Jenkins

Hero image for Jenkins

Jenkins Master

Password for administrator account must be changed right after initial setup. New password is saved in Vault with name jenkins-master under the appropriate scope.

Source Repository

Bitbucket

Bitbucket Account Credential ID Credential Type Scope Store
nimble-bot bitbucket-username-and-password Username and password Global Jenkins

Jenkins Agent

Jenkins agent is connected from master via SSH.

  1. Create new SSH key pair
ssh-keygen -t rsa -C "dev@nimblehq.co"
  1. Register public key to Jenkins agent
ssh-copy-id -i [PATH_TO_PUBLIC_KEY] [USERNAME]@[JENKINS_AGENT_HOST]
  1. Add a SSH private key credential to System scope on Jenkins master’s root domain

  2. Add agent named [SERVICE_PROVIDER_NAME]-[PLATFORM_NAME] all in lowercase

  3. Select Launch agent agents via SSH on Launch method option and provide SSH connection information

Pipeline

Credentials are retrieved on agent through credentials and sshagent methods only in stages they are used.

stage('Bootstrap') {
  environment {
    MATCH_PASSWORD = credentials('match-password')
    MATCH_KEYCHAIN_PASSWORD = credentials('match-keychain-password')
  }
  steps {
    sshagent(credentials: ['bitbucket-ssh']) {
      addToKnownHosts 'bitbucket.org'
      fastlane 'install_certificates'
    }
    podInstall()
    swiftgen()
    sourcery()
  }
}