So I have a plain shell script and I want to execute 2 git commands but don't have the credentials. How do I get the credentials into my environment? Do I have to set GIT_ASKPASS or something? I am not the admin so "install a plugin" isn't a great option.
The environment has the following available already:
BUILD_URL
UPDATE_VERSION
HOSTNAME
PASS <--- This one looks like a possible but still no user id.
POM_GROUPID
HUDSON_SERVER_COOKIE
BUILD_TAG
POM_DISPLAYNAME
GIT_PREVIOUS_COMMIT
WORKSPACE
JOB_URL
RUN_CHANGES_DISPLAY_URL
POM_ARTIFACTID
MAVEN_OPTS
JENKINS_SWARM_VERSION
NLSPATH
GIT_COMMIT
JENKINS_HOME
MAVEN_HOME
PATH
RUN_DISPLAY_URL
PWD
JAVA_HOME
HUDSON_URL
JAVA_VERSION
JOB_NAME
POM_VERSION
BUILD_VERSION
XFILESEARCHPATH
BUILD_DISPLAY_NAME
BUILD_ID
JENKINS_URL
JOB_BASE_NAME
GIT_PREVIOUS_SUCCESSFUL_COMMIT
POM_PACKAGING
HOME
GIT_SSL_NO_VERIFY
SHLVL
M2_HOME
GIT_BRANCH
EXECUTOR_NUMBER
JENKINS_SERVER_COOKIE
GIT_URL
NODE_LABELS
HUDSON_HOME
NODE_NAME
BUILD_NUMBER
JOB_DISPLAY_URL
HUDSON_COOKIE
Update: here is some new information. GIT_ASKPASS uses these? ...and I note that Jenkins is using GIT_ASKPASS to check out in the first place.
+ git help -a
+ grep credential-
credential-cache remote-ext
credential-cache--daemon remote-fd
credential-gnome-keyring remote-ftp
credential-store remote-ftps
To use, first go to the Credentials link and add items of type Secret file and/or Secret text. Now in a freestyle job, check the box Use secret text(s) or file(s) and add some variable bindings which will use your credentials. The resulting environment variables can be accessed from shell script build steps and so on.
If your credentials ID is "USER_PASSWORD", you have to read it using eg. the following command: USER_CREDENTIALS = credentials('USER_PASSWORD') . After doing this, the username and password are available in the following environment variables: USER_CREDENTIALS_USR and USER_CREDENTIALS_PSW .
If your script has to have those credentials, then you can check the second option "Job DSL plugin: Build Variables"
All build variables are exposed to the Job DSL scripts as variables, see User Power Moves.
There are several ways to define credentials as build variables, e.g. the EnvInject Plugin provides a "Inject passwords to the build as environment variables" setting to inject passwords either defined globally in "Configure System" or directly on a job.
// use the FLOWDOCK_TOKEN variable to configure the Flowdock publisher
job('example-4') {
publishers {
flowdock(FLOWDOCK_TOKEN) {
unstable()
success()
aborted()
failure()
fixed()
notBuilt()
}
}
}
// variables can also be using in configure blocks
job('example-5') {
configure { project ->
project / builders << 'org.foo.FooBuilder' {
userName(FOO_USER)
password(FOO_PASSWORD)
}
}
}
Afraid I don't know much about Jenkins, but you can store a git credential from a shell script using your git credential helper (assuming you have one configured), e.g.:
printf "protocol=https/nhost=your.git.host/nusername=your_user/npassword=Y0urP@55w0rd/n/n" | git credential approve # git credential takes its arguments on stdin - the final double newline is needed to signal end of input
Git commands should then use it, or if you need the credential itself you can retrieve it on stdout with:
printf "protocol=https/nhost=your.git.host/username=your_user/npassword=Y0urP/n/n" | git credential fill
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With