I am trying to supply a parameter as the credentialId under the git step of my workflow. I define the following variables as environment variables in my job folder:
stashProject=ssh://git@stash.finra.org:7999/rpt
gitProdCredential=289b9074-c29a-463d-a793-6e926174066c
I have the following lines my inline Groovy CPS DSL workflow script:
sh 'echo retrieving code using credential: ${gitProdCredential}'
git url: '${stashProject}/etl.git', credentialsId: '${gitProdCredential}', branch: 'feature/workflow'
You can see that the variables are being evaluated properly as the gitProdCredential is echo'd and the git retrieval does attempt to get from my correct URL, based on the following output:
retrieving code using credential: 289b9074-c29a-463d-a793-6e926174066c hudson.plugins.git.GitException: Failed to fetch from ssh://git@stash.finra.org:7999/rpt/etl.git stderr: Permission denied (publickey).
But you can also see it is not authenticating properly. If, however, I hardcode the gitProdCredential like so
git url:'${stashProject}/etl', credentialId: '289b9074-c29a-463d-a793-6e926174066c', branch: 'feature/workflow'
It runs just fine and clones my repo. So somehow the credentialId variable isn't being evaluated correctly in the git DSL function properly, even though it appears to be in the rest of the workflow. Please advise if I'm missing something.
答案 0 :(得分:2)
This is mainly a Groovy issue.
'${gitProdCredential}'
is a literal string with the text ${gitProdCredential}. Probably you meant
"${gitProdCredential}"
or more simply just
gitProdCredential
since there is no point creating a string expression which interpolates a (String-valued) expression and includes nothing else. In this case however the variable is not a Groovy variable but an environment variable, so you needed to use
env.gitProdCredential
You were probably misled by the fact that
sh 'echo retrieving code using credential: ${gitProdCredential}'
works. But this works only because it is running a Bourne shell script
echo retrieving code using credential: ${gitProdCredential}
and this shell happens to allow environment variables to be expanded using a syntax similar to that which Groovy uses in GString.
As to the incidental expansion of '${stashProject}/etl.git', this is apparently happening in the Git plugin, and is arguably a bug (values passed from a Workflow script should be used as is): some Jenkins plugins expand environment variables in configuration inputs, again using a syntax similar to that used by Groovy.
In summary, what you meant to write was
git url: "${env.stashProject}/etl.git", credentialsId: env.gitProdCredential, branch: 'feature/workflow'
By the way, when using sufficiently new versions of the Credentials plugin, when creating a new credentials item (but not thereafter) you can click the Advanced button to specify a mnemonic ID, which makes working with scripted projects like Workflow more pleasant.