Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28335

Step to run Git commands w/ credentials & tool (was: GitPublisher support)

    Details

    • Similar Issues:

      Description

      It would be nice to be able to use the GitPublisher inside a workflow as it is possible in other jobs.

      This requires the plugin to be upgrade to Jenkins core 1.580.1+, to implement the jenkins.tasks.SimpleBuildStep in GitPublisher

        Attachments

          Issue Links

            Activity

            Hide
            drdamour chirs damour added a comment - - edited

            we had been using the sshagent workaround, but recently changed to using the "Checkout over SSH" git scm custom behaviour.  This made the sshagent wrapper unecessary in the scripts (i'm guessing cause it basically wraps your whole pipeline as such..kind of). Not sure how portable this is to windows or non git environments but was easier for us.

            Also to control the commit/author email was used the Custom user name/e-mail address custom behaviour

            Show
            drdamour chirs damour added a comment - - edited we had been using the sshagent workaround, but recently changed to using the "Checkout over SSH" git scm custom behaviour.  This made the sshagent wrapper unecessary in the scripts (i'm guessing cause it basically wraps your whole pipeline as such..kind of). Not sure how portable this is to windows or non git environments but was easier for us. Also to control the commit/author email was used the  Custom user name/e-mail address  custom behaviour
            Hide
            matthiesenj Jesper Matthiesen added a comment - - edited

            I'm trying to get a post-build git push --tags to work on windows using user/pass with jenkins credentials outside of pipeline/workflow. The git plugin fetches from a remote private repo this way without problems, but I can't get authentication to work when invoking git through windows batch, or groovy as suggested in https://issues.jenkins-ci.org/browse/JENKINS-28335?focusedCommentId=258095&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-258095 above. Shouldn't git operations through the git client in groovy work, if things like fetch, performed by the git plugin, work?

            When fetching, 'using GIT_ASKPASS to set credentials' is printed in the console, but when I try to tag, it isn't, so maybe that's a hint?

             Failing push:

            using credential dd64d000-6f87-4271-90dd-58babca8bb5e
            > git.exe --version # timeout=10
            > git.exe push origin --tags
            ERROR: Failed to evaluate groovy script.
            hudson.plugins.git.GitException: Command "git.exe push origin --tags" returned status code 128:
            stdout: 
            stderr: remote: Invalid username or password
            fatal: Authentication failed for 'https://name@bitbucket.org/.../...git/' 
            Show
            matthiesenj Jesper Matthiesen added a comment - - edited I'm trying to get a post-build git push --tags to work on windows using user/pass with jenkins credentials outside of pipeline/workflow. The git plugin fetches from a remote private repo this way without problems, but I can't get authentication to work when invoking git through windows batch, or groovy as suggested in https://issues.jenkins-ci.org/browse/JENKINS-28335?focusedCommentId=258095&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-258095 above. Shouldn't git operations through the git client in groovy work, if things like fetch, performed by the git plugin, work? When fetching, 'using GIT_ASKPASS to set credentials' is printed in the console, but when I try to tag, it isn't, so maybe that's a hint?  Failing push: using credential dd64d000-6f87-4271-90dd-58babca8bb5e > git.exe --version # timeout=10 > git.exe push origin --tags ERROR: Failed to evaluate groovy script. hudson.plugins.git.GitException: Command "git.exe push origin --tags" returned status code 128: stdout: stderr: remote: Invalid username or password fatal: Authentication failed for 'https: //name@bitbucket.org/.../...git/'
            Hide
            medianick Nick Jones added a comment -

            Jesper Matthiesen, perhaps my answer at https://stackoverflow.com/a/37753202/466874 might help with the authentication specifically? With Git configured as I noted in that answer (basically, disabling the credential.helper), we're using the git CLI successfully on Windows agents to push tags, branches, etc.. After configuring Git this way, the steps we do are 1) bind the Git credentials (to make them available as username/password environment variables), 2) use the https://USERNAME:PASSWORD@URL syntax when pushing anything back to GitHub (e.g., https://foo:bar@github.com/MyRepository).

            Show
            medianick Nick Jones added a comment - Jesper Matthiesen , perhaps my answer at https://stackoverflow.com/a/37753202/466874 might help with the authentication specifically? With Git configured as I noted in that answer (basically, disabling the credential.helper), we're using the git CLI successfully on Windows agents to push tags, branches, etc.. After configuring Git this way, the steps we do are 1) bind the Git credentials (to make them available as username/password environment variables), 2) use the https://USERNAME:PASSWORD@URL syntax when pushing anything back to GitHub (e.g., https://foo:bar@github.com/MyRepository ).
            Hide
            matthiesenj Jesper Matthiesen added a comment -

            Nick Jones I've now made it work by converting the job to pipeline and using the withCredentials directive, thereby injecting the credentials into the url myself. I never found a way to access the credentials to do the same with my previous freestyle project.

            But what I don't understand is why we must do this credential fetching and url massaging ourselves, i.e. why for instance Sverre Moe's example using the GitClient class directly doesn't (seem to) work.

            Show
            matthiesenj Jesper Matthiesen added a comment - Nick Jones I've now made it work by converting the job to pipeline and using the  withCredentials directive, thereby injecting the credentials into the url myself. I never found a way to access the credentials to do the same with my previous freestyle project. But what I don't understand is why we must do this credential fetching and url massaging ourselves, i.e. why for instance Sverre Moe 's example using the GitClient class directly doesn't (seem to) work.
            Hide
            michaelbeaumont Michael Beaumont added a comment - - edited

            I think I've come up with a good workaround. We can set the following at the beginning of our build (declarative pipeline in a Github organization):

            sh 'git config --local credential.helper "!p() { echo username=\\$GIT_USERNAME; echo password=\\$GIT_PASSWORD; }; p"'
            

            See git credential helpers

             

            Then, when we want to use the credentials we can use a block like the following: 

            sh 'git tag -m "" ${VERSION_NUMBER}'
            withCredentials([
              usernamePassword(credentialsId: 'github', usernameVariable: 'GIT_USERNAME', passwordVariable: 'GIT_PASSWORD')
            ]) {
              sh 'git push origin ${VERSION_NUMBER}'
            }
            

            This way we don't have to even repeat the URL for the origin remote, which is already set. 

            Show
            michaelbeaumont Michael Beaumont added a comment - - edited I think I've come up with a good workaround. We can set the following at the beginning of our build (declarative pipeline in a Github organization): sh 'git config --local credential.helper "!p() { echo username=\\$GIT_USERNAME; echo password=\\$GIT_PASSWORD; }; p" ' See git credential helpers   Then, when we want to use the credentials we can use a block like the following:  sh 'git tag -m "" ${VERSION_NUMBER}' withCredentials([ usernamePassword(credentialsId: 'github' , usernameVariable: 'GIT_USERNAME' , passwordVariable: 'GIT_PASSWORD' ) ]) { sh 'git push origin ${VERSION_NUMBER}' } This way we don't have to even repeat the URL for the origin remote, which is already set. 

              People

              • Assignee:
                Unassigned
                Reporter:
                alecharp Adrien Lecharpentier
              • Votes:
                133 Vote for this issue
                Watchers:
                138 Start watching this issue

                Dates

                • Created:
                  Updated: