Jenkins中的Git Clone和Personal Access Token永远闲置 [英] Git Clone in Jenkins with Personal Access Token idles forever
问题描述
我们在公司网络外部的远程github服务器上运行着一个企业github,需要使用https代理进行克隆.我们不允许使用密码身份验证,因此,无论是ssh(由于代理问题而无法使用)还是PAT,都可以使用.
We have an enterprise github running on a remote github server outside of our company network and need to use an https proxy to clone. We are not allowed to use password authentication, so either ssh (which is a no go due to proxy issues) or PAT.
在我的命令行上,命令
git clone https://user:token@github.exampleco.com/org/repo.git
克隆存储库没有问题,大约需要5到10秒.
clones the repository no problem, and it takes about 5-10 seconds.
在詹金斯(Jenkins)中,控制台输出显示正在克隆到目录名",然后有一个旋转的纺纱轮不断旋转,并且这种旋转永远都无法解决.
In Jenkins, the console output reads "cloning into directory-name" and then there's a spinning wheel that spins endlessly and this never resolves.
我正在执行shell脚本中运行此命令,因为github插件运行了一些似乎仍然想进行密码身份验证的命令,即使我在没有凭据的情况下提供了URL的PAT版本,也看不到添加凭据模式中的PAT授权选项.
I am running this inside an execute shell script as the github plugin runs some commands that apparently still want to do password authentication, even when I feed it the PAT version of the url with no credentials, and I don't see a PAT authorization option in the add credentials modal.
要澄清提供给Jenkins插件的网址,是:
To clarify the url given to the Jenkins plugin is:
https://user:token@github.exampleco.com/org/repo.git
我得到了这样的输出:
No credentials specified
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://user:token@github.exampleco.com/org/repo.git # timeout=10
Fetching upstream changes from https://user@github.exampleco.com/org/repo.git
> git --version # timeout=10
Setting http proxy: corporateproxy.com:8080
> git fetch --tags --progress https://user@github.exampleco.com/org/repo.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://user@github.exampleco.com/org/repo.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:894)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192)
at hudson.scm.SCM.checkout(SCM.java:504)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1208)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
at hudson.model.Run.execute(Run.java:1818)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress https://user@github.exampleco.com/org/repo.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: remote: Password authentication is not available for Git operations.
remote: You must use a personal access token or SSH key.
remote: See https://github.exampleco.com/settings/tokens or https://github.exampleco.com/settings/ssh
fatal: unable to access 'https://user@github.exampleco.com/org/repo.git': The requested URL returned error: 403
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2042)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1761)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$400(CliGitAPIImpl.java:72)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:442)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:892)
... 11 more
ERROR: Error fetching remote repo 'origin'
Finished: FAILURE
我确实注意到,在配置了远程源之后,删除了user:token @,而只使用了user @.我尝试在外壳中手动运行所有这些命令,当我进入第二个命令时,即:
I do notice that the user:token@ is dropped in favor of simply user@ after the remote origin is configured. I tried running all of these commands manually in a shell and when I got to the second one, that is:
git fetch --tags --progress https://user:token@github.exampleco.com/org/repo.git
它也像克隆命令一样永远处于空闲状态.
it also just idled forever like the clone command does.
推荐答案
问题是我需要以我自己的身份运行,而不是以jenkins身份运行.以用户jenkins的身份运行不允许我们克隆.
Problem was that I needed to run as myself instead of as jenkins. Running as the user jenkins doesn't allow us to clone.
我们可以通过将命令whoami放入执行外壳构建步骤来检查谁在运行.如果您的whoami与您的用户名不匹配(whoami很可能会返回jenkins作为用户名),则我们需要进行一些配置.
We can check who we are running as by putting the command whoami into the execute shell build step. If your whoami doesn't match your username (it is most likely that whoami will return jenkins as the username), we have some configuring to do.
转到jenkins主页,选择管理Jenkins",然后选择管理节点".创建一个新节点.
Go to the jenkins home, select Manage Jenkins, then select Manage Nodes. Create a new node.
给该新节点一个执行者,在使用中选择仅使用具有与该节点匹配的标签表达式的作业",并为您的项目提供唯一的标签.在启动方法中,选择通过SSH启动代理".将主机设置为localhost,然后添加用于登录到所用计算机的凭据(用户名和密码).选择不验证主机密钥,然后在可用性中选择使该代理尽可能联机"并保存.您需要启动代理.
Give this new node one executor, choose "Only build jobs with label expressions matching this node" in usage, and give your project a unique label. Choose "Launch agent agents via SSH" in your launch method. Make your host localhost, and add your credentials (username and password) for logging into the machine you're using. Choose not to verify host keys, and select "Keep this agent online as much as possible" in availability, and save. You'll need to launch the agent.
现在去上班.在常规"选项卡中的配置"下,选中限制此作业的运行位置",然后输入该唯一标签.救.现在,您的工作应该以与命令行git完全相同的方式进行克隆.
Now go to your job. Under configure in the General tab, check "Restrict where this job can run" and enter that unique label. Save. Your job should now clone in precisely the same way as your command line git does.
这可以在Mac上运行,不确定Windows,但我认为它基本相同.
This works on Mac, not sure of windows, but I assume it is basically the same.
这篇关于Jenkins中的Git Clone和Personal Access Token永远闲置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
