Use github oauth plugin, use webhook to trigger autobuild. make sure to add "/" in the end of your github webhook.

Use post build plugin to trigger capistrano. I need to switch to ec2-user here, so I will need some sudo magic. The post build task should be:

sudo -u ec2-user /usr/bin/cap -S branch=%1 dev deploy

We set %1 via regex on Log text. Use this regex: Checking out Revision (.*?) \(.*?\)

and then, add this into sudoers via visudo (to satisfy above sudo):

#jenkins capistrano
jenkins ALL=(ec2-user) NOPASSWD:/usr/bin/cap *
# don't give me: sorry, you must have a tty to run sudo
Defaults:jenkins !requiretty

What frustated me was missing "/" in my github webhook. And also switching to ec2-user. We need to switch to ec2-user because Capistrano need to ssh to localhost (my current setup: jenkins + deploy env on the same machine). I tried ssh using jenkins but instantly kicked out. So switching to ec2-user solve my problem.

That %1, we use it to override :branch value in capistrano. Thus it will deploy specific revision and not the HEAD.

Some new lines in the sudoers file there should be secure enough, limiting jenkins' sudo on /usr/bin/cap. but I'm no hacker, my sense of security is kinda dull.

Hope this helps. Do share your tips and improvement.