Jenkins Pipeline - git creds seemingly not being used in subsequent git operations

I am facing a problem where some previously set git credentials dont seem to be being used in subsequent git operations.

As per the output below, I can see the using GIT_ASKPASS... log showing some stored credentials in our Jenkins instance are being used to perform the initial fetch.

However, in an Init-Common stage of our pipeline, we need to fetch tags from the repo, and as can be seen in the final lines of the build output, this command fails with could not read Username for 'https://github.com'

Running on EC2 (ec2-slave-magma) - Jerkins Worker V3 (i-069edcd60fee118f6) in /home/jenkins/workspace/magma-console_github_integration
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
The recommended git tool is: NONE
using credential al-cibot
Cloning the remote Git repository
Cloning with configured refspecs honoured and without tags
Cloning repository https://github.com/alertlogic/al-magma-console.git
 > git init /home/jenkins/workspace/magma-console_github_integration # timeout=10
Fetching upstream changes from https://github.com/alertlogic/al-magma-console.git
 > git --version # timeout=10
 > git --version # 'git version 2.17.1'
using GIT_ASKPASS to set credentials CIBOT Creds for github.com AL Org
 > git fetch --no-tags --progress -- https://github.com/alertlogic/al-magma-console.git +refs/heads/integration:refs/remotes/origin/integration # timeout=10
 > git config remote.origin.url https://github.com/alertlogic/al-magma-console.git # timeout=10
 > git config --add remote.origin.fetch +refs/heads/integration:refs/remotes/origin/integration # timeout=10
Avoid second fetch
Checking out Revision e0b7097a57d7f2bfabf9cf5d0e77a47236b31e0c (integration)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f e0b7097a57d7f2bfabf9cf5d0e77a47236b31e0c # timeout=10
Commit message: "use new merge queue jenkins pipeline branch"
First time build. Skipping changelog.
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] timeout
Timeout set to expire in 1 hr 0 min
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Init-Common)
[Pipeline] script
[Pipeline] {
[Pipeline] sh
+ node scripts/ddInit.js
[Pipeline] echo
canceling previous builds al-magma-console github/integration 1 org.jenkinsci.plugins.workflow.job.WorkflowJob@1ee2400f[al-magma-console github/integration]
[Pipeline] sh
+ git fetch --tags --quiet
fatal: could not read Username for 'https://github.com': No such device or address

I am confused why this would be the case, as I mention earlier our github creds do seem to be in use for that initial fetch from the repo.

What am I missing here?

You can see from the logs that the pipeline is successfully fetched from https://github.com/alertlogic/al-magma-console.git at the start using your configured credentials. However, the credentials are not exposed by default after that, within stages, for security reasons. You must surround the sh fetch step with a withCredentials statement to expose them at that time.

Here's an example Jenkinsfile:

stage("Fetch") {
    steps {
        withCredentials([gitUsernamePassword(credentialsId: 'al-cibot', gitToolName: 'git-tool')]) ) {
            sh '''
                git fetch --tags --quiet
            '''
        }
    }
}

Your credentials ID is al-cibot from the log. You can manage in the Jenkins UI settings under the credentials section.

More on the Credentials plugin: https://www.jenkins.io/doc/pipeline/steps/credentials-binding/