问题
In my jenkins pipeline project I can check code out from git fine... but we need to do some git checkins and the credentials apparently are not cached.
stage 'Checkout'
git url: 'git@bitbucket.org:myproj.git', branch: 'master', credentialsId: '012ce21d-e920-44ee-b6f7-08df8ab41de0', variable: 'CREDENTIALS'
sh('git push') <---- fails with Permission denied (public key).
here is sample output:
Entering stage Checkout
Proceeding
[Pipeline] git
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:myproj # timeout=10
Fetching upstream changes from git@bitbucket.org:myproj.git
> git --version # timeout=10
using GIT_SSH to set credentials
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:myproj.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision cc35402c6b39e8a1f8d55a831d2d10215d47ccd0 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f cc35402c6b39e8a1f8d55a831d2d10215d47ccd0 # timeout=10
> git branch -a -v --no-abbrev # timeout=10
> git branch -D master # timeout=10
> git checkout -b master cc35402c6b39e8a1f8d55a831d2d10215d47ccd0
> git rev-list cc35402c6b39e8a1f8d55a831d2d10215d47ccd0 # timeout=10
[Pipeline] sh
[myproj] Running shell script
+ git push --set-upstream origin master
Warning: Permanently added the RSA host key for IP address '192.192.143.2' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
anyone have a good solution to this?
thanks
回答1:
Extracted from the Jenkins pipeline samples repository, we can do that avoid using sshagent: https://github.com/jenkinsci/pipeline-examples/blob/master/pipeline-examples/push-git-repo/pushGitRepo.Groovy
Then for your exemple, the solution should be using the Credentials binding plugin (https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Binding+Plugin) and use this snippet:
stage ('Checkout') {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: '012ce21d-e920-44ee-b6f7-08df8ab41de0', usernameVariable: 'GIT_USERNAME', passwordVariable: 'GIT_PASSWORD']]) {
sh("git tag -a some_tag -m 'Jenkins'")
sh('git push git://${GIT_USERNAME}:${GIT_PASSWORD}@bitbucket.org:myproj.git')
}
}
回答2:
the answer is to use the sshagent jenkins plugin:
http://getmesh.io/Blog/Jenkins+2+Pipeline+101
this plugin injects a SSH_AUTH_SOCK environment variable for git access
来源:https://stackoverflow.com/questions/39237910/jenkins-pipeline-cannot-check-code-into-git