如何在github组织Jenkins工作流中签出ssh remote并在Jenkinsfile中使用ssh凭证 [英] How to checkout ssh remote in github organization Jenkins workflow and use ssh credentials in Jenkinsfile
问题描述
我在jenkins中有一个 Github组织
项目。在我的仓库的根目录下,我的 Jenkinsfile
看起来像这样:
节点{
def jenkinsCredsId ='xxxxxxxx-yyyy-zzzz-aaaa -bbbbbbbbbbbb'
stage'Checkout'
checkout scm
//我也尝试了以下内容:
// checkout scm:[$ class:'GitSCM',source:'ssh://git@github.com:MY_ORGANISATION / jenkins-testing-temp。 git',clean:true,credentialsId:jenkinsCredsId]
stage'Build'
//产生一些artefact(dist.zip)
stage'Release'
sshagent([jenkinsCredsId]){
sh'''
git remote -v //显示远程
ssh-add -l //显示当前加载的ssh密钥指纹
git fetch --all --tags // IT故障在这里
CURRENT_BUILD_TAG =some_build / $ {BUILD_NUMBER}
git tag $ {CURRENT_BUILD_TAG}
git push --tags
github-release版本\\
--security-token $ {GITHUB_RELEASE_TOKEN} \
--user MY_ORGANIZATION \
--repo MY_REPO \
--tag $ {CURRENT_BUILD_TAG} \
--name $ {CURRENT_BUILD_TAG}
github-release upload \
--security-token $ {GITHUB_RELEASE_TOKEN} \
--user MY_ORGANIZATION \
--repo MY_REPO \
--tag $ {CURRENT_BUILD_TAG} \
--name $ {CURRENT_BUILD_TAG} \
- 文件dist.zip
' ''
}
这里有几行代码用于测试版本库访问权限,它目前在 git fetch
部分上失败,并显示以下错误:
fatal:无法读取'
tag- a-repo-from-a-jenkins-workflow-script
解决方案事实证明,
Github组织
项目仅为扫描凭证
使用https凭证(如上图所示)。
解决方案是按
高级
按钮,并实际选择ssh code>结账凭证
下拉菜单,而不是默认的- 与扫描凭证相同 -
。 p>
$ b
请注意,使用星号的凭证是用户名/密码(用户名/密码)密码条目,这就是我发现问题的方法。
这样,
checkout scm
将会使用ssh,sshagent([jenkinsCredsId]){
块将按预期工作,让您根据自己的权利创建标签,获取和推送。 :)I have a
Github Organisation
item in jenkins. On the root of my repository, myJenkinsfile
looks something like this:node { def jenkinsCredsId = 'xxxxxxxx-yyyy-zzzz-aaaa-bbbbbbbbbbbb' stage 'Checkout' checkout scm // I also tried the following: // checkout scm: [$class: 'GitSCM', source: 'ssh://git@github.com:MY_ORGANISATION/jenkins-testing-temp.git', clean: true, credentialsId: jenkinsCredsId] stage 'Build' // generate some artefact (dist.zip) stage 'Release' sshagent([jenkinsCredsId]) { sh ''' git remote -v // show remotes ssh-add -l // show currently loaded ssh keys fingerprints git fetch --all --tags // IT FAILS HERE CURRENT_BUILD_TAG="some_build/${BUILD_NUMBER}" git tag ${CURRENT_BUILD_TAG} git push --tags github-release release \ --security-token ${GITHUB_RELEASE_TOKEN} \ --user MY_ORGANIZATION \ --repo MY_REPO \ --tag ${CURRENT_BUILD_TAG} \ --name ${CURRENT_BUILD_TAG} github-release upload \ --security-token ${GITHUB_RELEASE_TOKEN} \ --user MY_ORGANIZATION \ --repo MY_REPO \ --tag ${CURRENT_BUILD_TAG} \ --name ${CURRENT_BUILD_TAG} \ --file dist.zip ''' }
There's a few lines for testing repository access in here and it's currently failing on the
git fetch
part with the following error:fatal: could not read Username for 'https://github.com': No such device or address
The
git remote -v
command from the aboveJenkinsfile
outputs something likeorigin https://github.com/MY_ORGANIZATION/MY_REPO
.My
Github Organization
git configuration looks like this:I found a few related questions:
解决方案It turns out that the
Github Organization
item only uses https credentials for theScan credentials
(like the picture above).The solution was to hit
Advanced
button, and to actually select assh
credential in theCheckout credentials
dropdown instead of the default- Same as scan credentials -
.Note that credentials with stars are user/password entries, that's how I found the problem.
This way, the
checkout scm
will use ssh instead and thesshagent([jenkinsCredsId]) {
block will work as expected, letting you create tags, fetch and push according to your rights. :)这篇关于如何在github组织Jenkins工作流中签出ssh remote并在Jenkinsfile中使用ssh凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!