翻译自:https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Best+Practices
建议所有刚接触 Jenkins 的初学者先通读一下这篇文章,能够帮助养成好的习惯和尽量避免不必要的麻烦。
当然,这里的规则在实际使用过程中并不都是必须的,但却都是十分有用的。如果你正在使用其他的CI工具,我相信此文所提到的大部分规则也都是同样适用的。
Introduction
Continuous Integration (CI) with automated test execution and trends has changed the way companies look at Build Management, Release Management, Deployment Automation, and Test Orchestration. This section describes Jenkins best practices in order to provide executives, business managers, software developers and architects a better sense of what Jenkins can contribute throughout the project lifecycle.
包括自动测试执行的持续集成(以及朝着这个方向发展的趋势)改变了很多公司的在构建管理,发布管理,部署自动化,以及测试编排上的方式。此文讲述的Jenkins最佳实践是为了给那些企业高管,经理,软件开发人员以及架构师提供这样一种思路:Jenkins能够为一个完整的项目周期贡献什么!
Jenkins Best Practices
Always secure Jenkins. |
使Jenkins一直处于安全状态
This best practice is around authenticating users and enforcing access control on a Jenkins instance. In the default configuration, Jenkins does not perform any security checks. This means any person accessing the website can configure Jenkins and jobs, and perform builds. While this configuration is normally acceptable for intranet use and quick setup, it introduces high security risks, like someone accidentally deleting your build jobs, reconfiguring your job to run every minute, kicking off too many builds at the same time, reconfiguring your build instance, etc.
最好的做法是在每个Jenkins服务中启用用户权限控制和控制访问权限。在默认配置中,Jenkins不进行任何安全检查,这就意味着任何人都可以进入你的Jenkins页面对其进行配置,触发构建行为。尽管这种配置在内部使用和快速安装时通常是可以接受的,但这样存在很高的风险,比如某些人会错误的删除了你的构建项目,重新配置你的任务每分钟都会运行,高并发执行,重新配置你的构建实例等等。
Backup Jenkins Home regularly. |
定期备份你的Jenkins主目录(反映到$JENKINS_HOME)。
'Nuff said.
这个的重要性我想不用多说了。
Use "file fingerprinting" to manage dependencies. |
尽量使用“file fingerprinting”来管理依赖项目。
When you have interdependent projects on Jenkins, it often becomes hard to keep track of which version of this is used by which version of that. Jenkins supports "file fingerprinting" to simplify this, so make best use of it.
当你的Jenkins存在依赖项目时,追踪两个项目之间的依赖版本关系时就会变得困难起来,通过“file fingerprinting”可以很好的梳理好这种关系,请尽量使用它。
The most reliable builds will be clean builds, which are built fully from Source Code Control. |
最可靠的构建是完全从源代码取出的干净的构建。
To ensure a build can be reproducible, the build must be a clean build, which is built fully from Source Code Control. This practice also implies that all code including third-party jars, build scripts, release notes, etc. must be checked into Source Code Control.
为了确保一个构建是可重用的,这个构建必须是完全从源码控制系统取出的干净的build。这种做法也意味着与build相关的所有的第三方库,build脚本,发布说明等都需要在Source code control中。
Integrate tightly with your issue tracking system, like JIRA or bugzilla, to reduce the need for maintaining a Change Log |
与问题跟踪系统紧密集成在一起,如JIRA,bugzilla等,以便减少对ChangeLog的维护。
The integration helps to track changes as they are made, including build status, what build has been performed for this requirement or , and the link to the actual build results and artifacts.
这项集成能够帮助你对已建变化的跟踪,包括构建状态,构建是否按需进行,或者有缺陷,以及链接到实际的构建结果和产品中。
Integrate tightly with a repository browsing tool like FishEye if you are using Subversion as source code management tool |
与版本库浏览工具紧密集成,比如FishEye(如果你使用Subversion作为版本管理工具的话,当然还有其他的比如ViewVC等可视化浏览工具)。
Repository browsing provides a quick update on what happens on a Subversion repository. It also provides a graphical diff on what changes have been made from the previous build.
存储库浏览器可以很直观的反应出你的svn库的最新变化,同事它也能针对前一次的修改提供很直观的差异视图。
Always configure your job to generate trend reports and automated testing when running a Java build |
在Java构建中,要时刻配置你的Job生成可用趋势报告,以及执行自动化测试。
Trends helps project managers and developers quickly visualize current project progress status. Moreover, unit testing is often not enough to provide confidence that the delivered software complies to the desired quality. The more you test the software, the better the delivered software complies to the desired quality.
变化趋势能够帮助项目经理和开发人员快速了解当前项目的进度状态,而且,很多时候单元测试往往不能完全保证所需的软件交付质量。测试涵盖面越广,产品交付质量就越高。
Set up Jenkins on the partition that has the most free disk-space |
在拥有充足空间的分区里设置Jenkins主目录。
Jenkins needs some disk space to perform builds and keep archives. All the settings, build logs, artifact archives are stored under the JENKINS_HOME directory. Simply archive this directory to make a back up. Similarly, restoring the data is just replacing the contents of the JENKINS_HOME directory from a back up.
Jenkins需要一些磁盘空间用来执行builds和存放归档文件。所有的配置文件,构建日志,归档文件都存在Jenkins主目录。因此请尽量存档此目录来做一个备份。同样,如果想恢复Jenkins主目录的内容也只需要从这个备份中拉取即可。
Archive unused jobs before removing them. |
在删除不使用的Jobs之前请先备份存档。
All unused jobs should be archived so they can be resurrected if the need arises. See Administering Jenkins for ways to do this.
所有不再使用的Jobs都需要存档,以便在需要的时候重新投入使用。参考 Administering Jenkins 。
Setup a different job/project for each maintenance or development branch you create |
为你创建的每个维护或开发分支建立不同的项目,以便及时发现问题。
One of advantages of using CI tools is to detect problems early in the development lifecycle. Setting up a different job/project for each branch you create will help to maximize the benefit of detecting problems early as part of supporting parallel development efforts and reducing risk.
使用CI工具的其中一个优势就在于能够在软件开发生命周期的早期就能够发现问题。为不同的分支建立不同的项目能够最大限度的帮助你尽早发现问题,支撑并行开发成果,降低风险。
Allocate a different port for parallel project builds and avoid scheduling all jobs to start at the same time |
为并行构建项目分配不同的端口,且避免在同一时间触发所有任务。(其实这种情况还可以使用Jenkins的Locks插件解决)
Multiple jobs running at the same time often cause collisions. Try to avoid scheduling all jobs to start at the same time. Allocate a different port for parallel project builds to avoid build collisions.
多个项目并发执行往往会引发冲突。尽量避免在同一时间触发所有Jobs。并且为并发项目分配不同端口以避免冲突。
Set up email notifications mapping to ALL developers in the project, so that everyone on the team has his pulse on the project's current status. |
为项目相关的开发人员建立邮件通知机制,使得团队的每个人都能够实时掌握项目的当前进展和脉络。
Configure each person on the people list with his or her correct email address and what role he or she is currently playing.
为开发人员配置正确的邮箱地址,以及当前角色。
Take steps to ensure failures are reported as soon as possible. |
采取有效方式,确保所有的失败状态能在第一时间获悉。
For example, it may be appropriate to run a limited set of "sniff tests" before the full suite.
比如在全量测试开始之前进行一些试探性的取样测试。
Write jobs for your maintenance tasks, such as cleanup operations to avoid full disk problems. |
针对于一些维护性的工作可以编写一些自动化Jobs来完成,比如定期清理磁盘空间等操作。
Tag, label, or baseline the codebase after the successful build. |
为每次成功的build建立Tag,Label,代码基线。(并且这些基线是只读的)。
Configure Jenkins bootstrapper to update your working copy prior to running the build goal/target |
在每次目标构建之前请先配置Jenkins的启动程序以便更新你的本地工作副本。
In larger systems, make sure all jobs run on slaves. This ensures that the jenkins master can scale to support many more jobs than if it had to process build jobs directly as well. |
在较大型系统中,确保所有的项目都运行在Slave上。这样当Jenkins需要直接在master上运行一些重要构建任务的时候,能够更多的提供这类支持。