BestHub
search
Sign in
Operations 8 min read

Integrating Gerrit with Jenkins for Automated Code Review Triggered Pipelines

This guide explains how to set up a Gerrit instance, configure SSH keys and permissions, install the Gerrit Trigger plugin in Jenkins, and create a Jenkins pipeline that automatically runs when a review is merged, providing a complete end‑to‑end CI/CD workflow.

DevOps Cloud Academy
DevOps Cloud Academy
DevOps Cloud Academy
Integrating Gerrit with Jenkins for Automated Code Review Triggered Pipelines

Background – The team uses Gerrit for code management and code review and wants a Jenkins pipeline to be triggered automatically when a review is merged. The article focuses on Gerrit Trigger configuration and omits server‑level details to keep the setup simple.

Gerrit configuration – A Gerrit container can be started quickly with Docker. The essential command is:

docker run --name gerrit -itd \
-p 8088:8080 \
-p 29418:29418 \
-e CANONICAL_WEB_URL=http://192.168.1.200:8088 gerritcodereview/gerrit

After the container starts, install any required plugins via the web UI, then log in with the default admin account and create a Jenkins user.

Jenkins SSH‑key setup – Inside the Jenkins pod, generate an RSA key pair:

[root@zeyang-nuc-service ~]# kubectl exec -it jenkins-6ccf555769-sfdw6 -n devops bash
bash-4.2$ id
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/jenkins_home/.ssh/id_rsa):
Created directory '/var/jenkins_home/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/jenkins_home/.ssh/id_rsa.
Your public key has been saved in /var/jenkins_home/.ssh/id_rsa.pub.
SHA256:nGqkSVAUuc2xrGe8Bz/xuWcQ/YVrDISPJux+tCZkJgI jenkins@jenkins-6ccf555769-sfdw6

The private key resides at /var/jenkins_home/.ssh/id_rsa and the public key at /var/jenkins_home/.ssh/id_rsa.pub . Copy the public key content and add it to the Gerrit Jenkins user (via the “ADD” button).

Gerrit user and group permissions – Add the Jenkins user to the Non‑interactive Users group (BROWSE → Groups → Non‑Interactive Users → Members). Create a repository and set basic permissions:

refs/* :read Non-interactive Users
refs/heads/* :Label Code-Review Non-interactive Users

Create an Event Streaming Users group (Gerrit 2.7+) and add the Jenkins user. Then enable the global capability “Stream Events” for that group in All‑Projects:

allow Event Streaming Users

At this point Gerrit is ready to emit events to Jenkins.

Jenkins configuration – Install the “Gerrit Trigger” plugin, which adds a Gerrit icon in the system management UI. In a pipeline job, add the Gerrit Trigger and configure it to listen for changeMerged() events on the desired project.

Creating a code review – From the project directory, push a change to Gerrit using the special ref:

[root@zeyang-nuc-service devops]# git add .
[root@zeyang-nuc-service devops]# git commit -m "init"
[root@zeyang-nuc-service devops]# git push origin HEAD:refs/for/master

The push triggers the Gerrit UI, where the review can be approved and merged. Once merged, Gerrit sends the event to Jenkins, which starts the pipeline.

Pipeline as code – A sample Jenkinsfile that uses the Gerrit parameters is provided:

//Pipeline params
String BRANCH_NAME = "${env.GERRIT_BRANCH}"
String PROJECT_NAME = "devops"
String PROJECT_URL = "http://192.168.1.200:8088/devops"
currentBuild.description = "Trigger By ${BRANCH_NAME}"

pipeline{
    agent{ node{ label "build" } }
    options{ skipDefaultCheckout() }
    triggers{
        gerrit customUrl: '',
            gerritProjects: [[branches: [[compareType: 'ANT', pattern: '**']],
                compareType: 'PLAIN',
                disableStrictForbiddenFileVerification: false,
                pattern: "${PROJECT_NAME}"]],
            serverName: 'devops',
            triggerOnEvents: [changeMerged()]
    }
    stages{
        stage("GetCode"){
            steps{
                echo "========executing GetCode========"
                checkout([$class: 'GitSCM', branches: [[name: "${BRANCH_NAME}"]],
                    doGenerateSubmoduleConfigurations: false,
                    extensions: [],
                    submoduleCfg: [],
                    userRemoteConfigs: [[url: "${PROJECT_URL}"]]])
            }
        }
    }
    post{
        always{ echo "========always========"; cleanWs() }
        success{ echo "========pipeline executed successfully ========" }
        failure{ echo "========pipeline execution failed========" }
    }
}

With this configuration, every merged Gerrit change automatically triggers the Jenkins pipeline, enabling a smooth CI/CD flow for the team.

ci/cdDevOpscode-reviewPipelineJenkinsGerrit
DevOps Cloud Academy
Written by

DevOps Cloud Academy

Exploring industry DevOps practices and technical expertise.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment