Menu
In my Jenkins job, during the build phase, I execute pip install -r requirements.txt. Among my project's requirements, there are some paths to private git repositories, needing SSH keys to authenticate. I already created the keys (no passphrase), added the public key to the BitBucket server and the private key to Jenkins's credentials.
My project's code is pulled successfully with those same SSH keys (internally, Jenkins uses GIT_SSH), but pip doesn't know to pass them on to the server for authentication (the log shows: Permission denied (publickey))
I've seen Use SSH Key from Jenkins Git Plugin to Run Git Commands During Build , but it isn't answered. I've also seen some other talk about Publish Over SSH plugin, but I'm not sure it applies to me..
The build machine is Windows, by the way.
Automatically writing the private key to <home_folder>\.ssh\id_rsa seems like a security risk to me, though I might be wrong..?
Is there a way to configure Jenkins to use the same SSH keys it has to pip install ssh entries as well?
322
I have used the SSH Agent plugin to do this on Linux/Mac machines. The pip install command must go inside SSH agent's withCredentials. The plugin claims to support Windows (with some additional requirements), but I've never tried it.
I don't think I was able to have pip respect the GIT_SSH that Jenkins uses for the SCM step.
131
A possible workaround:
Make Jenkins clone the private repo containing the pip module, i.e. containing the setup.py file. Say the repo has been cloned to /tmp/my_private_repo
Option 1: cd /tmp/my_private_repo && pip install -e .
Option 2: pip install git+file:///tmp/my_private_repo (note the 3 /// after file)
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
