Daniel Setréus
Reputation: 562
Jenkins pipeline ssh agent git push failes
In my jenkins pipeline I can clone the repository fine, but using SSH Agent plugin to push back a tag fail. I've made sure that the deploy key at github has write access, so there seems to be some other problem...
pipeline {
agent { docker { image 'node:8' } }
stages {
stage('Pull Repo') {
steps {
git (
branch: 'master',
credentialsId: 'cred-id',
url: 'github.com:***'
)
sshagent(['github-omnia']) {
sh("git tag -a \"release-2.3.${BUILD_NUMBER}\" -m \"Jenkins built ${BUILD_NUMBER}\"")
sh("git push --tags")
}
}
}
}
}
Am I missing something?
Edit: Here's the console output for the error
[ssh-agent] Using credentials git (Access to Github-**)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
$ docker exec a6cee721d592b10bb94abbde0471d24a4320dcd07362affb1f18454d6ebe028d ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-TI7dNVoYszsC/agent.12
SSH_AGENT_PID=17
Running ssh-add (command line suppressed)
Identity added: /var/jenkins_home/workspace/Build-And-Deploy-***@tmp/private_key_7884642190516796613.key (/var/jenkins_home/workspace/Build-And-Deploy-***@tmp/private_key_7884642190516796613.key)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ git config --global user.email jenkins@***.se
[Pipeline] sh
+ git config --global user.name Jenkins
[Pipeline] sh
+ git remote set-url origin [email protected]:***/***
[Pipeline] sh
+ git tag -a release-2.3.3 -m Jenkins built 3
[Pipeline] sh
+ git push origin --tags
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Upvotes: 8
Views: 4684
Answers (1)
cdrini
Reputation: 1096
I was looking for a way to do this without ignoring host verification entirely, and without modifying my Jenkins machine's known_hosts since I want to use docker. I ended up with something like this:
- In Jenkins, create a new credential of type "Secret text" (let's call it
GITHUB_HOST_KEY), and set its value to be the host key, e.g.:
# gets the host for github and copies it. You can run this from
# any computer that has access to github.com (or whatever your
# git server is)
ssh-keyscan github.com | clip
- In your Jenkinsfile, save the string to
known_hostsbefore usingsshagent. Here's my pipeline; it takes a branch calledmaster-v5and generates a branchmaster-v5-distwhich contains a number of build files.
pipeline {
agent { docker { image 'node:14' } }
stages {
stage('Checkout') {
steps {
git branch: 'master-v5',
url: '[email protected]:internetarchive/bookreader.git',
credentialsId: 'YOUR_GH_CREDENTIALS'
}
}
stage('Build') { steps { sh 'npm install && npm run build' } }
stage('Push') {
steps {
sh 'git config user.email "[email protected]"'
sh 'git config user.name "Mr. Foo Bar"'
sh 'git add BookReader'
sh 'git commit -m Build files [ci skip]'
withCredentials([string(credentialsId: 'GITHUB_HOST_KEY', variable: 'GITHUB_HOST_KEY')]) {
sh 'mkdir -p ~/.ssh && echo "$GITHUB_HOST_KEY" >> ~/.ssh/known_hosts'
}
sshagent (credentials: ['YOUR_GH_CREDENTIALS']) {
sh 'git push -f origin HEAD:master-v5-dist'
}
}
}
}
}
This ensures you're using a trusted host key, since you got the host key (presumably) at a time when you were certain you were connected to the real github.com .
Upvotes: 5
Related Questions
- Git from Jenkins pipeline is using wrong SSH private key to push back into Git repository
- ssh-agent not working on jenkins pipeline
- Jenkins ssh-agent starts and then stops immediately in pipeline build
- Jenkins Pipeline - ssh-agent can't find credentials
- Jenkins ssh-agent unable to find credentials
- Git push from jenkins pipeline
- Jenkins git checkout on agent not working
- Jenkins pipeline Git error: “Host Key Verification Failed” when connecting to remote repository
- Jenkins Pipeline based on groovy : unable to push into git => Permission denied (publickey)
- Jenkins Github SSH pipeline not working