMerged() events on the desired project.

Creating a code review – From the project directory, push a change to Gerrit using the special ref:

[root@zeyang-nuc-service devops]# git add .
[root@zeyang-nuc-service devops]# git commit -m "init"
[root@zeyang-nuc-service devops]# git push origin HEAD:refs/for/master

The push triggers the Gerrit UI, where the review can be approved and merged. Once merged, Gerrit sends the event to Jenkins, which starts the pipeline.

Pipeline as code – A sample Jenkinsfile that uses the Gerrit parameters is provided:

//Pipeline params
String BRANCH_NAME = "${env.GERRIT_BRANCH}"
String PROJECT_NAME = "devops"
String PROJECT_URL = "http://192.168.1.200:8088/devops"
currentBuild.description = "Trigger By ${BRANCH_NAME}"

pipeline{
    agent{ node{ label "build" } }
    options{ skipDefaultCheckout() }
    triggers{
        gerrit customUrl: '',
            gerritProjects: [[branches: [[compareType: 'ANT', pattern: '**']],
                compareType: 'PLAIN',
                disableStrictForbiddenFileVerification: false,
                pattern: "${PROJECT_NAME}"]],
            serverName: 'devops',
            triggerOnEvents: [changeMerged()]
    }
    stages{
        stage("GetCode"){
            steps{
                echo "========executing GetCode========"
                checkout([$class: 'GitSCM', branches: [[name: "${BRANCH_NAME}"]],
                    doGenerateSubmoduleConfigurations: false,
                    extensions: [],
                    submoduleCfg: [],
                    userRemoteConfigs: [[url: "${PROJECT_URL}"]]])
            }
        }
    }
    post{
        always{ echo "========always========"; cleanWs() }
        success{ echo "========pipeline executed successfully ========" }
        failure{ echo "========pipeline execution failed========" }
    }
}

With this configuration, every merged Gerrit change automatically triggers the Jenkins pipeline, enabling a smooth CI/CD flow for the team.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

ci/cdDevOpsPipelineJenkinsGerrit
DevOps Cloud Academy
Written by

DevOps Cloud Academy

Exploring industry DevOps practices and technical expertise.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment