Skip to Content
Technical Articles
Author's profile photo ASUTOSH MAHARANA

Jenkins Pipeline setup for Backup, Version Compare and Validation (cpilint) of SAP Integration Suite Artifacts


This article will explain step by step procedure to create Jenkins’s pipeline to backup source code, compare Versions and perform basic validation/checks (Using cpilint tool) for Integration Flows created in SAP Integration Suite. I have mostly taken (almost all) reference from below two GitHub repo.

CICD-StoreIntegrationArtefactSunny kapoor and SAP team

cpilintMorten Wittrock



  1. Docker should be installed.(Docker Desktop as well for GUI)
  • Jenkins Installation (Using Docker)

Jenkins can be installed using simple command from any terminal or cmd.

docker run -p 8080:8080 -p 50000:50000 -v jenkins_home:/var/jenkins_home jenkins/jenkins:lts-jdk11


Jenkins Docker Image Run

After Installation, copy the temp password and go to localhost:8080 in the browser and provide the password and click next. Then create one admin user and press next. In the next page choose appropriate uri and then click save and finish. Do not install all the the plugins and only proceed with “Select Plugins to install“.

  • GitHub Repo Creation

  • Create a new private repository with appropriate name in GitHub.
  • Create a “Jenkinsfile” with below code.
pipeline {
	agent any
	parameters {
		string defaultValue: 'internalEventListener', description: 'Iflow Name', name: 'Name', trim: true

	//Configure the following environment variables before executing the Jenkins Job	
	environment {
		IntegrationFlowID = "${Name}"
		CPIHost = "${env.CPI_HOST}"
		CPIOAuthHost = "${env.CPI_OAUTH_HOST}"
		CPIOAuthCredentials = "${env.CPI_OAUTH_CRED}"	
		GITRepositoryURL  = "${env.GIT_REPOSITORY_URL}"
		GITCredentials = "${env.GIT_CRED}"
		GITBranch = "${env.GIT_BRANCH_NAME}"
		GITFolder = "IntegrationContent/IntegrationArtefacts"
		GITComment = "Integration Artefacts update from CICD pipeline"
	stages {
		stage('download integration artefact and store it in GitHub') {
			steps {
				script {
					//clone repo 
						$class: 'GitSCM',
						branches: [[name: env.GITBranch]],
						doGenerateSubmoduleConfigurations: false,
						extensions: [
							[$class: 'RelativeTargetDirectory',relativeTargetDir: "."],
							//[$class: 'SparseCheckoutPaths',  sparseCheckoutPaths:[[$class:'SparseCheckoutPath', path: env.GITFolder]]]
						submoduleCfg: [],
						userRemoteConfigs: [[
							credentialsId: env.GITCredentials,
							url: 'https://' + env.GITRepositoryURL
					//get token
					println("Request token");
					def token;
					def getTokenResp = httpRequest acceptType: 'APPLICATION_JSON', 
						authentication: env.CPIOAuthCredentials, 
						contentType: 'APPLICATION_JSON', 
						httpMode: 'POST', 
						responseHandle: 'LEAVE_OPEN', 
						timeout: 30, 
						url: 'https://' + env.CPIOAuthHost + '/oauth/token?grant_type=client_credentials';
					def jsonObjToken = readJSON text: getTokenResp.content
					token = "Bearer " + jsonObjToken.access_token
				   	} catch (Exception e) {
						error("Requesting the oauth token for Cloud Integration failed:\n${e}")
					//delete the old flow content so that only the latest content gets stored
					dir(env.GITFolder + '/' + env.IntegrationFlowID){
					//download and extract artefact from tenant
					println("Downloading artefact");
					def tempfile = UUID.randomUUID().toString() + ".zip";
					def cpiDownloadResponse = httpRequest acceptType: 'APPLICATION_ZIP', 
						customHeaders: [[maskValue: false, name: 'Authorization', value: token]], 
						ignoreSslErrors: false, 
						responseHandle: 'LEAVE_OPEN', 
						validResponseCodes: '100:399, 404',
						timeout: 30,  
						outputFile: tempfile,
						url: 'https://' + env.CPIHost + '/api/v1/IntegrationDesigntimeArtifacts(Id=\''+ env.IntegrationFlowID + '\',Version=\'active\')/$value';
					if (cpiDownloadResponse.status == 404){
						//invalid Flow ID
						error("Received http status code 404. Please check if the Artefact ID that you have provided exists on the tenant.");
					def disposition = cpiDownloadResponse.headers.toString();
					def index=disposition.indexOf('filename')+9;
					def lastindex=disposition.indexOf('.zip', index);
					def filename=disposition.substring(index + 1, lastindex + 4);
					def folder=env.GITFolder + '/' + filename.substring(0, filename.indexOf('.zip'));
					def zipfolder=env.GITFolder + '/ZipFiles';
					fileOperations([fileUnZipOperation(filePath: tempfile, targetLocation: folder)])
					fileOperations([fileRenameOperation(source: tempfile,  destination: filename)])
					fileOperations([fileCopyOperation(includes: filename,  targetLocation: zipfolder)])
					env.Filename = filename;

					//remove the zip
					fileOperations([fileDeleteOperation(excludes: '', includes: filename)])
						sh 'git add .'
					println("Store integration artefact in Git")
					withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: env.GITCredentials ,usernameVariable: 'GIT_AUTHOR_NAME', passwordVariable: 'GIT_PASSWORD']]) {  
						sh 'git diff-index --quiet HEAD || git commit -am ' + '\'' + env.GitComment + '\''
						sh('git push https://${GIT_PASSWORD}@' + env.GITRepositoryURL + ' HEAD:' + env.GITBranch)
		stage('Code Analysis') {
            steps {
			    def zipcpilintfile = "";
			    def unzipcpilintfile = "cpilint";
			    fileOperations([fileUnZipOperation(filePath: zipcpilintfile, targetLocation: unzipcpilintfile)])
			    fileOperations([fileDeleteOperation(excludes: '', includes: zipcpilintfile)])
			    sh "chmod a+rwx -R $WORKSPACE/cpilint"
			    sh "$WORKSPACE/cpilint/cpilint-1.0.4/bin/cpilint -rules $WORKSPACE/rules.xml -files $WORKSPACE/IntegrationContent/IntegrationArtefacts/ZipFiles/${env.Filename}"



  • Create a “rules.xml” file. As per the schema cpilint. I have taken one sample xml file. You can modify this as per your requirements.
<?xml version="1.0" encoding="UTF-8"?>
        <!-- Require that all iflows have a description. -->

        <!-- Don't allow the social media receiver adapters. -->

        <!-- Don't allow Router steps configured with both XML and non-XML conditions. -->
        <!-- Message Mapping and XSLT are the two allowed mapping types. -->

        <!-- Make sure that all data store writes are encrypted. -->

  • Then download the zip file of cpilint and upload it into the GitHub repo. Now your repo should look like below.


GitHub Repository Files

  • Create a PAT (Personal Access Token) in your GitHub account. And save the token.
  • Copy GitHub Repo HTTPS url.



  • SAP Process Integration API Plan Instance – Service key

Login into BTP cockpit and save the service key.


Service Key

  • Jenkins Basic Configuration

First create credentials for CPI and GitHub in Manage Jenkins -> Credentials page.

  • Use CPI Service key ClientId and ClientSecret as Username and Password and give ID “CPIOAuthCredentials” as below.


CPI Cred

  • Create GitHub Credentials using the same method. Use your GitHub User and PAT Token as username and password. Give ID as “GIT_Credentials”.


GitHub Cred

  • Then go to Manage Jenkins -> Configure System and configure below environment variables.
Name Value
CPI_HOST {{url value from Service Key without https://}} e.g.
CPI_OAUTH_HOST {{tokenurl value from Service Key without https://}} e.g.
GIT_CRED GIT_Credentials


Environment Variable

  • Run below 2 commands in docker terminal. (from docker desktop app inside the container). Put your own name and email.
git config --global "Your Name"
git config --global ""
  • Then install below 3 plugins. From your Jenkins dashboard navigate to Manage Jenkins > Manage Plugins and select the Available tab. Locate this plugin by searching below terms and install without restart.
    1. http_request
    2. pipeline-utility-steps
    3. file-operations
  • Jenkins Pipeline configuration

  • Click on New item button from Dashboard and then choose Multibranch pipeline and give appropriate name and hit “OK”.


Multibranch Pipeline Configuration

  • Then Scroll down to branch source and select the GitHub credential and give your GitHub repo URL in Repository HTTPS URL as per below config. Then hit save.


Branch Source

  • Build and Test

  • Then click on Build Button in the main branch and then give the IFlowID in the name parameter like below screenshot.


Build with Parameter

  • Then build will get completed and show status of each stage.


Build status

  • You can now go to your Github repo and see the iFlow files are stored. You can try changing the iflow and save it as a new version and then again try to build the pipeline again for the same iFlow using step 1.


Change in Iflow and Save as a version

  • Then after build gets completed, you will be able to see the comparison between both the versions in GitHub.



  • You can also check the basic validation logs which are generated by cpilint application in Jenkins build logs. This will give you full flexibility to configure cpilint and automatic validations via jenkins+cpilint. Thanks Morten for this cool tool.


cpilint logs


This setup is neither tested in any productive scenario, nor any through risk analysis has been done, so I would request to do proper analysis before implementing it. There are a lot of improvement required to have a fully automated Pipeline. We can add more stages to have automatic deployment in another tenant and test with automatic test scripts.

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Sunny Kapoor
      Sunny Kapoor

      Great Work ASUTOSH MAHARANA!

      It's always nice to see how people like you join the dots for some end-to-end use cases. Keep it coming 🙂