使用SSH密钥在Jenkins中构建具有私有BitBucket存储库中的依赖项的Go项目。

huangapple
go评论70阅读模式
英文:

Build Go project in Jenkins with dependencies in private BitBucket repository using SSH keys

问题

我正在尝试为Go项目设置自动构建。然而,我们有一些内部依赖项,这些依赖项在我们的私有BitBucket上可用。然而,需要凭据才能让Go访问这些依赖项。我可以使用Git和SSH选项读取主存储库,但无法从BitBucket下载依赖项。

我已经尝试过以下方法:

git config --global url."git@bitbucket.org:".insteadOf "https://bitbucket.org/"
export 'GOPRIVATE=bitbucket.org/*'

然而,这似乎不起作用,因为输出如下:

+ go version
22:33:27 go version go1.16.4 darwin/arm64

+ go test
22:33:29 go: missing Mercurial command. See https://golang.org/s/gogetcmd
22:33:30 go: bitbucket.org/repositorie_url: reading https://api.bitbucket.org/2.0/repositorie_url/dependency_repo 403 Forbidden
22:33:30 	server response: Access denied. You must have write or admin access.

我该如何确保go get或go install以安全的方式访问我们的私有存储库?

注意:go test似乎忽略了git配置,并且尝试从https访问依赖项,此外还有一些Mercurial错误。

英文:

I'm trying to set up automated build for Go projects. We have some internal dependencies however available on our private BitBucket. Credentials are needed however to have go access these. I'm able to read the main repo using option Git and SSH but I'm able to download the dependencies from BitBucket.

I already tried with:

git config --global url."git@bitbucket.org:".insteadOf "https://bitbucket.org/"
export 'GOPRIVATE=bitbucket.org/*'

however this doesn't seem work, since the output:

+ go version
22:33:27 go version go1.16.4 darwin/arm64

+ go test
22:33:29 go: missing Mercurial command. See https://golang.org/s/gogetcmd
22:33:30 go: bitbucket.org/repositorie_url: reading https://api.bitbucket.org/2.0/repositorie_url/dependency_repo 403 Forbidden
22:33:30 	server response: Access denied. You must have write or admin access.

How could I make sure go get or go install gets access to our private repository in a secure way?

NOTE: go test sems to ignore git configuration and it's trying to reach dependencies from https, in addition I have some Mercurial errors.

答案1

得分: 0

私有依赖项的解决有点复杂。在执行go test或其他操作之前,尝试下载依赖项。我可以提供两种解决方案,请尝试并告诉我哪种方法适用于您:

1. 使用 SSH 密钥
如果您有一个可以访问私有仓库的 SSH 密钥,请尝试以下步骤
(假设 SSH 密钥已存储并作为名为 BITBUCKET_SSH_KEY 的环境变量检索):

mkdir -p ~/.ssh
echo "$BITBUCKET_SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keygen -F bitbucket.org || ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts
git config --global url."git@bitbucket.org:".insteadOf "https://bitbucket.org/"
go env -w GOPRIVATE=bitbucket.org
go mod download

2. 使用 .netrc 文件
您可以从 Bitbucket 生成一个登录令牌。使用此令牌,设置两个环境变量 BITBUCKET_LOGINBITBUCKET_TOKEN,然后尝试以下步骤:

go env -w GOPRIVATE=bitbucket.org
echo "machine bitbucket.org login ${BITBUCKET_LOGIN} password ${BITBUCKET_TOKEN}" > ~/.netrc
go mod download
英文:

Go private dependencies are a bit complicated to resolve. Try downloading the dependencies before you do go test or anything else. There are 2 solutions I can present, try and let me know which one worked for you:

1. Using ssh key
When you have a ssh key that has access to the private repos, try this
(Assuming the ssh is stored and retrived as env var with name BITBUCKET_SSH_KEY) :

mkdir -p ~/.ssh
echo "$BITBUCKET_SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keygen -F bitbucket.org || ssh-keyscan bitbucket.org >>~/.ssh/known_hosts
git config --global url."git@bitbucket.org:".insteadOf "https://bitbucket.org/"
go env -w GOPRIVATE=bitbucket.org
go mod download

2. Using .netrc
You can generate a login token from bitbucket. With this token, have two env vars BITBUCKET_LOGIN and BITBUCKET_TOKEN and then try following:

go env -w GOPRIVATE=bitbucket.org
echo "machine bitbucket.org login ${BITBUCKET_LOGIN} password ${BITBUCKET_TOKEN}" > ~/.netrc
go mod download

答案2

得分: 0

你好,我终于找到了错误所在,问题出在环境的$PATH上!
似乎计算机的路径与Jenkins的默认路径不同。
如果你想使用本地计算机的特定环境,你应该在环境中添加一个新的变量$PATH,在本地cmd中打印$PATH,并将其与Jenkinsfile中的$PATH进行比较。

Jenkinsfile中的解决方案:

pipeline {
    agent {
        label 'macmini'
    }
    environment {
        PATH = "$HOME/go/bin:" +
                    "/usr/local/bin:/Library/Apple/usr/bin" +
                    "$PATH"...
    }
}

控制台输出:

echo $PATH

# 覆盖$PATH环境变量
$PATH = "$HOME/go/bin:" +
                    "$HOME/go/bin:" +
                    "/usr/local/bin:/Library/Apple/usr/bin" +
                    "$PATH"...
英文:

Hello I finally found the error and the issue was:
the $PATH of the enviroment!
Seams that the computer has a different path of the default path of jenkins.
If you want to use a certain enviroment of your local computer you should add a new variable $PATH in the enviroment, print $PATH in the local cmd and compare the $PATH on jenkinsfile

the solution in jenkinsfile:

pipeline {
    agent {
        label 'macmini'
    }
    environment {
        PATH = "$HOME/go/bin:" +
                    "/usr/local/bin:/Library/Apple/usr/bin" +
                    "$PATH"...
    }
}

console:

echo $PATH

# overrite $PATH enviroment
$PATH = "$HOME/go/bin:" +
                    "$HOME/go/bin:" +
                    "/usr/local/bin:/Library/Apple/usr/bin" +
                    "$PATH"...

huangapple
  • 本文由 发表于 2021年6月9日 12:10:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/67897475.html
  • bitbucket
  • go
  • jenkins
  • jenkins-plugins
  • ssh
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定