Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using credentials from Jenkins store in a jenkinsfile

Tags:

git

jenkins

groovy

jenkins-pipeline

I made a multibranch pipeline project in Jenkins. I need to use two repositories and both need credentials.

I created a Jenkinsfile in repository1:

node ('label1'){
  stage 'sanity check'
  sh 'echo sanity check'
  stage 'checkout other repository'
  checkout([
      $class: 'GitSCM', branches: [[name: '*/master']],
      userRemoteConfigs: [[url: 'https://[email protected]/BRNTZN/repository2.git'],[credentialsId:'23b2eed1-2863-49d5-bc7b-bcccb9ad914d']]
  ])
  stage 'log results'
  sh 'echo result = OK'
 }

When I push this file onto a branch of repository1 and start the build I get the following error in Jenkins:

Branch indexing
Setting origin to https://[email protected]/BRNTZN/repository1.git
Fetching origin...
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://[email protected]/BRNTZN/repository1.git # timeout=10
Fetching upstream changes from https://[email protected]/BRNTZN/repository1.git
 > git --version # timeout=10
using .gitcredentials to set credentials
 > git config --local credential.username BRNTZN # timeout=10
 > git config --local credential.helper store --file=/tmp/git1367320661933193799.credentials # timeout=10
 > git -c core.askpass=true fetch --tags --progress https://[email protected]/BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
 > git config --local --remove-section credential # timeout=10
Checking out Revision d997a29e9d1f639d56eb425ec00e03309e099c7a (jenkinsfilebranch1)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f d997a29e9d1f639d56eb425ec00e03309e099c7a
 > git rev-list f81d0d366fd751857a2640c587817f4d047a15af # timeout=10
[Pipeline] node
Running on jenkins agent (i-07353fc08cb42f10e) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://[email protected]/BRNTZN/repository2.git # timeout=10
Fetching upstream changes from https://[email protected]/BRNTZN/repository2.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress https://[email protected]/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://[email protected]/BRNTZN/repository2.git
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
    at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:52)
    at hudson.security.ACL.impersonate(ACL.java:213)
    at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:49)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress https://[email protected]/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: remote: Invalid username or password. If you log in via a third party service you must ensure you have an account password set in your account profile.
fatal: Authentication failed for 'https://[email protected]/BRNTZN/repository2.git/'

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:152)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:145)
    at hudson.remoting.UserRequest.perform(UserRequest.java:153)
    at hudson.remoting.UserRequest.perform(UserRequest.java:50)
    at hudson.remoting.Request$2.run(Request.java:332)
    at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)
    at ......remote call to jenkins agent (i-07353fc08cb42f10e)(Native Method)
    at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
    at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
    at hudson.remoting.Channel.call(Channel.java:781)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
    at com.sun.proxy.$Proxy75.execute(Unknown Source)
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
    ... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE

The credentials should be correct:

Enter image description here

And using those credentials for that repository in a freestyle project gives no error:

Enter image description here

Update

I created a freestyle project using SSH credentials and added that public key to my Bitbucket account to test if I can make SSH work:

freestylecredentials SSH

This worked:

    Started by user admin
Building remotely on jenkins agent (i-039385e75b60d70f7) (label1) in workspace /var/jenkins/workspace/gitcredentials test
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url [email protected]:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from [email protected]:BRNTZN/repository2.git
 > git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
 > git -c core.askpass=true fetch --tags --progress [email protected]:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 1d51064143e7337cbc0b1910918166facc9c2330 (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 1d51064143e7337cbc0b1910918166facc9c2330
First time build. Skipping changelog.
Finished: SUCCESS

However when updating the jenkinsfile in the following way:

node ('label1'){
  stage 'sanity check'
  sh 'echo sanity check'
  stage 'checkout other repository'
  checkout([
      $class: 'GitSCM', branches: [[name: '*/master']],
      userRemoteConfigs: [[url: '[email protected]:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
  ])
  stage 'log results'
  sh 'echo result = OK'
 }

I still get the same error:

Started by user admin
Setting origin to [email protected]:BRNTZN/repository1.git
Fetching origin...
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url [email protected]:BRNTZN/repository1.git # timeout=10
Fetching upstream changes from [email protected]:BRNTZN/repository1.git
 > git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
 > git -c core.askpass=true fetch --tags --progress [email protected]:BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
Checking out Revision 29fc47911827d829f5abe9456bd8df78bc478fe7 (jenkinsfilebranch1)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 29fc47911827d829f5abe9456bd8df78bc478fe7
 > git rev-list 29fc47911827d829f5abe9456bd8df78bc478fe7 # timeout=10
[Pipeline] node
Running on jenkins agent (i-039385e75b60d70f7) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url [email protected]:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from [email protected]:BRNTZN/repository2.git
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress [email protected]:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from [email protected]:BRNTZN/repository2.git
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
    at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:52)
    at hudson.security.ACL.impersonate(ACL.java:213)
    at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:49)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress [email protected]:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:152)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:145)
    at hudson.remoting.UserRequest.perform(UserRequest.java:153)
    at hudson.remoting.UserRequest.perform(UserRequest.java:50)
    at hudson.remoting.Request$2.run(Request.java:332)
    at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)
    at ......remote call to jenkins agent (i-039385e75b60d70f7)(Native Method)
    at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
    at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
    at hudson.remoting.Channel.call(Channel.java:781)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
    at sun.reflect.GeneratedMethodAccessor1180.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
    at com.sun.proxy.$Proxy75.execute(Unknown Source)
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
    ... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
like image 358
BRNTZN Avatar asked Sep 12 '16 13:09

BRNTZN

3 Answers

Your GitSCM class instantiation is incorrect. You have created two UserRemoteConfig objects - one with a URL of '[email protected]:BRNTZN/repository2.git' and one with a credentialsId of 'jenkinsmaster'. Instead you want one object with both properties set.

checkout([
  $class: 'GitSCM', branches: [[name: '*/master']],
  userRemoteConfigs: [[url: '[email protected]:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])

Should be:

checkout([
  $class: 'GitSCM', branches: [[name: '*/master']],
  userRemoteConfigs: [[url: '[email protected]:BRNTZN/repository2.git',credentialsId:'jenkinsmaster']]
])

Notice there are no brackets around the comma in the "userRemoteConfigs" section in the second case.

I had just ran into the same issue and connected up an Eclipse debugger to Jenkins to find the issue.

See git-plugin GitSCM does not support ssh credentials when using checkout in a Jenkinsfile (45007).

like image 134
MarkRx Avatar answered Oct 20 '22 06:10

MarkRx

I've had the exact same issue: checkout using credentials in a freestyle project works fine, checkout in a shell (as the jenkins user) works fine, and checkout in the pipeline fails. I've updated Jenkins + plugins to the latest version.

I finally managed to get it to work by placing the correct key in /var/lib/jenkins/.ssh/id_rsa. It looks like the GitSCM plugin completely ignores the provided credentialsId, and just uses the key in /var/lib/jenkins/.ssh/id_rsa. I generated a keypair without passphrase for this.

It is a workaround, and I suspect that GitSCM has a bug, but at least you can use the pipeline plugin.

like image 45
rdeboo Avatar answered Oct 20 '22 07:10

rdeboo

What kind of credentials do you use?

I suggest that you use SSH credentials (i.e. private/public keys):

  1. Generate a SSH key pair (make sure you generate it for the correct username!)
  2. Add your public SSH key to your Bitbucket account
  3. Configure your Jenkins to use your newly created SSH private key, as shown in the example below:

Enter image description here

Then you need to use SSH URL as connection to your Git your credentials in your pipeline (instead of HTTP URL), as follows:

checkout([
    $class: 'GitSCM', branches: [[name: '*/master']],
    userRemoteConfigs: [[url:'ssh://[email protected]:BRNTZN/repository2.git'],[credentialsId:'jenkins_ssh_key']]
])

Also, note that you might want to set a specific id for your credentials (e.g. jenkins_ssh_key or BRNTZN_ssh_key) to improve readability and simplify pipeline configuration.

like image 29
Pom12 Avatar answered Oct 20 '22 06:10

Pom12
Sign in to Comment

Related questions

Migrate or export Github wiki to Gitlab
git aliases operate in the wrong directory
How to convert a file tracked by git to git-lfs?
Injecting current git commit id into Java webapp
Can git commit "empty versions" of new, non-empty files?
Remove / cut off Git's revision / commit history
Git: How do I list local branches that are tracking remote branches that no longer exist?
How do I setup Carthage to use my own Frameworks that are in private repository like Stash (Bitbucket)?
How to disable sparse checkout after enabled?
How do I prepend history to a Git repository?
What is the best way to back up an entire git repository on external disk?
iPhone Dev - How important is Project.pbxproj?
Add remote via JGit
How to rename last N commits messages in git?
GIT: How do I add a file to the first commit (and rewrite history in the process)?
Calling 'git pull' from a git post-update hook
how to open a .bundle file
How to derive application build version string with Git's `describe` command?
Validate if commit exists
Git push error: RPC failed: curl 52

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!