Migrating from Jenkins with GitHub Actions Importer

Learn how to use GitHub Actions Importer to automate the migration of your Jenkins pipelines to GitHub Actions.

이 문서의 내용

Legal notice

About migrating from Jenkins with GitHub Actions Importer

The instructions below will guide you through configuring your environment to use GitHub Actions Importer to migrate Jenkins pipelines to GitHub Actions.

Prerequisites

  • A Jenkins account or organization with pipelines and jobs that you want to convert to GitHub Actions workflows.
  • Access to create a Jenkins personal API token for your account or organization.
  • Linux 기반 컨테이너를 실행하고 필요한 도구를 설치할 수 있는 환경입니다.

    참고 항목

    GitHub Actions Importer 컨테이너와 CLI는 CI 플랫폼과 동일한 서버에 설치할 필요가 없습니다.

Limitations

There are some limitations when migrating from Jenkins to GitHub Actions with GitHub Actions Importer. For example, you must migrate the following constructs manually:

  • Mandatory build tools
  • Scripted pipelines
  • Secrets
  • Self-hosted runners
  • Unknown plugins

For more information on manual migrations, see Migrating from Jenkins to GitHub Actions.

Installing the GitHub Actions Importer CLI extension

  1. GitHub Actions Importer CLI 확장을 설치합니다.

    Bash
    gh extension install github/gh-actions-importer

  2. 다음 확장이 설치되어 있는지 확인:

    $ gh actions-importer -h
Options:
  -?, -h, --help  Show help and usage information

Commands:
  update     Update to the latest version of GitHub Actions Importer.
  version    Display the version of GitHub Actions Importer.
  configure  Start an interactive prompt to configure credentials used to authenticate with your CI server(s).
  audit      Plan your CI/CD migration by analyzing your current CI/CD footprint.
  forecast   Forecast GitHub Actions usage from historical pipeline utilization.
  dry-run    Convert a pipeline to a GitHub Actions workflow and output its yaml file.
  migrate    Convert a pipeline to a GitHub Actions workflow and open a pull request with the changes.

Configuring credentials

The configure CLI command is used to set required credentials and options for GitHub Actions Importer when working with Jenkins and GitHub.

  1. Create a GitHub personal access token (classic). For more information, see 개인용 액세스 토큰 관리.

    Your token must have the workflow scope.

    After creating the token, copy it and save it in a safe location for later use.

  2. Create a Jenkins API token. For more information, see Authenticating scripted clients in the Jenkins documentation.

    After creating the token, copy it and save it in a safe location for later use.

  3. In your terminal, run the GitHub Actions Importer configure CLI command:

    gh actions-importer configure

    The configure command will prompt you for the following information:

    • For "Which CI providers are you configuring?", use the arrow keys to select Jenkins, press Space to select it, then press Enter.
    • For "Personal access token for GitHub", enter the value of the personal access token (classic) that you created earlier, and press Enter.
    • For "Base url of the GitHub instance", enter the URL for GitHub Enterprise Server 인스턴스, and press Enter.
    • For "Personal access token for Jenkins", enter the value for the Jenkins personal API token that you created earlier, and press Enter.
    • For "Username of Jenkins user", enter your Jenkins username and press Enter.
    • For "Base url of the Jenkins instance", enter the URL of your Jenkins instance, and press Enter.

    An example of the configure command is shown below:

    $ gh actions-importer configure
✔ Which CI providers are you configuring?: Jenkins
Enter the following values (leave empty to omit):
✔ Personal access token for GitHub: ***************
✔ Base url of the GitHub instance: http://github.com
✔ Personal access token for Jenkins: ***************
✔ Username of Jenkins user: admin
✔ Base url of the Jenkins instance: http://localhost
Environment variables successfully updated.

  4. In your terminal, run the GitHub Actions Importer update CLI command to connect to GitHub Packages Container registry and ensure that the container image is updated to the latest version:

    gh actions-importer update

    The output of the command should be similar to below:

    Updating ghcr.io/actions-importer/cli:latest...
ghcr.io/actions-importer/cli:latest up-to-date

Perform an audit of Jenkins

You can use the audit command to get a high-level view of all pipelines in a Jenkins server.

The audit command performs the following steps:

  1. Fetches all of the projects defined in a Jenkins server.
  2. Converts each pipeline to its equivalent GitHub Actions workflow.
  3. Generates a report that summarizes how complete and complex of a migration is possible with GitHub Actions Importer.

Running the audit command

To perform an audit of a Jenkins server, run the following command in your terminal:

gh actions-importer audit jenkins --output-dir tmp/audit

Inspecting the audit results

지정된 출력 디렉터리의 파일에는 감사의 결과가 포함됩니다. 감사 결과에 대한 요약은 audit_summary.md 파일을 참조하세요.

감사 요약에는 다음의 섹션이 있습니다.

Pipelines

"파이프라인" 섹션에는 GitHub Actions Importer이(가) 수행한 변환률에 대한 개략적인 통계가 포함되어 있습니다.

아래에 "파이프라인" 섹션에 나타날 수 있는 몇 가지 주요 용어가 나와 있습니다.

  • 성공한 파이프라인에는 파이프라인 구문의 100%가 있고 개별 항목은 해당 GitHub Actions(으)로 자동으로 변환됩니다.
  • 부분적으로 성공한 파이프라인에는 모든 파이프라인 구문이 변환되지만 해당 GitHub Actions으로 자동으로 변환되지 않은 일부 개별 항목이 있습니다.
  • 지원 되지 않는 파이프라인은 GitHub Actions Importer에서 지원되지 않는 정의 형식입니다.
  • 실패한 파이프라인을 변환할 때는 심각한 오류가 발생했다는 의미입니다. 이 현상은 다음의 3가지 이유로 발생할 수 있습니다.
    • 파이프라인이 원래 잘못 구성되어 유효하지 않습니다.
    • GitHub Actions Importer을(를) 변환할 때 내부 오류가 발생했습니다.
    • 파이프라인에 액세스할 수 없게 되는 실패한 네트워크 응답이 있으며, 이는 종종 잘못된 자격 증명 때문입니다.

빌드 단계

"빌드 단계" 섹션에는 모든 파이프라인에서 사용되는 개별 빌드 단계 및 GitHub Actions Importer에서 자동으로 변환된 개수에 대한 개요가 포함되어 있습니다.

아래 "파이프라인" 섹션에 나타날 수 있는 몇 가지 주요 용어가 나와 있습니다.

  • 알려진 빌드 단계는 해당 동작으로 자동으로 변환된 단계입니다.
  • 알려진 빌드 단계는 해당 동작으로 자동으로 변환되지 않은 단계입니다.
  • 지원되지 않는 빌드 단계는 다음과 같은 단계입니다.
    • GitHub Actions에서 기본적으로 지원되지 않습니다.
    • GitHub Actions과(와) 호환되지 않는 방식으로 구성됩니다.
  • 작업은 변환된 워크플로에서 사용된 작업의 목록입니다. 이 작업은 다음과 같은 경우에 중요할 수 있습니다.
    • GitHub Enterprise Server을(를) 사용하는 경우 인스턴스와 동기화할 작업 목록을 수집합니다.
    • 사용되는 작업의 조직 수준 허용 목록을 정의합니다. 이 작업 목록은 보안 또는 규정 준수 팀에서 검토해야 할 수도 있는 포괄적인 작업 목록입니다.

수동 작업

"수동 작업" 섹션에는 GitHub Actions Importer이(가) 자동으로 완료할 수 없으며 수동으로 완료해야 하는 작업에 대한 개요가 포함되어 있습니다.

아래 "파이프라인" 섹션에 나타날 수 있는 몇 가지 주요 용어가 나와 있습니다.

  • 비밀은 변환된 파이프라인에서 사용되는 리포지토리 또는 조직 수준의 비밀입니다. 이러한 파이프라인이 제대로 작동하려면 GitHub Actions에서 이러한 비밀을 수동으로 만들어야 합니다. 자세한 내용은 Using secrets in GitHub Actions을(를) 참조하세요.
  • 자체 호스팅 실행기는 GitHub호스티드 러너가 아닌 변환된 파이프라인에서 참조되는 실행기의 레이블을 나타냅니다. 이러한 파이프라인을 제대로 작동시키려면 이러한 실행기를 수동으로 정의해야 합니다.

Files

감사 보고서의 마지막 섹션에는 감사 중 디스크에 기록된 모든 파일의 매니페스트를 제공합니다.

각 파이프라인 파일에는 다음을 포함하며, 감사에 포함된 다양한 파일이 있습니다.

  • GitHub에 정의된 원래 파이프라인입니다.
  • 파이프라인을 변환하기 위해 사용되는 모든 네트워크 응답입니다.
  • 변환된 워크플로 파일입니다.
  • 실패한 파이프라인 변환 문제를 해결하기 위해 사용할 수 있는 스택 추적입니다.

또한 workflow_usage.csv 파일에는 성공적으로 변환된 각 파이프라인에서 사용되는 모든 작업, 비밀 및 실행기의 쉼표로 구분된 목록이 포함됩니다. 이는 작업, 비밀 또는 실행기를 사용하는 워크플로를 결정하는 데 유용할 수 있으며, 보안 검토를 수행하는 데 유용할 수 있습니다.

Forecast potential build runner usage

You can use the forecast command to forecast potential GitHub Actions usage by computing metrics from completed pipeline runs in your Jenkins server.

Prerequisites for running the forecast command

In order to run the forecast command against a Jenkins instance, you must install the paginated-builds plugin on your Jenkins server. This plugin allows GitHub Actions Importer to efficiently retrieve historical build data for jobs that have a large number of builds. Because Jenkins does not provide a method to retrieve paginated build data, using this plugin prevents timeouts from the Jenkins server that can occur when fetching a large amount of historical data. The paginated-builds plugin is open source, and exposes a REST API endpoint to fetch build data in pages, rather than all at once.

To install the paginated-builds plugin:

  1. On your Jenkins instance, navigate to http://<your-jenkins-instance>/pluginManager/available.
  2. Search for the paginated-builds plugin.
  3. Check the box on the left and select Install without restart.

Running the forecast command

To perform a forecast of potential GitHub Actions, run the following command in your terminal. By default, GitHub Actions Importer includes the previous seven days in the forecast report.

gh actions-importer forecast jenkins --output-dir tmp/forecast

Inspecting the forecast report

The forecast_report.md file in the specified output directory contains the results of the forecast.

Listed below are some key terms that can appear in the forecast report:

  • The job count is the total number of completed jobs.
  • The pipeline count is the number of unique pipelines used.
  • Execution time describes the amount of time a runner spent on a job. This metric can be used to help plan for the cost of GitHub-hosted runners.
    • This metric is correlated to how much you should expect to spend in GitHub Actions. This will vary depending on the hardware used for these minutes. You can use the GitHub Actions pricing calculator to estimate the costs.
  • Queue time metrics describe the amount of time a job spent waiting for a runner to be available to execute it.
  • Concurrent jobs metrics describe the amount of jobs running at any given time. This metric can be used to define the number of runners you should configure.

Additionally, these metrics are defined for each queue of runners in Jenkins. This is especially useful if there is a mix of hosted or self-hosted runners, or high or low spec machines, so you can see metrics specific to different types of runners.

Perform a dry-run migration of a Jenkins pipeline

You can use the dry-run command to convert a Jenkins pipeline to its equivalent GitHub Actions workflow.

Running the dry-run command

You can use the dry-run command to convert a Jenkins pipeline to an equivalent GitHub Actions workflow. A dry-run creates the output files in a specified directory, but does not open a pull request to migrate the pipeline.

To perform a dry run of migrating your Jenkins pipelines to GitHub Actions, run the following command in your terminal, replacing my-jenkins-project with the URL of your Jenkins job.

gh actions-importer dry-run jenkins --source-url my-jenkins-project --output-dir tmp/dry-run

Inspecting the converted workflows

You can view the logs of the dry run and the converted workflow files in the specified output directory.

GitHub Actions Importer이(가) 알 수 없는 빌드 단계 또는 부분적으로 성공한 파이프라인과 같이 자동으로 변환할 수 없는 항목이 있는 경우 변환 프로세스를 추가로 사용자 지정하는 사용자 지정 변환기를 만들 수 있습니다. 자세한 내용은 Extending GitHub Actions Importer with custom transformers을(를) 참조하세요.

Perform a production migration of a Jenkins pipeline

You can use the migrate command to convert a Jenkins pipeline and open a pull request with the equivalent GitHub Actions workflow.

Running the migrate command

To migrate a Jenkins pipeline to GitHub Actions, run the following command in your terminal, replacing the target-url value with the URL for your GitHub repository, and my-jenkins-project with the URL for your Jenkins job.

gh actions-importer migrate jenkins --target-url http://github.com/:owner/:repo --output-dir tmp/migrate --source-url my-jenkins-project

The command's output includes the URL to the pull request that adds the converted workflow to your repository. An example of a successful output is similar to the following:

$ gh actions-importer migrate jenkins --target-url http://github.com/octo-org/octo-repo --output-dir tmp/migrate --source-url http://localhost:8080/job/monas_dev_work/job/monas_freestyle
[2022-08-20 22:08:20] Logs: 'tmp/migrate/log/actions-importer-20220916-014033.log'
[2022-08-20 22:08:20] Pull request: 'http://github.com/octo-org/octo-repo/pull/1'

끌어오기 요청 검사하기

migrate 명령의 성공적인 실행의 출력에는 변환된 워크플로를 리포지토리에 추가하는 새 끌어오기 요청에 대한 링크가 포함되어 있습니다.

끌어오기 요청의 몇 가지 중요 요소는 다음과 같습니다.

  • 끌어오기 요청 설명에서 수동으로 완료해야 하는 단계를 나열하는 섹션은 파이프라인을 GitHub Actions로 마이그레이션을 완료할 수 있습니다. 예를 들어, 이 섹션에서는 워크플로에 사용되는 비밀을 만들도록 지시할 수 있습니다.
  • 변환된 워크플로 파일입니다. 끌어오기 요청에서 Files changed 탭을 선택하여 GitHub 리포지토리에 추가될 워크플로 파일을 봅니다.

끌어오기 요청 검사를 마치면 병합하여 워크플로를 GitHub 리포지토리에 추가할 수 있습니다.

Reference

This section contains reference information on environment variables, optional arguments, and supported syntax when using GitHub Actions Importer to migrate from Jenkins.

Using environment variables

GitHub Actions Importer은(는) 인증 구성에 환경 변수를 사용합니다. 이러한 변수는 configure 명령을 사용하여 구성 프로세스를 따르면 설정됩니다. 자세한 정보는 자격 증명 구성 섹션을 참조하세요.

GitHub Actions Importer uses the following environment variables to connect to your Jenkins instance:

  • GITHUB_ACCESS_TOKEN: The personal access token (classic) used to create pull requests with a converted workflow (requires repo and workflow scopes).

  • GITHUB_INSTANCE_URL: The URL to the target GitHub instance (for example, http://github.com).

  • JENKINS_ACCESS_TOKEN: The Jenkins API token used to view Jenkins resources.

    참고 항목

    This token requires access to all jobs that you want to migrate or audit. In cases where a folder or job does not inherit access control lists from their parent, you must grant explicit permissions or full admin privileges.

  • JENKINS_USERNAME: The username of the user account that created the Jenkins API token.

  • JENKINS_INSTANCE_URL: The URL of the Jenkins instance.

  • JENKINSFILE_ACCESS_TOKEN (Optional) The API token used to retrieve the contents of a Jenkinsfile stored in the build repository. This requires the repo scope. If this is not provided, the GITHUB_ACCESS_TOKEN will be used instead.

These environment variables can be specified in a .env.local file that is loaded by GitHub Actions Importer when it is run.

Using optional arguments

GitHub Actions Importer 하위 명령과 함께 사용하여 마이그레이션을 사용자 지정할 수 있는 선택적 인수가 있습니다.

--source-file-path

You can use the --source-file-path argument with the forecast, dry-run, or migration subcommands.

By default, GitHub Actions Importer fetches pipeline contents from source control. The --source-file-path argument tells GitHub Actions Importer to use the specified source file path instead. You can use this option for Jenkinsfile and multibranch pipelines.

If you would like to supply multiple source files when running the forecast subcommand, you can use pattern matching in the file path value. For example, gh forecast --source-file-path ./tmp/previous_forecast/jobs/*.json supplies GitHub Actions Importer with any source files that match the ./tmp/previous_forecast/jobs/*.json file path.

Jenkinsfile pipeline example

In this example, GitHub Actions Importer uses the specified Jenkinsfile as the source file to perform a dry run.

gh actions-importer dry-run jenkins --output-dir path/to/output/ --source-file-path path/to/Jenkinsfile --source-url :url_to_jenkins_job

--config-file-path

You can use the --config-file-path argument with the audit, dry-run, and migrate subcommands.

By default, GitHub Actions Importer fetches pipeline contents from source control. The --config-file-path argument tells GitHub Actions Importer to use the specified source files instead.

When you use the --config-file-path option with the dry-run or migrate subcommands, GitHub Actions Importer matches the repository slug to the job represented by the --source-url option to select the pipeline. It uses the config-file-path to pull the specified source file.

Audit example

In this example, GitHub Actions Importer uses the specified YAML configuration file to perform an audit.

gh actions-importer audit jenkins --output-dir path/to/output/ --config-file-path path/to/jenkins/config.yml

To audit a Jenkins instance using a config file, the config file must be in the following format, and each repository_slug value must be unique:

source_files:
  - repository_slug: pipeline-name
    path: path/to/Jenkinsfile
  - repository_slug: multi-branch-pipeline-name
    branches:
      - branch: main
        path: path/to/Jenkinsfile
      - branch: node
        path: path/to/Jenkinsfile

Supported syntax for Jenkins pipelines

The following tables show the type of properties GitHub Actions Importer is currently able to convert. For more details about how Jenkins pipeline syntax aligns with GitHub Actions, see Migrating from Jenkins to GitHub Actions.

For information about supported Jenkins plugins, see the github/gh-actions-importer repository.

Supported syntax for Freestyle pipelines

JenkinsGitHub ActionsStatus
docker templatejobs.<job_id>.containerSupported
buildjobsPartially supported
build environmentenvPartially supported
build triggersonPartially supported
generalrunnersPartially supported

Supported syntax for Jenkinsfile pipelines

JenkinsGitHub ActionsStatus
dockerjobs.<job_id>.containerSupported
stagejobs.<job_id>Supported
agentrunnersPartially supported
environmentenvPartially supported
stagesjobsPartially supported
stepsjobs.<job_id>.stepsPartially supported
triggersonPartially supported
whenjobs.<job_id>.ifPartially supported
inputsinputsUnsupported
matrixjobs.<job_id>.strategy.matrixUnsupported
optionsjobs.<job_id>.strategyUnsupported
parametersinputsUnsupported

Environment variables syntax

GitHub Actions Importer uses the mapping in the table below to convert default Jenkins environment variables to the closest equivalent in GitHub Actions.

JenkinsGitHub Actions
${BUILD_ID}${{ github.run_id }}
${BUILD_NUMBER}${{ github.run_id }}
${BUILD_TAG}${{ github.workflow }}-${{ github.run_id }}
${BUILD_URL}${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${JENKINS_URL}${{ github.server_url }}
${JOB_NAME}${{ github.workflow }}
${WORKSPACE}${{ github.workspace }}

부분은 MIT 라이선스에 따라 http://github.com/github/gh-actions-importer/에서 조정되었습니다.

MIT License

Copyright (c) 2022 GitHub

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.