如何在Jenkins作业中克隆github组织的私人存储库 [英] How to Clone a private repository of github organization in a Jenkins Job
问题描述
我是github组织的所有者,我可以访问所有存储库。其中一些是私人的,另一些是公共的。我试图设置Jenkins以在向组织的任何存储库提出请求时触发构建。问题是,我有一个外部系统,通过github webhooks进行通知,只要发出拉取请求。我必须将詹金斯与这个系统结合起来,这是一项要求。该系统还可以通过API请求向Jenkins发送通知。 ( https://python-jenkins.readthedocs.org/en/latest/examples。 html )
我可以看到,自动Jenkins构建触发器的所有解决方案都与Jenkins的github插件相关。 ( https://wiki.jenkins-ci.org/display/JENKINS/GitHub+插件)。我目前无法使用它,因为我在github和Jenkins之间有一个新系统。
目前,当我的系统从github收到通知时,它会发出api请求使用存储库名称和分支构建作业。现在,jenkins作业执行一个shell脚本,它执行存储库的git克隆并运行测试。我找不到一种方法来执行组织的私有存储库的git克隆。
要求
-
Jenkins构建控制台输出是公开的,相关信息不应该出现在输出中。
Jenkins是为整个组织构建的,因此我不想将ssh密钥添加到我的github帐户中。
什么是最好/更干净的方法来完成它?
您通常会通过创建只读部署密钥。部署密钥是与单个存储库关联的ssh(公共)密钥,而不是与您的整个github帐户关联。默认情况下,部署密钥是只读的(除非您在添加密钥时选中允许写入访问复选框)。
该链接还有其他一些管理建议从自动化流程访问github存储库。
I am the owner of github organization and I have access to all repositories. Some of them are private and others are public. I am trying to set up Jenkins to trigger builds when a pull request is made to any repository of the organization. The problem is that i have an external system which is notified via github webhooks whenever a pull request is made. I have to integrate Jenkins with this system which is a requirement. This system can also trigger notifications to Jenkins via api requests. (https://python-jenkins.readthedocs.org/en/latest/examples.html)
I could see that all solutions to automatic Jenkins build triggers are related to github plugin of Jenkins. (https://wiki.jenkins-ci.org/display/JENKINS/GitHub+Plugin). I can't currently use it because i have an additional indirection with a new system in between github and Jenkins.
Currently when my system receives notification from github, it issues api request to build job with repository name and branch. Now, the jenkins job executes a shell script that does a git clone of the repository and run tests. I couldn't find a way to do a git clone of private repository of a organization.
Requirements
Jenkins build Console output is public and hence login related information should not be present inside the output.
Jenkins is built for entire organization and hence I don't want to add the ssh key to my github account.
What is the best/cleaner way to accomplish it?
You would normally handle this sort of thing by creating a read-only deploy key. A deploy key is an ssh (public) key associated with a single repository, rather than with your entire github account. By default a deploy key is read-only (unless you check the "allow write access" checkbox when adding the key).
That link also has some other suggestions for managing access to github repositories from automated processes.
这篇关于如何在Jenkins作业中克隆github组织的私人存储库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
