如何在github组织Jenkins工作流中签出ssh remote并在Jenkinsfile中使用ssh凭证 [英] How to checkout ssh remote in github organization Jenkins workflow and use ssh credentials in Jenkinsfile

问题描述

我在jenkins中有一个 Github组织项目。在我的仓库的根目录下，我的 Jenkinsfile 看起来像这样：

 节点{
 
 def jenkinsCredsId ='xxxxxxxx-yyyy-zzzz-aaaa -bbbbbbbbbbbb'
 
 stage'Checkout'
 checkout scm 
 //我也尝试了以下内容：
 // checkout scm：[$ class：'GitSCM'，source：'ssh：//git@github.com：MY_ORGANISATION / jenkins-testing-temp。 git'，clean：true，credentialsId：jenkinsCredsId] 
 
 stage'Build'
 //产生一些artefact（dist.zip）
 
 stage'Release'
 
 sshagent（[jenkinsCredsId]）{
 sh'''
 git remote -v //显示远程
 ssh-add -l //显示当前加载的ssh密钥指纹
 
 git fetch --all --tags // IT故障在这里
 
 CURRENT_BUILD_TAG =some_build / $ {BUILD_NUMBER}
 git tag $ {CURRENT_BUILD_TAG} 
 
 git push --tags 
 
 github-release版本\\ 
 --security-token $ {GITHUB_RELEASE_TOKEN} \ 
 --user MY_ORGANIZATION \ 
 --repo MY_REPO \ 
 --tag $ {CURRENT_BUILD_TAG} \ 
 --name $ {CURRENT_BUILD_TAG} 
 
 github-release upload \ 
 --security-token $ {GITHUB_RELEASE_TOKEN} \ 
 --user MY_ORGANIZATION \ 
 --repo MY_REPO \ 
 --tag $ {CURRENT_BUILD_TAG} \ 
 --name $ {CURRENT_BUILD_TAG} \ 
  - 文件dist.zip 
' ''
} 
  

这里有几行代码用于测试版本库访问权限，它目前在 git fetch 部分上失败，并显示以下错误：

fatal：无法读取'

tag- a-repo-from-a-jenkins-workflow-script

解决方案

事实证明， Github组织项目仅为扫描凭证使用https凭证（如上图所示）。

解决方案是按高级按钮，并实际选择 ssh code>结账凭证下拉菜单，而不是默认的 - 与扫描凭证相同 - 。 p>

$ b

请注意，使用星号的凭证是用户名/密码（用户名/密码）密码条目，这就是我发现问题的方法。

这样， checkout scm 将会使用ssh， sshagent（[jenkinsCredsId]）{块将按预期工作，让您根据自己的权利创建标签，获取和推送。 ：）

I have a Github Organisation item in jenkins. On the root of my repository, my Jenkinsfile looks something like this:

node {

  def jenkinsCredsId = 'xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb'

  stage 'Checkout'
  checkout scm
  // I also tried the following:
  // checkout scm: [$class: 'GitSCM', source: 'ssh://git@github.com:MY_ORGANISATION/jenkins-testing-temp.git', clean: true, credentialsId: jenkinsCredsId]

  stage 'Build'
  // generate some artefact (dist.zip)

  stage 'Release'

  sshagent([jenkinsCredsId]) {
    sh '''
    git remote -v // show remotes
    ssh-add -l // show currently loaded ssh keys fingerprints

    git fetch --all --tags // IT FAILS HERE

    CURRENT_BUILD_TAG="some_build/${BUILD_NUMBER}"
    git tag ${CURRENT_BUILD_TAG}

    git push --tags

    github-release release \
    --security-token ${GITHUB_RELEASE_TOKEN} \
    --user MY_ORGANIZATION \
    --repo MY_REPO \
    --tag ${CURRENT_BUILD_TAG} \
    --name ${CURRENT_BUILD_TAG}

    github-release upload \
    --security-token ${GITHUB_RELEASE_TOKEN} \
    --user MY_ORGANIZATION \
    --repo MY_REPO \
    --tag ${CURRENT_BUILD_TAG} \
    --name ${CURRENT_BUILD_TAG} \
    --file dist.zip
    '''
  }

There's a few lines for testing repository access in here and it's currently failing on the git fetch part with the following error:

fatal: could not read Username for 'https://github.com': No such device or address

The git remote -v command from the above Jenkinsfile outputs something like origin https://github.com/MY_ORGANIZATION/MY_REPO.

My Github Organization git configuration looks like this:

I found a few related questions:

• how-to-use-ssh-keys-with-jenkins-workflow-plugin
• tag-a-repo-from-a-jenkins-workflow-script

解决方案

It turns out that the Github Organization item only uses https credentials for the Scan credentials (like the picture above).

The solution was to hit Advanced button, and to actually select a ssh credential in the Checkout credentials dropdown instead of the default - Same as scan credentials -.

Note that credentials with stars are user/password entries, that's how I found the problem.

This way, the checkout scm will use ssh instead and the sshagent([jenkinsCredsId]) { block will work as expected, letting you create tags, fetch and push according to your rights. :)

这篇关于如何在github组织Jenkins工作流中签出ssh remote并在Jenkinsfile中使用ssh凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！