Reputation: 377
Use same http git credentials as for cloning in a Shell script in a Post Step
I want to automate our Release process and I have a following Jenkins build job for a Maven project:
- Cloning a Git repo with configured Jenkins Credentials (username/password)
- Executing some Maven commands for the build
- Having a Post Step configured which executes some additional Git commands: merge, tag, push
If I run the build I receive following error during executing my Post Step Shell script:
fatal: could not read Username for 'https://mygitserver': Input/output error
The Git Repo server uses HTTP for Authentication.
In the Console Log I can see that Jenkins uses .gitcredentials to handle the Authentication:
using .gitcredentials to set credentials
> git config --local credential.username jenkins # timeout=10
> git config --local credential.helper store --file=/tmp/git2442727044778485.credentials # timeout=10
I would like now to reuse actually these credential store because they are created at the beginning of my build, but are removed again after cloning.
Is this somehow possible or do I need to handle this somehow by myself with the "Credentials Binding Plugin", etc.?
Upvotes: 6
Views: 8767
Answers (4)
Reputation: 2167
There is interesting tutorial how to pass jenkins credentials into the pipeline scripts: https://www.baeldung.com/ops/jenkins-inject-git-secrets#2-use-credentials-in-pipeline
And additional one here: https://www.jenkins.io/blog/2021/07/27/git-credentials-binding-phase-1/
Upvotes: 0
Reputation: 1804
The Credentials Binding plugin mentioned by @olibur can be used together with a custom GIT_ASKPASS script to allow authentification with a GitHub App:
First the GitHub Branch Source plugin can be used to store credentials for an installed GitHub App.
The Credentials Binding plugin must be set up to give "Username and password (separate)" with the GitHub App credentials. The password will be the temporary access token. In the following it is accessed as GITHUB_TOKEN. The user name is the App Id.
To allow to access GitHub the token must be returned from an askpass script. With an "Inject environment variables" build step the location of the script can be defined to be in a known location available in all build steps:
GIT_ASKPASS=$WORKSPACE/git-askpass.sh
It must be filled as first bash script build step before the repository can actually be accessed by git:
echo 'echo $GITHUB_TOKEN' > $GIT_ASKPASS
chmod +x $GIT_ASKPASS
The script is now available in all following build steps and git can be used without specifying any credentials.
Upvotes: 1
Reputation: 1911
Here is a path I took in order to fulfil a similar need:
- I added a public ssh key in my git account
- I added the ssh private key and passphrase as ssh credential in jenkins
- I used this credential in my git repo clone phase
- I reused the same credential in my ssh agent jenkins build environment ** hence all post build shell script will use it
Upvotes: 0
Reputation: 377
Because I haven't found yet any solution to reuse the initial Git credentials from the clone command at the beginning of my build, I have just used now the Jenkins Credentials Binding plugin and created a own credentials store for my custom git commands in the Post Step.
Upvotes: 2
Related Questions
- Git pull/clone with username and password in AWS Code Commit
- Jenkins - using GIT_ASKPASS to set credentials
- git clone in shell script using credentials from Jenkins
- How to git pull with adding credentials SECURELY in bash or Jenkins pipeline
- How to enter git credentials in jenkins pipeline code
- Git push using jenkins credentials from declarative pipeline
- Correct way to use personal access token credential to clone git repo
- Use git archive instead of clone with credentials in jenkins pipeline job
- How can I use git credentials in a shell script on Jenkins?
- Authentication with Jenkins and Git