In order to allow Jenkins to make changes to projects (eg. review a PatchSet based on whether it builds or not), it needs its own user account in Gerrit.
After the user is created, you have to add it to a special group, in our case called "Non-Interactive Users".
You can achieve this by selecting People > List Groups (in case the group already exists) or People > Create New Group (in case you dont't have a group for external tools).
You also have to change the project settings accordingly, so that the "Non-Interactive Users" are allowed to set the label (in our case "verified" +1 or -1 and "Code-Review" +1 or -1).
This can be achived by selecting the project (Projects > List > Project Name). This should redirect you to the access tab of the project. Then select "Edit" to edit the Access Settings.
In order to allow a secure communication the Jenkins user also requires a SSH key. Therefore you'll have to create a private and public key on the host machine that is running Jenkins and allow communication from the machine running Gerrit. If you're on a UNIX system, you should be able to run ssh-keygen in your terminal and follow the instructions until you have your pair of keys.
In Gerrit, you also have to add the public key to the Jenkins user.
To add the public key, hit the username in the top right corner (should be Jenkins) and click "Settings". In the settings menu choose "SSH Public Keys" and add the Public Key you created on the Jenkins machine.
You also have to set the username of the Jenkins user. You can do that in the user settings within "Settings". This is the username you have to enter for Gerrit Trigger in Jenkins.
The Jenkins Plugin "Gerrit Trigger" expects Gerrit to have the label "Verified" set, which isn't included in the Gerrit config by default.
The Gerrit label can be added in:
Projects > List > All Projects > General > Edit Config
by adding the following in the bottom of the document:
1 2 3 4 5 6 7 | [label "Verified"] function = MaxWithBlock value = -2 This shall not be merged value = -1 fail value = 0 No score value = +1 Verified defaultValue = 0 |
After saving, go to All > Open and you will see an open review "Change Config". Open it, hit "Publish" then "Code-Review +2" and then Submit.
Depending on your project settings, you might not want the verified label to have the -2 value.
In our case we wanted to be able to override the Jenkins opinion if necessary (partly because in the beginning, Jenkins was not 100% reliable). Merging a PatchSet in Gerrit is not possible, when the lowest value of a label is set (once a user reviews a PatchSet with the lowest value, the PatchSet is blocked).
After adding the verified label, it's also necessary to add the permissions for groups to change the verified status of a review.
Therefore, navigate to Projects > List > All Projects > Access > Edit
Just below "Reference: refs/heads/*" hit "Add Permission" and choose "Label Verified". Then add the groups that should be allowed to change the verified state, e.g. Admins and Non-Interactive Users (the group containing Jenkins).
Further info on Gerrit labels see:
https://gerrit-review.googlesource.com/Documentation/config-labels.html
Regarding the Gerrit Trigger "bug" see:
https://code.google.com/p/gerrit/issues/detail?id=1963