Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47531

git-lfs: allow specifying separate credentials

    • Icon: Improvement Improvement
    • Resolution: Won't Do
    • Icon: Minor Minor
    • git-plugin
    • None
    • Jenkins ver. 2.73.2
      Git plugin ver. 3.6.0

      I have a git repo, which itself is located on ssh:// remote, but whose [lfs] url points to https:// address.

      When I try to check it out, Jenkins job gets stuck at
      using GIT_SSH to set credentials
      > git lfs pull origin
      command. When I run it manually, I see that it is interactively asking for username and password. I don't see any additional settings for "Git LFS pull after checkout" behavior, so I wonder if it would be possible to allow specifying credentials there?

          [JENKINS-47531] git-lfs: allow specifying separate credentials

          Patrick Lang added a comment - - edited

          I'm trying to revive this. I started from the past PR and addressed some feedback but it's not working quite yet. I'm using LFS on Artifactory, so I need a different credential supplied

          https://github.com/patricklangsonos/git-plugin/tree/git-4.2.2/JENKINS-47531

          This is currently branched from the 4.2.2 tag because I wanted to test the change in isolation without moving to the 4.3+ codebase. Once I'm happy with it I'll squash it and get a PR open against master.

          Patrick Lang added a comment - - edited I'm trying to revive this. I started from the past PR and addressed some feedback but it's not working quite yet. I'm using LFS on Artifactory, so I need a different credential supplied https://github.com/patricklangsonos/git-plugin/tree/git-4.2.2/JENKINS-47531 This is currently branched from the 4.2.2 tag because I wanted to test the change in isolation without moving to the 4.3+ codebase. Once I'm happy with it I'll squash it and get a PR open against master.

          Patrick Lang added a comment -

          Patrick Lang added a comment - PR open  https://github.com/jenkinsci/git-plugin/pull/930

          Patrick Lang added a comment -

          If anyone wants to test this on a branch other than 4.2.2 or master - it should be pretty easy to cherry-pick the code from my PR to the needed branch. The files I modified haven't changed much if at all since 4.2.2 until now.

          Patrick Lang added a comment - If anyone wants to test this on a branch other than 4.2.2 or master - it should be pretty easy to cherry-pick the code from my PR to the needed branch. The files I modified haven't changed much if at all since 4.2.2 until now.

          Patrick Lang added a comment -

          I've had a PR open 29 days - is there anything I can do to help move this along?

          Patrick Lang added a comment - I've had a PR open 29 days - is there anything I can do to help move this along?

          Mark Waite added a comment -

          If you can provide a publicly accessible LFS test repository that requires separate credentials, that would be a great help. I have no way to test your proposed code change. The only Git LFS implementations available to me are from providers like GitHub and Bitbucket. They don't require a separate credential, so I am unable to test your proposed change. I'm hesitant to accept code changes that I can't test.

          I'm reviewing the git plugin performance improvement project for Google Summer of Code and will likely not get to this proposal until after Google Summer of Code has completed in September.

          Mark Waite added a comment - If you can provide a publicly accessible LFS test repository that requires separate credentials, that would be a great help. I have no way to test your proposed code change. The only Git LFS implementations available to me are from providers like GitHub and Bitbucket. They don't require a separate credential, so I am unable to test your proposed change. I'm hesitant to accept code changes that I can't test. I'm reviewing the git plugin performance improvement project for Google Summer of Code and will likely not get to this proposal until after Google Summer of Code has completed in September.

          Patrick Lang added a comment -

          Is your CI setup capable of running Docker containers or if not, do the build agents have golang set up? It looks like there may be some test servers that could be used locally.

          Patrick Lang added a comment - Is your CI setup capable of running Docker containers or if not, do the build agents have golang set up? It looks like there may be some test servers that could be used locally.

          Mark Waite added a comment -

          I'm able to run Docker containers in my working environment.

          Agents do not have golang configured.

          Mark Waite added a comment - I'm able to run Docker containers in my working environment. Agents do not have golang configured.

          Keith Hoopes added a comment -

          You can easily test this with a free artifactory cloud account, or with a 30 day trial for self hosting.

          [Pricing | JFrog|https://jfrog.com/pricing/#sass]

           

           

          Keith Hoopes added a comment - You can easily test this with a free artifactory cloud account, or with a 30 day trial for self hosting. [Pricing | JFrog|https://jfrog.com/pricing/#sass]    

          My team is also encountering issues with this.  Our setup involves GitHub Enterprise offloading LFS artifacts to Nexus (which uses username/password credentials).  Since Git has removed the ability to use username/password pairs for cloning via HTTPS, we have had to shift to using personal access tokens (which will not work with Nexus).

          Is there any intention to ultimately resolve this issue?  I can see that this issue has been open for some 5 years now, with the repeated mention that public accessible LFS test repositories are needed to prove-out the change.  Can these not be created/leveraged to do so?

          Michael Donahue added a comment - My team is also encountering issues with this.  Our setup involves GitHub Enterprise offloading LFS artifacts to Nexus (which uses username/password credentials).  Since Git has removed the ability to use username/password pairs for cloning via HTTPS, we have had to shift to using personal access tokens (which will not work with Nexus). Is there any intention to ultimately resolve this issue?  I can see that this issue has been open for some 5 years now, with the repeated mention that public accessible LFS test repositories are needed to prove-out the change.  Can these not be created/leveraged to do so?

          Mark Waite added a comment -

          mdonah10 I don't intend to make any code change to resolve this issue. Advanced use cases like this one are best satisfied by using the git credentials binding that has been included in git plugin 4.8.0 and later.

          The git credentials binding technique allows users to wrap arbitrary shell commands (and bat commands and powershell commands) with git authentication settings. If that technique does not work for this case, I'd be interested to improve the documentation and/or the plugin to make withCredentials better support this use case. I'm not willing to add more options to the git plugin in order to allow separate credentials for git LFS.

          Mark Waite added a comment - mdonah10 I don't intend to make any code change to resolve this issue. Advanced use cases like this one are best satisfied by using the git credentials binding that has been included in git plugin 4.8.0 and later. The git credentials binding technique allows users to wrap arbitrary shell commands (and bat commands and powershell commands) with git authentication settings. If that technique does not work for this case, I'd be interested to improve the documentation and/or the plugin to make withCredentials better support this use case. I'm not willing to add more options to the git plugin in order to allow separate credentials for git LFS.

            Unassigned Unassigned
            mephi42 mephi42
            Votes:
            8 Vote for this issue
            Watchers:
            20 Start watching this issue

              Created:
              Updated:
              Resolved: