Group projects with Jenkins automated testing

I’d like students to work in teams on private repos and turn the assignments in using some mechanism that involves running automated tests with Jenkins (without making a Jenkins job per repo).

I had hoped to have a master repo that students could make private PRs against, but (a) GitHub apparently doesn’t support private PRs (which seems like a huge problem for security-focused PRs for normal projects, so I really don’t understand how that functionality could possibly be missing); and (b) students’ repos are not forks of the starter code repo so GitHub’s PR mechanism doesn’t appear to work.

Is there any way to accomplish this?

1 Like

The crux of the issue here is that when you fork a repository on GitHub, the newly created repository becomes part of the repository network. Since many teachers don’t want the students to see the work of others we don’t use forks in GitHub Classroom.

If you’re happy to have students see the work of others, you can use forks of a private repository to accomplish what you’re trying to do. If you need to keep all student work separate, there’s no automated way to set up the Jenkins integration right now.

You can manually add the Jenkins integration to each repository created by GitHub Classroom for the time being. We are planning to automate this in GitHub Classroom in the future, for details see the relevant GitHub issue:

The only approach I’ve found to work so far is with using Jenkins pipeline as code system, where I can have a Jenkins file in the base repos that gets picked up by Jenkins (as it scans the entire organisation) and generates a job for the repos.

Is there any particular reason you don’t want a job per repos?

I’d be happy with a job per repo as long as I get to define the job. Once students can write or modify a Jenkinsfile, they have shell access on the Jenkins machine. Worse than that, they can use the Jenkinsfile to learn the GitHub Personal Access Token which gives them access to the whole GitHub organization (with whatever privileges I’ve assigned to the PAC).

Pipeline as code is clearly not designed for adversarial input.

I’m beginning to think I should write a simple web app that listens for the GitHub webhooks’ POST, parses the JSON, and runs a specified script per push matching some criteria. But I’d prefer not to have to resort to that.

That seems like the correct approach. It’s on our list to add something like this to Classroom directly so that we can kick off the build process automatically for you, but it’s not likely to be built in the immediate future.

1 Like

I have mostly written it, but it needs some testing and I want to integrate docker, but I haven’t had a change to finish it. I’ll post a link here once it’s done in case others are interested.

1 Like

I believe this is what freecodecamp does, the webhook triggered validation. That’s the system I’m looking to add as well. Although I plan on adding a check command to every assignment to help students validate their work as they do it from the command line as well.

I realise that you specifically say Jenkins, but hopefully the following, which I’ve used with my students, which uses an alternative CI will be useful for some people, or possible this may be a better solution for you.

Travis CI integrates very nicely with github and with the free private repos that github provides for education you get free use of travis CI on these repositories.

Because all of my students’ repositories are part of my department’s github organisation (either created by Classroom or by me) I can automatically make the repository build in on Travis’ own servers using the command line tool.

travis enable -r  MY_ORG/student_1_repo
travis enable -r  MY_ORG/student_2_repo
# etc etc ...

To make travis do something specific to each of the repos I ensure that students have specific contents in their .travis.yml file and any other scripts they need in their repo. See this example.


Hi Richard,
Do you have code that ensures the specific contents of the travis file/other scripts? I’m investigating Travis for grading and want to make sure that students do not edit .travis.yml.


Dear all,

With Azure Pipeline, is the situation better now?

Could we implement a webhook to activate automatic testing?

Is there an academic pricing option available?

I would welcome your opinion.


I asked around Microsoft and completely failed to get somebody who could do academic discounts on Azure Pipeline DevOps. There’s a comparable service called Google Cloud Build, where you can pretty easily request that Google give you credits for free Google Cloud cycles, and the same is probably true for Amazon.

Of course, there’s a world of difference between “here are some free credits, but if you go over we charge your credit card” and “it’s free, we love academics!”. So far as I can tell, Travis-CI is offering a free license to Travis-CI Enterprise, which you run on your own computers, but I haven’t seen any announcement from them about offering more than 1x concurrency on their servers.

Meanwhile, GitHub is working on their own product in this space, GitHub Actions, which is currently in an invitation-only beta phase. Maybe they’ll have something for us when the product hits final release?

Thanks for the updates, @danwallach. I guess all businesses have respective situations.

BTW, would I need to think about student privacy information? Encryption would be sufficient?


“Privacy” means very different things to different people. If you’re primarily concerned that one student doesn’t see another student’s work, then GitHub private repositories, which you can set as a default with GitHub Classroom, are all you need. If you want to ensure that GitHub learns nothing whatsoever about your students, then you should be running your own Git server (perhaps with GitHub Enterprise, or perhaps with something else like GitLab) on your own hardware.