In my jenkins pipeline project I can check code out from git fine... but we need to do some git checkins and the credentials apparently are not cached.
stage 'Checkout'
git url: '[email protected]:myproj.git', branch: 'master', credentialsId: '012ce21d-e920-44ee-b6f7-08df8ab41de0', variable: 'CREDENTIALS'
sh('git push') <---- fails with Permission denied (public key).
here is sample output:
Entering stage Checkout
Proceeding
[Pipeline] git
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url [email protected]:myproj # timeout=10
Fetching upstream changes from [email protected]:myproj.git
> git --version # timeout=10
using GIT_SSH to set credentials
> git -c core.askpass=true fetch --tags --progress [email protected]:myproj.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision cc35402c6b39e8a1f8d55a831d2d10215d47ccd0 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f cc35402c6b39e8a1f8d55a831d2d10215d47ccd0 # timeout=10
> git branch -a -v --no-abbrev # timeout=10
> git branch -D master # timeout=10
> git checkout -b master cc35402c6b39e8a1f8d55a831d2d10215d47ccd0
> git rev-list cc35402c6b39e8a1f8d55a831d2d10215d47ccd0 # timeout=10
[Pipeline] sh
[myproj] Running shell script
+ git push --set-upstream origin master
Warning: Permanently added the RSA host key for IP address '192.192.143.2' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
anyone have a good solution to this?
thanks
So why will you checkout code in Jenkins pipeline? Having the ability to check out code at any stage of the pipeline is invaluable. Jenkins provides a very simple out of the box way of checking out code in pipeline. checkout scm. It will simply checkout code’s version which triggered the run.
Use the Pipeline Syntax Snippet Generator to generate a sample pipeline script for the git step. More advanced checkout operations require the checkout step rather than the git step. Examples of the git step include:
Both Git as well as SVN are supported. Jenkins pipeline feature is an awesome feature. A reason good enough to make you upgrade to Jenkins 2. It essentially has made scripting a first class citizen in world of Jenkins. I am replacing all the clunky old NANT script based Jenkins jobs with Pipeline based jobs.
You can use the following in a pipeline: If you're using the ssh url then your credentials must be username + private key. If you're using the https clone url instead of the ssh one, then your credentials should be username + password. To checkout based on the configred credentials in the current Jenkins Job
the answer is to use the sshagent jenkins plugin:
http://getmesh.io/Blog/Jenkins+2+Pipeline+101
this plugin injects a SSH_AUTH_SOCK environment variable for git access
Extracted from the Jenkins pipeline samples repository, we can do that avoid using sshagent: https://github.com/jenkinsci/pipeline-examples/blob/master/pipeline-examples/push-git-repo/pushGitRepo.Groovy
Then for your exemple, the solution should be using the Credentials binding plugin (https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin) and use this snippet:
stage ('Checkout') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: '012ce21d-e920-44ee-b6f7-08df8ab41de0', usernameVariable: 'GIT_USERNAME', passwordVariable: 'GIT_PASSWORD']]) {
sh("git tag -a some_tag -m 'Jenkins'")
sh('git push git://${GIT_USERNAME}:${GIT_PASSWORD}@bitbucket.org:myproj.git')
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With