Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47531

git-lfs: allow specifying separate credentials

    • Icon: Improvement Improvement
    • Resolution: Won't Do
    • Icon: Minor Minor
    • git-plugin
    • None
    • Jenkins ver. 2.73.2
      Git plugin ver. 3.6.0

      I have a git repo, which itself is located on ssh:// remote, but whose [lfs] url points to https:// address.

      When I try to check it out, Jenkins job gets stuck at
      using GIT_SSH to set credentials
      > git lfs pull origin
      command. When I run it manually, I see that it is interactively asking for username and password. I don't see any additional settings for "Git LFS pull after checkout" behavior, so I wonder if it would be possible to allow specifying credentials there?

          [JENKINS-47531] git-lfs: allow specifying separate credentials

          mephi42 created issue -
          Mark Waite made changes -
          Assignee Original: Mark Waite [ markewaite ]

          Mark Waite added a comment -

          I think this is an uncommon use case. The git lfs implementation and documentation focuses on the https access path. I'm unlikely to spend any time adding this use case unless it becomes much more widely used.

          Mark Waite added a comment - I think this is an uncommon use case. The git lfs implementation and documentation focuses on the https access path. I'm unlikely to spend any time adding this use case unless it becomes much more widely used.

          mephi42 added a comment -

          In my case git lfs is on https server.

          I think my problem is that I need two sets of credentials in order to do the clone:

          • ssh public key to get git objects (which I can specify in Repositories->Credentials)
          • https password to get lfs blobs

          mephi42 added a comment - In my case git lfs is on https server. I think my problem is that I need two sets of credentials in order to do the clone: ssh public key to get git objects (which I can specify in Repositories->Credentials) https password to get lfs blobs

          Tristan Bull added a comment -

          markewaite I am having the same issue, and I would just like to add my 2 cents. I do not think this is as uncommon as you might think. IMO, this is not related to SSH vs HTTPS. The issue is that (as far as I can tell) there is no way to have separate credentials for your git repo and LFS repo. I think this is a common use case for anyone who hosts their LFS files outside of github. In our case, we have our source code in github and our LFS files on a self-hosted nexus server. GitHub uses github credentials (obviously) while LFS authenticates against our LDAP server.

          Tristan Bull added a comment - markewaite I am having the same issue, and I would just like to add my 2 cents. I do not think this is as uncommon as you might think. IMO, this is not related to SSH vs HTTPS. The issue is that (as far as I can tell) there is no way to have separate credentials for your git repo and LFS repo. I think this is a common use case for anyone who hosts their LFS files outside of github. In our case, we have our source code in github and our LFS files on a self-hosted nexus server. GitHub uses github credentials (obviously) while LFS authenticates against our LDAP server.

          mephi42 added a comment -

          I have implemented this functionality here:

          https://github.com/mephi42/git-client-plugin/commits/lfs-credentials

          https://github.com/mephi42/git-plugin/commits/lfs-credentials

          The patches are not that big or intrusive. The code works in my environment.

          markewaite, do you think it is acceptable to put this functionality into Jenkins git plugins? If yes, I can submit pull requests.

          mephi42 added a comment - I have implemented this functionality here: https://github.com/mephi42/git-client-plugin/commits/lfs-credentials https://github.com/mephi42/git-plugin/commits/lfs-credentials The patches are not that big or intrusive. The code works in my environment. markewaite , do you think it is acceptable to put this functionality into Jenkins git plugins? If yes, I can submit pull requests.

          Mark Waite added a comment -

          mephi42 that change will need a review by stephenconnolly. The plan is to eventually update the credentials implementation in the git plugin to use the latest credentials API. I wouldn't want to bring this change into the plugins if we'll then need to remove it or revert it in the transition to the most recent credentials API.

          stephenconnolly, your comments?

          Mark Waite added a comment - mephi42 that change will need a review by stephenconnolly . The plan is to eventually update the credentials implementation in the git plugin to use the latest credentials API. I wouldn't want to bring this change into the plugins if we'll then need to remove it or revert it in the transition to the most recent credentials API. stephenconnolly , your comments?

          The git-client changes seem ok to me... I need to look at the git plugin changes

          Stephen Connolly added a comment - The git-client changes seem ok to me... I need to look at the git plugin changes

          The git-plugin changes are “close but no cigar”

          There’s some tweaks I’d like to see before i’d be Ok with merging the git-plugin changes. Probably better expressed by comments on a PR rather than on this ticket

          Stephen Connolly added a comment - The git-plugin changes are “close but no cigar” There’s some tweaks I’d like to see before i’d be Ok with merging the git-plugin changes. Probably better expressed by comments on a PR rather than on this ticket

          Mark Waite added a comment -

          mephi42 Stephen's review is enough to encourage a pull request to the git client plugin and the git plugin.

          Mark Waite added a comment - mephi42 Stephen's review is enough to encourage a pull request to the git client plugin and the git plugin.

            Unassigned Unassigned
            mephi42 mephi42
            Votes:
            8 Vote for this issue
            Watchers:
            20 Start watching this issue

              Created:
              Updated:
              Resolved: