How can I checkout several private Github repos using Jenkins

Question

I have a small problem with Jenkins and private Github repos. To check out a private repo, one usually needs one of two things:

• the private SSH key of a user on that repo
• the private SSH key of a registered "deployment key" for that repo

The deployment key was made for this kind of interaction. The problem is that deployment keys have to be unique across projects, so I'd have to use a different key every time. This means that I'd have to add another key to the ssh-agent for the Jenkins user for every additional repo.
This also means that by default, the agent would try all of the available keys and would probably get the connection dropped after a few bad attempts with a wrong key.

The Jenkins git plugin doesn't seem to allow pointing it at an SSH key. Jenkins doesn't allow any commandline interaction before the checkout, so I can't use any bash tricks to set the correct key.

So far the only solution seems to be:

1. Create an "my_jenkins_account" user in github
2. Add a public key to the user
3. Add the account to repos that I'd want to check out using Jenkins
4. Add the user's private key to the jenkins user

Any alternative suggestions?

Answer 1

This isn't exactly an answer, just an echo in the dark to let you know that I do pretty much the same thing.

1. Run Jenkins as a user called jenkins
2. sudo as this user and create a public ssh key
3. Create a free GitHub account called myorg-machines
4. Add this jenkins user's public ssh key to the myorg-machines account keys on GitHub. I name this key jenkins on server.name.com to keep things organized.
5. Create a GitHub team called Machines - Pull only. Add the myorg-machines GitHub user to that team, and give that team pull access to my appropriate private repos.

I agree it seems klunky, but it's actually been pretty easy to manage over a year or so now.