Jenkins Pocket Book — Uplatz
50 in-depth cards • Wide layout • Readable examples • 20-question interview Q&A included
1) What is Jenkins?
Open-source automation server for CI/CD: build, test, and deploy across languages and platforms using pipelines and plugins.
Category: CI/CD • License: MIT • Core: Java • Model: Controller + Agents2) Architecture
Controller (web UI, queue, scheduling) + Agents (executors). Agents connect via SSH/JNLP/WebSocket; labels route jobs.
Controller → Queue → Agent(executor) → Workspace → Artifacts3) Install & Run
Install via WAR, packages, Docker, or Helm on Kubernetes. Persist JENKINS_HOME.
docker run -p 8080:8080 -p 50000:50000 -v jhome:/var/jenkins_home jenkins/jenkins:lts4) Jobs & Pipelines
Job types: Freestyle, Pipeline, Multibranch, Organization. Prefer Jenkinsfile in repo for versioned pipelines.
Multibranch scans branches/PRs and creates pipelines per branch automatically.5) Jenkinsfile Basics
Pipeline-as-code in Declarative or Scripted syntax; includes agents, stages, steps, post actions, environment, and options.
pipeline { agent any; stages { stage('Build'){ steps{ sh 'mvn -q -DskipTests package' } } } }6) Triggers
SCM webhooks, pollSCM, cron (triggers), upstream jobs, PR events.
pipeline { triggers { cron('H/15 * * * *') } }7) Workspaces & Artifacts
Each build uses a workspace on an agent. Archive artifacts and stash/unstash between stages or nodes.
archiveArtifacts 'build/*.jar'; stash name:'jar', includes:'build/*.jar'8) Credentials
Store secrets (user/pass, tokens, SSH keys, files) and bind safely in pipelines.
withCredentials([string(credentialsId:'npm_token', variable:'NPM')]){ sh 'npm publish' }9) Plugins
Extend with Git, Pipeline, Blue Ocean, Docker/Kubernetes, Slack, JUnit, SonarQube, Artifactory, GitHub Branch Source, etc.
Manage Jenkins → Plugins → Available → Install w/ restart10) Q&A — “Freestyle vs Pipeline?”
Answer: Freestyle is UI-configured and limited; Pipelines are code, versioned, reviewable, and support stages, agents, and parallelism.
11) Declarative Anatomy
Top-level blocks: agent, environment, options, tools, stages, post.
pipeline {
agent { label 'linux' }
options { timestamps(); skipDefaultCheckout() }
environment { NODE_ENV='test' }
tools { jdk 'temurin-17' }
stages { stage('Build'){ steps{ sh 'mvn -B package' } } }
post { always{ junit '**/target/surefire-reports/*.xml' } }
}12) Scripted Pipeline
Groovy DSL with full control; use for dynamic logic not expressible declaratively.
node('docker'){ checkout scm; stage('Build'){ sh 'make' } }13) Shared Libraries
Extract common steps into global libraries: vars/ and src/ with @Library imports.
@Library('org-lib@main') _
ci.buildAndTest(javaVersion:17)14) Matrix Builds
Test across multiple axes (OS, JDK, DB).
matrix {
axes { axis { name 'JDK'; values '17','21' }; axis { name 'OS'; values 'linux','windows' } }
stages { stage('Test'){ steps{ sh 'mvn -q test' } } }
}15) Parallel Stages
Speed up by running independent work simultaneously.
stage('Parallel'){ parallel linux:{ sh './test.sh' }, windows:{ bat 'test.bat' } }16) Post Conditions
always, success, failure, unstable, changed to notify and clean up.
post { failure { slackSend color:'#ff0000', message:"Build ${env.BUILD_URL} failed" } }17) Caching & Reuse
Use tools like stash/unstash, language caches (npm/maven), and Docker layer caching.
withEnv(["MAVEN_OPTS=-Dmaven.repo.local=.m2"]){ sh 'mvn -B package' }18) Input & Approvals
Manual gates for prod deploys or risky steps.
stage('Approve'){ input message:'Deploy to prod?', ok:'Ship it' }19) Retry & Timeouts
Make flaky steps resilient.
timeout(time:10, unit:'MINUTES'){ retry(2){ sh './flaky.sh' } }20) Q&A — “Declarative or Scripted?”
Answer: Prefer Declarative for readability & guardrails; fall back to Scripted for complex, dynamic orchestration or legacy Groovy code.
21) Git & Multibranch
Use GitHub/Bitbucket “Branch Source” to auto-discover repo branches/PRs and build PRs with checks.
Manage Jenkins → Configure System → GitHub App; create Multibranch Pipeline job.22) Java: Maven/Gradle
Use tool installers; capture JUnit reports; archive JARs.
tools { maven 'mvn-3.9' } steps { sh 'mvn -B verify'; junit '**/surefire-reports/*.xml' }23) Node & Frontend
nvm or NodeJS plugin; cache ~/.npm; run tests and build.
withEnv(["npm_config_cache=.npm"]){ sh 'npm ci && npm test && npm run build' }24) Python
Use venv, pip cache, pytest with JUnit XML.
sh 'python -m venv .venv && . .venv/bin/activate && pip install -r req.txt && pytest -q --junitxml=report.xml'25) Docker
Build, tag, and push images; run with Docker-in-Docker or Docker (host) agents; use docker global tool.
sh 'docker build -t repo/app:${GIT_COMMIT::7} . && docker push repo/app:${GIT_COMMIT::7}'26) Kubernetes
Run ephemeral build agents on k8s via Kubernetes plugin; deploy to clusters using kubectl or Helm.
agent { kubernetes { yaml """...pod template...""" } }27) Helm & Kustomize
Package and deploy manifests with parameterized values per environment.
sh 'helm upgrade --install web charts/web -f values/prod.yaml'28) Cloud (AWS/Azure/GCP)
Use cloud CLIs with credentials from Jenkins Credentials; least privilege roles; assume roles via STS.
withCredentials([usernamePassword(credentialsId:'aws', usernameVariable:'AWS_ACCESS_KEY_ID', passwordVariable:'AWS_SECRET_ACCESS_KEY')]){ sh 'aws s3 ls' }29) Quality Gates
Integrate SonarQube, Snyk/Trivy, Checkov. Fail builds on gate failures.
withSonarQubeEnv('sonar'){ sh 'mvn sonar:sonar' } waitForQualityGate abortPipeline: true30) Q&A — “Docker agent or k8s agents?”
Answer: Docker agents are simple for single hosts; Kubernetes agents scale dynamically and isolate builds better for larger teams.
31) Scaling Executors
Right-size executors per agent; avoid contention; use labels to route specialized builds (Windows/Mac/Linux, GPU).
Node label: linux-large • Executors: 2–4 (CPU-bound adjust lower)32) Ephemeral Agents
Use cloud/k8s autoscaling to spin up agents on demand; containers include toolchains to reduce bootstrap time.
33) Secrets Hygiene
Use Credentials store and bindings; mask logs; prefer short-lived cloud tokens; never echo secrets.
withCredentials([sshUserPrivateKey(credentialsId:'git-key', keyFileVariable:'KEY')]){ sh 'GIT_SSH_COMMAND="ssh -i $KEY" git clone ...' }34) RBAC & Folders
Use Folder-based auth and roles (view/build/admin); isolate teams via Folders/Organizations; audit permissions.
35) Backup & Disaster Recovery
Backup JENKINS_HOME (jobs, config, creds) and plugins list; test restore; pin plugin versions.
tar czf jenkins_home_$(date +%F).tgz /var/jenkins_home36) High Availability
Controller HA needs externalization (NFS/object storage) and backup/standby patterns; or run multiple controllers per domain.
37) Logging & Metrics
Ship logs to ELK/Splunk; expose metrics via Prometheus plugin; alert on queue length, executor usage, failures.
Metrics: jenkins_queue_size, jenkins_executor_busy, job_failure_rate38) Notifications
Slack/Teams/email for build status; include links and diffs; notify only owners to reduce noise.
slackSend channel:'#ci', message:"${env.JOB_NAME} #${env.BUILD_NUMBER} ${currentBuild.currentResult}"39) Performance Tips
Disable heavy plugin features you don’t use, prune workspaces, enable Git shallow clones, cache dependencies, and pin JVM/Garbage Collector appropriately.
git url: 'repo', shallow: true, depth: 1040) Q&A — “Why builds are stuck in queue?”
Answer: Not enough executors/agents, label mismatch, throttling plugin limits, or long checkout times. Fix by scaling agents, adjusting labels, and caching repos.
41) Declarative blocks & purpose?
Answer: agent (where to run), environment (vars), options (global behaviors), tools (auto-install), stages (work), post (cleanup/notify).
42) Jenkinsfile location—why in repo?
Answer: Versioning, code review, single source of truth, reproducibility across branches/PRs.
43) Credentials best practice?
Answer: Store in Credentials; inject via bindings; scope to folders; rotate; prefer federated cloud auth; never print.
44) Parallel vs Matrix?
Answer: Parallel = different tasks same stage; Matrix = same task across axes (OS/JDK/DB) auto-expanded.
45) How to cache dependencies?
Answer: Language-native caches (Maven local, npm cache), persistent workspace directories, Docker build cache, and artifact repositories.
46) Blue Ocean vs Classic UI?
Answer: Blue Ocean improves pipeline visualization and PR integration; Classic UI is feature-complete but less visual.
47) What causes flaky pipelines?
Answer: External service timeouts, shared state, network variance, non-deterministic tests. Add retries, timeouts, mocks, and environment isolation.
48) Artifact vs Stash?
Answer: Artifacts are archived for later/download; stash/unstash moves files between stages/nodes inside a single build.
49) Promote to environments safely?
Answer: Use input gates, immutable artifacts/images, environment-specific config, and deployment jobs triggered only from successful builds.
50) Troubleshoot slow checkouts?
Answer: Shallow clones, local mirrors, sparse checkout, and caching credentials. Verify network bandwidth and server-side hooks.
Bonus: Sample Full Pipeline (Java + Docker + Helm)
pipeline {
agent { label 'k8s' }
options { timestamps(); ansiColor('xterm') }
environment { REG='registry.example.com'; APP='shop'; TAG="${env.BRANCH_NAME}-${env.GIT_COMMIT.take(7)}" }
stages {
stage('Checkout'){ steps { checkout scm } }
stage('Build'){ steps { sh 'mvn -B -DskipTests package' } }
stage('Unit Test'){ steps { sh 'mvn -B test'; junit '**/surefire-reports/*.xml' } }
stage('Image'){ steps { sh 'docker build -t $REG/$APP:$TAG .' } }
stage('Scan'){ steps { sh 'trivy image --exit-code 1 $REG/$APP:$TAG || true' } }
stage('Push'){ steps { withCredentials([usernamePassword(credentialsId: "reg", usernameVariable: "U", passwordVariable: "P")]) {
sh 'echo $P | docker login $REG -u $U --password-stdin'
sh 'docker push $REG/$APP:$TAG'
} } }
stage('Deploy Staging'){ steps { sh 'helm upgrade --install $APP charts/$APP --set image.tag=$TAG -n staging' } }
stage('Approve Prod'){ when { branch 'main' } steps { input 'Deploy to Prod?' } }
stage('Deploy Prod'){ when { branch 'main' } steps { sh 'helm upgrade --install $APP charts/$APP --set image.tag=$TAG -n prod' } }
}
post { always { cleanWs() } }
}