Group projects with Jenkins automated testing


(Stephen Checkoway) #1

I’d like students to work in teams on private repos and turn the assignments in using some mechanism that involves running automated tests with Jenkins (without making a Jenkins job per repo).

I had hoped to have a master repo that students could make private PRs against, but (a) GitHub apparently doesn’t support private PRs (which seems like a huge problem for security-focused PRs for normal projects, so I really don’t understand how that functionality could possibly be missing); and (b) students’ repos are not forks of the starter code repo so GitHub’s PR mechanism doesn’t appear to work.

Is there any way to accomplish this?


(John Britton) #2

The crux of the issue here is that when you fork a repository on GitHub, the newly created repository becomes part of the repository network. Since many teachers don’t want the students to see the work of others we don’t use forks in GitHub Classroom.

If you’re happy to have students see the work of others, you can use forks of a private repository to accomplish what you’re trying to do. If you need to keep all student work separate, there’s no automated way to set up the Jenkins integration right now.

You can manually add the Jenkins integration to each repository created by GitHub Classroom for the time being. We are planning to automate this in GitHub Classroom in the future, for details see the relevant GitHub issue:


(Chris Janes) #3

The only approach I’ve found to work so far is with using Jenkins pipeline as code system, where I can have a Jenkins file in the base repos that gets picked up by Jenkins (as it scans the entire organisation) and generates a job for the repos.

Is there any particular reason you don’t want a job per repos?


(Stephen Checkoway) #4

I’d be happy with a job per repo as long as I get to define the job. Once students can write or modify a Jenkinsfile, they have shell access on the Jenkins machine. Worse than that, they can use the Jenkinsfile to learn the GitHub Personal Access Token which gives them access to the whole GitHub organization (with whatever privileges I’ve assigned to the PAC).

Pipeline as code is clearly not designed for adversarial input.

I’m beginning to think I should write a simple web app that listens for the GitHub webhooks’ POST, parses the JSON, and runs a specified script per push matching some criteria. But I’d prefer not to have to resort to that.


(John Britton) #5

That seems like the correct approach. It’s on our list to add something like this to Classroom directly so that we can kick off the build process automatically for you, but it’s not likely to be built in the immediate future.


(Stephen Checkoway) #6

I have mostly written it, but it needs some testing and I want to integrate docker, but I haven’t had a change to finish it. I’ll post a link here once it’s done in case others are interested.


(Rob Muhlestein) #7

I believe this is what freecodecamp does, the webhook triggered validation. That’s the system I’m looking to add as well. Although I plan on adding a check command to every assignment to help students validate their work as they do it from the command line as well.


(Richard) #8

I realise that you specifically say Jenkins, but hopefully the following, which I’ve used with my students, which uses an alternative CI will be useful for some people, or possible this may be a better solution for you.

Travis CI integrates very nicely with github and with the free private repos that github provides for education you get free use of travis CI on these repositories.

Because all of my students’ repositories are part of my department’s github organisation (either created by Classroom or by me) I can automatically make the repository build in on Travis’ own servers using the command line tool.

travis enable -r  MY_ORG/student_1_repo
travis enable -r  MY_ORG/student_2_repo
# etc etc ...

To make travis do something specific to each of the repos I ensure that students have specific contents in their .travis.yml file and any other scripts they need in their repo. See this example.


(Chris Kanich) #9

Hi Richard,
Do you have code that ensures the specific contents of the travis file/other scripts? I’m investigating Travis for grading and want to make sure that students do not edit .travis.yml.

Thanks,
Chris