Jenkins Best Practices

Skip to end of metadata
Go to start of metadata


Continuous Integration (CI) with automated test execution and trends has changed the way companies look at Build Management, Release Management, Deployment Automation, and Test Orchestration. This section describes Jenkins best practices in order to provide executives, business managers, software developers and architects a better sense of what Jenkins can contribute throughout the project lifecycle.

Jenkins Best Practices

Always secure Jenkins.

This best practice is around authenticating users and enforcing access control on a Jenkins instance
In the default configuration, Jenkins does not perform any security checks. This means any person accessing the website can configure Jenkins and jobs, and perform builds. While this configuration is normally acceptable for intranet use and quick setup, it introduces high security risks, like someone accidentally deleting your build jobs, reconfiguring your job to run every minute, kicking off too many builds at the same time, reconfiguring your build instance, etc.

Backup Jenkins Home regularly.

'Nuff said. 

Use "file fingerprinting" to manage dependencies.

When you have interdependent projects on Jenkins, it often becomes hard to keep track of which version of this is used by which version of that. Jenkins supports "file fingerprinting" to simplify this, so make best use of it.

The most reliable builds will be clean builds, which are built fully from Source Code Control.

To ensure a build can be reproducible, the build must be a clean build, which is built fully from Source Code Control. This practice also implies that all code including third-party jars, build scripts, release notes, etc. must be checked into Source Code Control.

Integrate tightly with your issue tracking system, like JIRA or bugzilla, to reduce the need for maintaining a Change Log

The integration helps to track changes as they are made, including build status, what build has been performed for this requirement or defects, and the link to the actual build results and artifacts.

Integrate tightly with a repository browsing tool like FishEye if you are using Subversion as source code management tool

Repository browsing provides a quick update on what happens on a Subversion repository. It also provides a graphical diff on what changes have been made from the previous build.

Always configure your job to generate trend reports and automated testing when running a Java build

Trends helps project managers and developers quickly visualize current project progress status. Moreover, unit testing is often not enough to provide confidence that the delivered software complies to the desired quality. The more you test the software, the better the delivered software complies to the desired quality.

Set up Jenkins on the partition that has the most free disk-space

Jenkins needs some disk space to perform builds and keep archives. All the settings, build logs, artifact archives are stored under the JENKINS_HOME directory. Simply archive this directory to make a back up. Similarly, restoring the data is just replacing the contents of the JENKINS_HOME directory from a back up.

Archive unused jobs before removing them.

All unused jobs should be archived so they can be resurrected if the need arises. See Administering Jenkins for ways to do this.

Setup a different job/project for each maintenance or development branch you create

One of advantages of using CI tools is to detect problems early in the development lifecycle. Setting up a different job/project for each branch you create will help to maximize the benefit of detecting problems early as part of supporting parallel development efforts and reducing risk.

Allocate a different port for parallel project builds and avoid scheduling all jobs to start at the same time

Multiple jobs running at the same time often cause collisions. Try to avoid scheduling all jobs to start at the same time. Allocate a different port for parallel project builds to avoid build collisions.

Set up email notifications mapping to ALL developers in the project, so that everyone on the team has his pulse on the project's current status.

Configure each person on the people list with his or her correct email address and what role he or she is currently playing.

Take steps to ensure failures are reported as soon as possible.

For example, it may be appropriate to run a limited set of "sniff tests" before the full suite.

Write jobs for your maintenance tasks, such as cleanup operations to avoid full disk problems.
Tag, label, or baseline the codebase after the successful build.
Configure Jenkins bootstrapper to update your working copy prior to running the build goal/target
In larger systems, don't build on the master.

You can do this by setting the executor count to zero. Instead, make sure all jobs run on slaves. This ensures that the jenkins master can scale to support many more jobs, and it also protects builds from modifying potentially sensitive data on $JENKINS_HOME accidentally/maliciously.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment