Jenkins Shared Library (JSL Plugin) checkout behind proxy for ssh use case.
Our environment currently enforces all traffic to the web to be proxied, including ssh traffic. As such in this environment normally I need to use netcat to forward the ssh traffic to the proxy host. Below is typically what the ssh_config file would look like:
In our pipelines to use git, we pass in the above config as a managed file assigned as $SSH_CONFIG, along with some git credentials assigned to $IDENTITY_FILE and then setup the GIT_SSH var so the git binary will know how to use the ssh proxy when encountering the ssh://git url. seebelow:
Then I'm allowed to checkout a repo like normal
Additional note about about our use case.
HTTPS_PROXY is allowed here, however our repos are behind an okta mfa verify wall. And each git transaction is forced to be attached to a mobile device somewhere thus using this method in any git workflow is terrible and cumbersome especially in CI... We bypass this with ssh and ssh keys.
When I try to put the config file in the master, at a known location (because currently I can not find a way to pass in a managed file or config file into the JSL Plugin), and set the global var for GIT_SSH to the executable, and set the global tool for git, to the git binary. When using the global shared library in Jenkins -> Manage -> Configure. In the build when calling the library key, my GIT_SSH var is overridden by the plugin for the global library when calling the ssh keys needed for the git transaction. see below:
I would very much like to use the Global Shared Library plugin instead of checking out the library in each build manually and instantiating the library context inside each builds node context causing me to repeat code vs just a call to the library key.
Thanks for any input that can be made.