How to trigger Jenkins build without cloning the repository it is hooked to?

Question

I'm dynamically creating jenkins jobs using a config.xml file as a template. Basically what I want to achieve is that, when someone pushes to the repository, this will trigger the job in jenkins. This job should then pull a docker image, create a container and clone the repository it is hooked to inside it. The idea is to avoid any malicious code being downloaded to our server. Instead, it will be downloaded inside a docker container, run an executable inside the container, and then the container will be removed.

The problem is that whenever someone pushes to the git repository, the jenkins job automatically clones the repo. Is there a way to keep the hook to the repo but stop it from cloning?

We are not using a jenkinsfile because it would have to be inside the repository, and anybody could modify it, so that's why we are creating the jenkins job from a config.xml template.

I read that the option skipdefaultcheckout exists inside jenkinsfile in order to stop cloning the repo? Is it possible to set this up inside config.xml? Is this the correct option to solve what I'm trying to do?

Answer 1

Assumption: Relevant docker plugins are already installed on Jenkins.

Install ssh-agent plugin to pass ssh credentials to docker container for cloning the repo inside docker.

Sample groovy snippet for repo checkout within docker container that can used.

withDockerContainer(args: '-u root', image: "${image}") {
  sshagent(['jenkins-credentials']) {
    sh "mkdir ~/.ssh/ && echo -e 'Host *\n  StrictHostKeyChecking no' > ~/.ssh/config && cat ~/.ssh/config && ssh-add -l"
    git changelog: false, credentialsId: '<ID>', poll: false, url: "<REPO URL>"
    sh 'echo "repo cloned inside container !!!"'
  }
}