Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47733

Add a withGit pipeline step that provides git credentials

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • git-plugin
    • None

      It would be nice if we had a withGit step that would pre-configure the git credentials from the current "scm" object and allows us to invoke git from the command line as follows:

      withGit {
         sh 'git fetch'
      }

      The step would rely on the same GIT_ASKPASS mechanism as used during a "standard" checkout.

       

        1. mktemp.groovy
          0.6 kB
        2. rmdir.groovy
          0.4 kB
        3. utils.groovy
          2 kB
        4. withGit.groovy
          3 kB

          [JENKINS-47733] Add a withGit pipeline step that provides git credentials

          Bertrand Renuart created issue -
          Mark Waite made changes -
          Assignee Original: Mark Waite [ markewaite ]
          Mark Waite made changes -
          Component/s New: git-plugin [ 15543 ]
          Component/s Original: git-client-plugin [ 17423 ]
          Nick Jones made changes -
          Link New: This issue is related to JENKINS-28335 [ JENKINS-28335 ]

          Thomas Ramé added a comment -

          Hi brenuart, I'm also looking for the easiest way to pull dependencies in private repositories... For now how do you manage using credentials with Git inside a pipeline? Do you use withCredentials(...) function?

           

          Thank you.

          Thomas Ramé added a comment - Hi brenuart , I'm also looking for the easiest way to pull dependencies in private repositories... For now how do you manage using credentials with Git inside a pipeline? Do you use withCredentials(...) function?   Thank you.

          Yes, we implemented our own withGit step in our shared library - see attached file. Feel free to use it/comment if you like

           

          Bertrand Renuart added a comment - Yes, we implemented our own withGit step in our shared library - see attached file. Feel free to use it/comment if you like  
          Bertrand Renuart made changes -
          Attachment New: withGit.groovy [ 43504 ]

          Thomas Ramé added a comment -

          brenuart thank you very much! It seems a more appropriate way than trying to inject a SSH key with sshagent(...).

           

          There is still one question about reusing the credentials: imagine the user "Thomas" creates a pipeline within Jenkins with his GitHub credentials to access the repository, to build my project I need to pull X dependencies with some from private repositories. If the user "Thomas" doesn't have access to all these private repositories it will fail... That's the same if "Thomas" leaves the company, we should delete all his pipelines and recreate them, no? The workaround I think about is either to use SSH key able to access all private repositories (that's why I was trying to use sshagent(...) ), or to create a dedicated "Jenkins" user to create new pipeline. With a dedicated user I'm sure it will persist over time and that it has access to all private repositories. Which way did you choose?

          (For your information: I'm using Jenkins Blue Ocean)

           

          By the way I have an error, during the execution it cannot find "mktemp". Here is the error:

          "No such DSL method 'mktemp' found among steps"

           

          Do you have a specific "global" library that imports the right tool? Maybe you already had this issue...

           

          Thank you,

          Thomas Ramé added a comment - brenuart thank you very much! It seems a more appropriate way than trying to inject a SSH key with sshagent(...).   There is still one question about reusing the credentials: imagine the user "Thomas" creates a pipeline within Jenkins with his GitHub credentials to access the repository, to build my project I need to pull X dependencies with some from private repositories. If the user "Thomas" doesn't have access to all these private repositories it will fail... That's the same if "Thomas" leaves the company, we should delete all his pipelines and recreate them, no? The workaround I think about is either to use SSH key able to access all private repositories (that's why I was trying to use sshagent(...) ), or to create a dedicated "Jenkins" user to create new pipeline. With a dedicated user I'm sure it will persist over time and that it has access to all private repositories. Which way did you choose? (For your information: I'm using Jenkins Blue Ocean)   By the way I have an error, during the execution it cannot find "mktemp". Here is the error: "No such DSL method 'mktemp' found among steps"   Do you have a specific "global" library that imports the right tool? Maybe you already had this issue...   Thank you,

          We are using the same 'jenkins' user to access all repositories and other remote resources - so we don't have the problem you describe... Can't help you much on that subject - sorry.

          Concerning `mktemp` it comes indeed from our shared global libraries - see the attached file.

          Bertrand Renuart added a comment - We are using the same 'jenkins' user to access all repositories and other remote resources - so we don't have the problem you describe... Can't help you much on that subject - sorry. Concerning `mktemp` it comes indeed from our shared global libraries - see the attached file.
          Bertrand Renuart made changes -
          Attachment New: mktemp.groovy [ 43509 ]

            Unassigned Unassigned
            brenuart Bertrand Renuart
            Votes:
            9 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated: