Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47733

Add a withGit pipeline step that provides git credentials

    XMLWordPrintable

Details

    • Improvement
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • git-plugin
    • None

    Description

      It would be nice if we had a withGit step that would pre-configure the git credentials from the current "scm" object and allows us to invoke git from the command line as follows:

      withGit {
   sh 'git fetch'
}

      The step would rely on the same GIT_ASKPASS mechanism as used during a "standard" checkout.

       

      Attachments

        1. mktemp.groovy
          0.6 kB
        2. rmdir.groovy
          0.4 kB
        3. utils.groovy
          2 kB
        4. withGit.groovy
          3 kB

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-28335 Pipeline step to run Git commands with credentials & tool

          • Major - Major loss of function.
          • In Review

          Activity

            Ascending order - Click to sort in descending order
            View 9 older comments
            markewaite Mark Waite added a comment -

            Closing as a duplicate of JENKINS-28335. Refer to the Google Summer of Code project idea proposing how JENKINS-28335 should be implemented.

            The project idea needs additional mentors and welcomes additional insights on corner cases that might not be covered by the proposed implementation.

            markewaite Mark Waite added a comment - Closing as a duplicate of JENKINS-28335 . Refer to the Google Summer of Code project idea proposing how JENKINS-28335 should be implemented. The project idea needs additional mentors and welcomes additional insights on corner cases that might not be covered by the proposed implementation.
            jglick Jesse Glick added a comment -

            markewaite while this is clearly related to JENKINS-28335, the current GSoC proposal would not offer a UX comparable to what was requested in this issue’s initial description.

            jglick Jesse Glick added a comment - markewaite while this is clearly related to JENKINS-28335 , the current GSoC proposal would not offer a UX comparable to what was requested in this issue’s initial description.
            markewaite Mark Waite added a comment - - edited

            Thanks for the insight jglick. You're correct. I didn't read carefully enough. This issue proposes to use the credentials from the scm global variable while the GSoC proposal would require that the Pipeline must provide the credentials ID to be used in the Pipeline step. I've reopened this issue .

            markewaite Mark Waite added a comment - - edited Thanks for the insight jglick . You're correct. I didn't read carefully enough. This issue proposes to use the credentials from the scm global variable while the GSoC proposal would require that the Pipeline must provide the credentials ID to be used in the Pipeline step. I've reopened this issue .
            b_deeming Bobs Ur Uncle added a comment -

            This gets most of the way there, albeit with more verbosity:

                            withCredentials([gitUsernamePassword(credentialsId: scm.getUserRemoteConfigs()[0].getCredentialsId())]) {
                    sh '''
                    git fetch
                    '''
                }
            b_deeming Bobs Ur Uncle added a comment - This gets most of the way there, albeit with more verbosity: withCredentials([gitUsernamePassword(credentialsId: scm.getUserRemoteConfigs()[0].getCredentialsId())]) { sh ''' git fetch ''' }
            jimklimov Jim Klimov added a comment -

            Thanks for the hint. This actually seems a bit safer than sticking a credential name into public Jenkisfiles (which someone else might try to abuse from their PR, etc.) Sure there are protections for PRs (who may change Jenkinsfile so its PRed code runs), folder-level credentials, etc. - but it is extra hassle and feels like an extra option for a security mistake.

            jimklimov Jim Klimov added a comment - Thanks for the hint. This actually seems a bit safer than sticking a credential name into public Jenkisfiles (which someone else might try to abuse from their PR, etc.) Sure there are protections for PRs (who may change Jenkinsfile so its PRed code runs), folder-level credentials, etc. - but it is extra hassle and feels like an extra option for a security mistake.

            People

              Unassigned Unassigned
              brenuart Bertrand Renuart
              Votes:
              9 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated: