Validated Git Merges for DEV@cloud

Do you have a DEV@cloud Enterprise subscription? And do you have Jenkins jobs for continuous integration from a Git repository? Then you may be interested in the availability of Validated Merge for DEV@cloud users.

In a nutshell, after your team lead configures the Jenkins job to use this feature, you add a new “remote” (URL) to your local clone of the Git repository. When you make some changes to your project, rather than pushing upstream directly (git push or git push origin master), you send them to Jenkins (git push jenkins master). That will start a build with your changes merged against the current tip of the branch you are working on. If the build and any tests all pass, Jenkins will push the changes upstream on your behalf. No more scrambling to fix someone else’s regressions, and no more waiting to leave work while you run lengthy tests on your own machine.

This feature has been part of Jenkins Enterprise for a long time, but we recently made some changes that make it practical for DEV@cloud users. The main change was support for pushing to authenticated Jenkins without SSH (since DEV@cloud does not yet have an SSH server); instead each authorized user can push over HTTP to a secret access URL. (You can use role-based access control to permit only some users on your account to push to a given job.)

The second major change was integration with the Credentials plugin so that Jenkins can push to access-controlled upstream repositories (such as CloudBees Forge, GitHub, or even your internal Git server if you use VPN service) using credentials you specify for the job. An administrator can offer a single Jenkins push credential (HTTPS username/password, or SSH private key); or the job can select credentials from the user initiating the build.

Why is this feature unique? There are other ways of having Jenkins merge build-validated commits to the trunk, starting with a checkbox in the basic Git plugin. There are also plugins which integrate with GitHub pull requests, Gerrit reviews and so on. The key advantage of Validated Merge is that not only is no external tool like Gerrit needed, but you do not even need to create a new branch every time you want to push some changes: the Jenkins “gate” repository acts like an anonymous branch, leading to a very simple workflow. (git commit --amend is supported, too!) You can also configure how to handle the conflict arising when someone else pushes upstream during your build: try a second merge (quick but could lead to a broken build on very rare occasions), or restart the build (slower but safe).

If you have an Enterprise subscription, you can try this feature out today. Just check the Jenkins update center and make sure you are running at least version 3.11 of the CloudBees Git Validated Merge Plugin, then check the user guide.


Jesse Glick
Elite Architect

Before joining CloudBees in 2012, Jesse worked on the NetBeans Java IDE core module system and its plugin tooling. Along the way he became an Ant committer and contributed to other key projects including Maven, Mercurial and, of course…Jenkins, for which he was an early committer and developed the IDE integration. He co-authored an O’Reilly book on the NetBeans Platform and speaks on related topics.

Blog Categories: 


Official documentation page:

Add new comment