How to access npm git-dependency from jenkins?

Question

In my package.json I have a depedency to antoher git repository:

"my-dependeny":"git+https://somehost.com/my-dependency.git#<commit-hash>"

After running npm install this works fine while developing because git is using my personal stored credentials.

But executing npm install in a jenkins-pipline will fail, because there are not stored credentials. So I first tried to generate a deploy token in gitlab and edit the package.json:

"my-dependeny":"git+https://<deploy-token>:<password>@somehost.com/my-dependency.git#<commit-hash>"

Now it will work on jenkins! But the problem with this approach is, that Windows autoamtically updates the credential for the host (somehost.com) in the Credentials Manager:

So when any developer is running npm install and is afterwards trying to access another project within the same host it will fail, because it will use the deploy-token for the autenthication.

Of course you could add new user to gitlab which has access to all relevant projects. Then you could store this user on jenkins, but this doesn't seem to be an optimal or even good solution.

Maybe there could also be a way to stop the Credential Manager from updating git credentials. But this also doesn't sound well, because every developer would have to prevent this, which is not very intuitive.

My Question

Is there a good way to access npm git-depencies from jenkins without requiring extra steps that need to be done by each developer?

Answer 1

The following is how I solved this in my jenkins file:

withCredentials([usernamePassword(credentialsId: 'my-git-username-and-api-token', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) {
    sh '''
        git config --global credential.username ${GIT_USERNAME}
        git config --global credential.helper "!echo password=${GIT_PASSWORD}; echo"

        npm install
        npm run build
    '''
}

As you can see it uses GitHub username and API token from the credentials store. It also runs git config every time. For me this is necessary as I'm running my builds in a docker node. This solves the problem we encountered where git+https dependencies in npm were not being resolved in our jenkins pipeline.

Answer 2

I was finally able to find a solution by myself with the help of git-credential-store.

The following steps apply for linux systems, because in my case the Jenkins is running on Linux. But there should be a similiar solution for Windows systems.

1. Create empty ~/.git-credentials file. If you use a Dockerfile to copy the .git-credentials file you most likly have to use /root/git-credentials as path (e.g. COPY .git-credentials /root/)

2. Insert your credentials like the following to your ~/.git-credentials file:

   <protocol>://<deploy-token>:<password>@<hostname>/<project>

   Example:

   https://gitlab+deploy-10:mYSecReTPaSSWord@somehost.com/my-dependency.git

   or multiple credentials (follow 4. step below to enable this feature):

   https://gitlab+deploy-10:mYSecReTPaSSWord@somehost.de/some-path/some-project.git https://gitlab+deploy-11:otHerPaSSWord@somehost.de/some-path/some-other-project.git

   NOTE:

   The line-endings in the ~/.git-credentials have to be LF. If they are CR;LF unexpected errors can occur.

3. git config --global credential.helper store

   This will tell git that you wanna use your .git-credentials file for authentication. (~/.git-credentials is the default location)

4. optional: git config --global credential.useHttpPath true

   This is needed if you want to use mutliple Deploy Tokens for multiple projects within the same hostname. Without credential.useHttpPath true in the example above this would mean, that gitlab+deploy-10:mYSecReTPaSSWord would be used in every request to somehost.de. The HTTP path would be ignored completly.