Jenkins Pipelines - Development

1-2 weeks waiting for the DevOps team to create custom Jenkins pipelines for your project

Multiple coordination meetings between development, platform, and security teams

Manual integration of security tools into Jenkins workflows that feels complex and error-prone

High risk of configuration inconsistencies across different Jenkins pipelines

Each custom Jenkins pipeline becomes a maintenance burden requiring ongoing platform team support

Platform team spends 40+ hours per new application on Jenkins pipeline setup

Security integration delays add another 1-2 weeks to project timelines

You spend more time coordinating Jenkins setup than writing code

Each Jenkins pipeline configuration feels like starting from scratch

Teams are hesitant to create new services due to Jenkins setup complexity

Zero Jenkins setup time: Instant production-ready Jenkins pipelines with security built-in

Zero platform coordination: Self-serve Jenkins capabilities without DevOps team involvement

Zero configuration drift: Standardized Jenkins templates ensure consistency

Zero security gaps: Enterprise security automatically integrated into Jenkins workflows

Jenkins pipeline creation time: 1-2 weeks → 5 minutes

Pipeline configuration: Manual coordination → Self-service automation with Jenkins expertise

Security compliance: 100% consistent without becoming a Jenkins security expert

Your productivity: Immediate access to enhanced Jenkins capabilities

Navigate to the Red Hat Developer Hub, which now provides self-service Jenkins capabilities:

You see the "Select a sign-in method" screen and click the OIDC option

You’re presented with the authentication form

Enter your lab credentials:

Username: user
Password: password

Click the Sign In button to proceed

Self-service Jenkins pipeline templates that eliminate waiting for platform teams

Integrated Jenkins resources that "just work" with security built-in

Automated Jenkins pipeline creation that handles the complex security integration for you

A streamlined onboarding experience that makes Jenkins expertise more valuable

Ready to leverage your Jenkins skills on a new project, you spot the + Self-service button in the top-right corner

You click + Self-service and discover a catalog of ready-to-use Jenkins templates

As you browse through the available templates, one immediately catches your attention:

"Perfect!" you think, "This leverages Jenkins - the tool I know and trust - but with modern security capabilities"

You click Choose to select this Jenkins template

Review all the settings in the summary page

Click Create to generate your Jenkins application

Create GitLab repositories for your source code and GitOps manifests

Set up Jenkins pipelines with automated security scanning and signing

Configure Kubernetes resources for your application

Set up container image signing and verification in Jenkins workflows

Deploy the Jenkins pipeline infrastructure and trigger the initial build

Once the template execution completes, click Open Component in Catalog

In Red Hat Developer Hub, go to the Catalog and locate your new component (qrks-jnk-{user})

Click the component name to open its Overview page

You’ll see your new Jenkins application component with links to:

Source code repository with Jenkins pipeline definitions

Jenkins CI/CD pipelines and build status

Application overview and health monitoring

OpenShift Dev Spaces development environment

Location: Contains the Jenkins template you just used

Purpose: Defines the self-service Jenkins template that generated your application

What it does: Provides the blueprint for Jenkins pipeline creation with security integration

Location: https://gitlab-gitlab.apps.cluster-pc8p5.pc8p5.sandbox275.opentlc.com/development/qrks-jnk-{user}

Purpose: Contains your application source code with Jenkins pipeline definitions

Jenkins Pipeline Files: Multiple Jenkins pipeline files configured for different Git events:

📄 Jenkinsfile.push - Triggered on Code Commits

Activates when you commit and push code changes to your repository

Runs development pipeline with build, test, and security scanning

Performs continuous integration validation for development workflow

🏷️ Jenkinsfile.tag - Triggered on Git Tags

Activates when you create a Git tag on a branch in your repository

Runs staging pipeline for release candidate validation

Prepares artifacts for staging environment deployment

🚀 Jenkinsfile.release - Triggered on GitLab Releases

Activates when you create a release from an existing tag

Runs production pipeline with enhanced security validation

Deploys verified artifacts to production environment

🏗️ buildah_rhtap() - Container image building with security integration

Creates OCI-compliant container images using Buildah

Automatically integrates with enterprise registries and signing

Handles multi-architecture builds and security scanning

🔐 cosign_sign_attest() - Cryptographic signing and attestation

Signs container images with enterprise PKI certificates

Creates SLSA (Supply Chain Levels for Software Artifacts) provenance

Generates cryptographic attestations for compliance

📋 update_deployment() - GitOps repository management

Updates deployment manifests in GitOps repositories

Handles environment-specific configurations automatically

Triggers ArgoCD synchronization for deployment

🛡️ acs_deploy_check() / acs_image_check() / acs_image_scan() - Security validation

Integrates with Red Hat Advanced Cluster Security (RHACS)

Performs policy enforcement and vulnerability scanning

Validates deployment manifests against security policies

📊 show_sbom_rhdh() - Software Bill of Materials integration

Displays SBOM information in Red Hat Developer Hub

Provides visibility into software components and dependencies

Supports compliance and security auditing

📈 summary() - Build reporting and status

Generates comprehensive build reports

Provides pipeline execution summaries

Integrates with Red Hat Developer Hub dashboards

Version Control: Jenkins pipeline changes are tracked with your code changes

Reproducibility: Anyone can see exactly how your application is built in Jenkins

Consistency: The same Jenkins pipeline runs regardless of environment

Developer Ownership: You control your Jenkins pipeline without platform team dependencies

Familiar Tools: You’re using Jenkins Blue Ocean and interfaces you already know

Enhanced Capabilities: Your Jenkins expertise gains modern security and GitOps features

Self-Service Power: Modify Jenkins pipelines via pull requests instead of platform tickets

Enterprise Security: All the security integration happens automatically in your Jenkins workflows

In your component overview, you notice a link for OpenShift Dev Spaces and click it

"A browser-based development environment integrated with Jenkins?" you wonder

If prompted for authentication, click Log in with OpenShift

On the Authorize Access screen, click Allow selected permissions

On the repository trust prompt, click the checkbox and then click Continue

When prompted to authenticate with GitLab, enter your credentials:

Username: {gitlab_user}
Password: {gitlab_user_password}

Click Authorize devspaces on the next window

Wait for the workspace to start and fully load VS Code

If prompted, trust all workspaces and authors

Pre-configured Quarkus project with Jenkins best practices

Jenkins pipeline definition (Jenkinsfile) showing your automated workflow

Kubernetes manifests optimized for Jenkins deployments

Security configuration that integrates with your Jenkins pipeline

You expand the docs folder in the file explorer

You open the index.md file to document your Jenkins-powered setup

You add this line at the end of the document:

This application uses Jenkins pipelines with enterprise security integration.

You save the file (Ctrl+S or Cmd+S)

You open a terminal in Dev Spaces (Terminal → New Terminal)

You stage your changes:

git add .

You commit your changes:

git commit -m "Add Jenkins pipeline documentation"

You’re prompted for signed commit authentication - this integrates with your Jenkins security workflow

The terminal displays a URL that you need to follow for authentication

You click the URL directly in the terminal, or copy and paste it into a new browser window

If prompted for credentials during the browser authentication, you use your RHDH credentials:

Username: user
Password: password

Once successfully authenticated in the browser, a verification code appears on the screen

You copy this verification code from the browser

You return to the terminal and paste the verification code when prompted

After entering the code, your commit is cryptographically signed for enterprise security

You push your changes:

git push

Navigate back to Developer Hub

Go to the CI tab of your qrks-jnk-{user} component

You should see your Jenkins pipeline runs:

Click on View build to open Jenkins

Click Open Blue Ocean to view the Jenkins pipeline visually

Verifies that your Git commit was cryptographically signed using gitsign

Downloads and uses the gitsign client to verify commit signatures

Integrates with Red Hat Trusted Application Signer (RHTAS) via Rekor and TUF

Ensures the commit came from a trusted developer identity

This enterprise security happens automatically in your Jenkins workflow

Runs mvn clean package in a dedicated Maven container

Compiles and packages your Quarkus application

Produces the runnable JAR for container image creation

Uses Maven 3.8.6 with OpenJDK 11 for consistent builds

Prepares the Jenkins build environment using the rhtap library

Sets IMAGE_URL with the Git commit as the tag

Generates ISO timestamp for effective time tracking

Initializes the RHTAP shared library functions

Standardizes behavior across all Jenkins pipelines

Uses buildah_rhtap() function to containerize your application

Automatically signs the image and creates attestations using cosign_sign_attest()

Generates provenance metadata and SLSA attestations for supply chain security

Captures the image digest for downstream pipeline stages

All security integration happens transparently in Jenkins

deploy: Uses update_deployment() to update GitOps repository with new image tag

upload_sbom_to_trustification: Processes and uploads SBOM files to Trustification

No manual coordination required between Jenkins and deployment teams

acs_deploy_check: Verifies Kubernetes manifests for security compliance

acs_image_check: Enforces policy on container image configuration

acs_image_scan: Performs vulnerability scanning using Red Hat Advanced Cluster Security

All security validation integrated into your Jenkins workflow

Executes show_sbom_rhdh() to display SBOM information for Developer Hub integration

Runs summary() function to provide comprehensive build status and artifacts

Shows build status and key artifacts (SBOM, scan summary, security results)

Provides comprehensive build information in familiar Jenkins interface

Uses reusable functions from the rhtap library

In your GitLab repository, open the Jenkinsfile in the root directory

Notice how this Pipelines as Code approach gives you:

Traditional Jenkins setup: 1-2 weeks of manual pipeline configuration

RHADS Jenkins approach: Less than 5 minutes of self-service with enhanced security

Familiar Jenkins Interface - Blue Ocean and tools you already know

Enhanced Pipeline Capabilities - Modern security without complexity

Self-Service Power - Create Jenkins pipelines without platform team dependency

Integrated Development - Cloud-based development environment with Jenkins integration

Jenkins Investment Protection - Leverage existing Jenkins infrastructure and expertise

Enhanced Security - Enterprise-grade security automatically integrated

Standardized Pipelines - Consistent Jenkins workflows across all applications

Reduced Maintenance - Shared Jenkins libraries eliminate custom pipeline overhead

Automated Security Scanning - Integrated into familiar Jenkins workflows

Cryptographic Signing - Container and commit signing through Jenkins

Policy Enforcement - Enterprise security policies enforced automatically

Complete Audit Trails - Full compliance evidence through Jenkins processes