CYPIRE

Integrating the CI Server: Enable Communication with Jenkins

Introduction to Continuous Integration (CI) Servers

Continuous Integration (CI) servers are pivotal components in modern software development, enabling teams to automate the integration and testing of code changes. These servers play a crucial role in ensuring that software projects are built, tested, and deployed efficiently and reliably.

CI servers act as the “man in the middle,” orchestrating communication between various systems and applications involved in the software development lifecycle. They ensure seamless interaction between version control systems, build tools, testing frameworks, and deployment platforms. This central role helps streamline the development process, enhance collaboration, and improve overall productivity.

We will delve into Jenkins, one of the most popular and widely-used CI servers. Jenkins offers a robust set of features and plugins that make it a versatile tool for continuous integration and continuous delivery (CI/CD).

What is Jenkins?

Jenkins is a self-contained, open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software.

Jenkins can be installed through native system packages, Docker, or even run standalone by any machine with a Java Runtime Environment (JRE) installed.

https://www.jenkins.io/doc


Communication Setup in Jenkins

Jenkins provides a robust credential management system that allows you to securely store and manage sensitive information such as usernames, passwords, and tokens. This system is essential for securely interacting with various services and systems.

Key Concepts

Domains

A domain in Jenkins is a logical grouping of credentials. Domains help organize credentials and can be used to restrict access to specific sets of credentials. For example, you might have different domains for development, testing, and production environments.

Stores

A store in Jenkins refers to the back-end system where the credentials are actually stored. Jenkins supports multiple credential stores, including:

  • Jenkins Credential Store: The default store where credentials are stored directly within Jenkins.
  • External Credential Stores: These include systems like HashiCorp Vault, where credentials can be stored and managed externally.

Establishing Communication to SAP System

To facilitate communication with the ABAP system, you need to provide the necessary credentials to the SICF service. The easiest method is to store the login data directly within Jenkins.

Steps to Store Credentials in Jenkins

  • Access your Jenkins instance with Administrator Rights.
  • Navigate to Credential Management.
  • Go to Manage Jenkins.
  • Select Credentials.
  • Under Stores scoped to Jenkins, click on System .
  • Under System , click the Global credentials (unrestricted) link to access this default domain.
  • Add New Credentials
    • Click on Add Credentials.
    • Enter Credential Details:
      • In the Username and Password fields, enter the credentials of the user you created for the Framework Access in Interacting with the ABAP Build Framework.
      • In the ID field, specify a meaningful credential ID value that clearly indicates the target system and the service user, especially if further SAP systems will be connected in the future (possibly with the same user ID).
        This ID will be used later in the Jenkins file.
  • Click Create to save the Credentials.

By following these steps, you ensure that the credentials are securely stored and ready for use in your Jenkins configuration.

Initiating Communication from SAP System

To initiate your pipeline from ABAP, you need to have a designated user in Jenkins.

Jenkins Internal user database

Jenkins supports external authentication systems like GitHub, GitLab, Google, and LDAP. If an external authentication method is configured, user management may be handled outside Jenkins. This guide applies only when using Jenkins’ internal user database.

Create a User Jenkins User

  1. Navigate to the Manage Jenkins page from the Jenkins dashboard.
  2. Select Users under the Security section.
  1. Select Create User.
  2. Fill in the required details
  1. Select Create User to save the new user.

Due to Jenkins’ CSRF protection, you cannot use the password of a Jenkins user directly. Instead, you will need a token. The user and token will be required later to configure pipeline trigger options in ABAP.

Steps to Obtain a Token

  • Log On with your newly created user.
  • Click on the user name / user icon top right.
  • Choose Security
  • In the `API Token` section, Add new Token
  • Use a different token for each application so that you can revoke its token individually.

Make sure to note down the token immediately, as you will not be able to view it again once you leave the screen.

Pipeline Security in Jenkins

When setting up or configuring your pipeline, it is essential to review the Enable project-based security section. This section allows you to specify who can view, execute, or modify your pipeline. If your Jenkins server is shared among different teams, it is advisable to configure these permissions on a per-pipeline basis.

For more general information about Jenkins authorization, refer to the Jenkins Security Documentation.

Setting Up Your Jenkins Pipeline

Now, let’s put the puzzle pieces together. Log in to your Jenkins instance with administrator rights and follow these steps:

  • In the right menu, click on New Item.
  • Give the pipeline a valid name and select Pipeline as the type.

Navigate to the Pipeline section by selecting the Pipeline tab located in the side panel of the page.

In the Pipeline section, make sure the Definition field is set to the Pipeline script option. To define your Jenkinsfile in source control, please refer to the instructions under “SCM”.

Enter your Pipeline code into the Script text area. For instance, you can copy this sample code:

pipeline {
  agent any
    
    stage('ABAP') {
      steps {
        script {
          // Define the host, port and credentials ID 
          def host = 'SAP-System-Host'
          def port = 'HTTP-Port'
          def credentialsId = 'SAP-Build'
          
          def path = 'sap/opu/odata/BUILD/CORE_SRV/builds'
          def url = "http://${host}:${port}/${path}"
             
          withCredentials([usernameColonPassword(
            credentialsId: credentialsId,
            variable: 'auth')]) {
              // Use curl to make the HTTP request
                sh(script: 'curl -I -H "X-CSRF-Token: Fetch" -u ${auth} -k ' + url)
            }
        }
      }
    }
  }
}

Please update and specify the host of your SAP System, the HTTP port and the credentials ID.

The ABAP stage uses a script to define variables for a host and port, then constructs a URL for a SAP OData service. It uses the withCredentials function to securely handle authentication credentials, and then uses the sh step to execute a curl command. This command makes a HTTP request to the ABAP Build Framework.

Click Save to access the Pipeline project or item view page.

Triggering the Pipeline

Once your pipeline is set up, the next steps involve triggering it and monitoring its output.

  • Navigate to your pipeline in the Jenkins dashboard.
  • Click on Build Now to manually trigger the pipeline. This is useful for testing and initial setups.
  • After triggering the pipeline, you can monitor its progress by clicking on the build number in the Jenkins dashboard. This will take you to the build details page where you can see the console output.
  • Console Output
    • The console output provides real-time logs of the pipeline execution. Here, you can see each stage of the pipeline, any errors encountered, and the overall status of the build.
    • Look for key indicators such as SUCCESS or FAILURE to determine the outcome of the build.
    • If the build is successful, the log will typically end with a SUCCESS message. You can review the log to ensure all stages completed as expected.
    • If the build fails, the log will indicate where the failure occurred. Common issues include syntax errors in the pipeline script, missing dependencies, or failed tests. Use the log to diagnose and fix these issues.

You should find an output as follows:

...
Masking supported pattern matches of $auth
+ curl -I -H X-CSRF-Token: Fetch -u **** -k http://host:port/sap/opu/odata/BUILD/CORE_SRV/builds
...
HTTP/1.1 200 OK
set-cookie: sap-usercontext=sap-client=001; path=/
set-cookie: SAP_SESSIONID... path=/
content-type: text/html
content-length: 0
x-csrf-token: abc1234556789
dataserviceversion: 2.0
pragma: no-cache
...
sap-server: true
...
Finished: SUCCESS

Naturally, this is merely an example dummy pipeline to verify that communication is functioning. Please get in touch with us for ready-made code libraries, best practices, and a specific pipeline design. We would be pleased to provide you with our knowledge.

You’ve done it!

Your Jenkins instance is now ready to work with the ABAP Build Framework.

What’s Next?

With your system set up, it’s time to explore ABAP deployment with the Build Framework. You’ve started on the path to a more efficient and collaborative ABAP development experience. Here are some next steps: