Jenkins Pipeline – git 凭据似乎未在后续 git 操作中使用

huangapple go评论71阅读模式
英文:

Jenkins Pipeline - git creds seemingly not being used in subsequent git operations

问题

以下是翻译好的部分:

我面临一个问题,之前设置的一些 git 凭据似乎在后续的 git 操作中没有被使用。

根据下面的输出,我可以看到 using GIT_ASKPASS... 日志显示我们 Jenkins 实例中存储的一些凭据被用来执行初始获取操作。

然而,在我们流水线的 Init-Common 阶段,我们需要从仓库获取标签,正如构建输出的最后几行所示,此命令失败,并显示 could not read Username for 'https://github.com'

我感到困惑的是为什么会出现这种情况,因为我之前提到我们的 GitHub 凭据似乎在初始获取操作中被使用了。

我在这里漏掉了什么吗?

英文:

I am facing a problem where some previously set git credentials dont seem to be being used in subsequent git operations.

As per the output below, I can see the using GIT_ASKPASS... log showing some stored credentials in our Jenkins instance are being used to perform the initial fetch.

However, in an Init-Common stage of our pipeline, we need to fetch tags from the repo, and as can be seen in the final lines of the build output, this command fails with could not read Username for 'https://github.com'

Running on EC2 (ec2-slave-magma) - Jerkins Worker V3 (i-069edcd60fee118f6) in /home/jenkins/workspace/magma-console_github_integration
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
The recommended git tool is: NONE
using credential al-cibot
Cloning the remote Git repository
Cloning with configured refspecs honoured and without tags
Cloning repository https://github.com/alertlogic/al-magma-console.git
 > git init /home/jenkins/workspace/magma-console_github_integration # timeout=10
Fetching upstream changes from https://github.com/alertlogic/al-magma-console.git
 > git --version # timeout=10
 > git --version # 'git version 2.17.1'
using GIT_ASKPASS to set credentials CIBOT Creds for github.com AL Org
 > git fetch --no-tags --progress -- https://github.com/alertlogic/al-magma-console.git +refs/heads/integration:refs/remotes/origin/integration # timeout=10
 > git config remote.origin.url https://github.com/alertlogic/al-magma-console.git # timeout=10
 > git config --add remote.origin.fetch +refs/heads/integration:refs/remotes/origin/integration # timeout=10
Avoid second fetch
Checking out Revision e0b7097a57d7f2bfabf9cf5d0e77a47236b31e0c (integration)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f e0b7097a57d7f2bfabf9cf5d0e77a47236b31e0c # timeout=10
Commit message: "use new merge queue jenkins pipeline branch"
First time build. Skipping changelog.
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] timeout
Timeout set to expire in 1 hr 0 min
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Init-Common)
[Pipeline] script
[Pipeline] {
[Pipeline] sh
+ node scripts/ddInit.js
[Pipeline] echo
canceling previous builds al-magma-console github/integration 1 org.jenkinsci.plugins.workflow.job.WorkflowJob@1ee2400f[al-magma-console github/integration]
[Pipeline] sh
+ git fetch --tags --quiet
fatal: could not read Username for 'https://github.com': No such device or address

I am confused why this would be the case, as I mention earlier our github creds do seem to be in use for that initial fetch from the repo.

What am I missing here?

答案1

得分: 1

你可以从日志中看到,在开始时,流水线成功从 https://github.com/alertlogic/al-magma-console.git 获取,使用你配置的凭据。然而,出于安全原因,这些凭据在后续阶段中默认情况下不会被暴露出来。你必须在 sh 获取 step 周围使用 withCredentials 语句来在那个时候暴露它们。

这是一个示例的 Jenkinsfile

stage("Fetch") {
    steps {
        withCredentials([gitUsernamePassword(credentialsId: 'al-cibot', gitToolName: 'git-tool')]) ) {
            sh '''
                git fetch --tags --quiet
            '''
        }
    }
}

从日志中可以看到你的凭据 ID 是 al-cibot。你可以在 Jenkins UI 设置中的凭据部分进行管理。

更多关于凭据插件的信息:https://www.jenkins.io/doc/pipeline/steps/credentials-binding/

英文:

You can see from the logs that the pipeline is successfully fetched from https://github.com/alertlogic/al-magma-console.git at the start using your configured credentials. However, the credentials are not exposed by default after that, within stages, for security reasons. You must surround the sh fetch step with a withCredentials statement to expose them at that time.

Here's an example Jenkinsfile:

stage("Fetch") {
    steps {
        withCredentials([gitUsernamePassword(credentialsId: 'al-cibot', gitToolName: 'git-tool')]) ) {
            sh '''
                git fetch --tags --quiet
            '''
        }
    }
}

Your credentials ID is al-cibot from the log. You can manage in the Jenkins UI settings under the credentials section.

More on the Credentials plugin: https://www.jenkins.io/doc/pipeline/steps/credentials-binding/

huangapple
  • 本文由 发表于 2023年6月29日 17:04:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/76579605.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定