在jenkins文件中使用Jenkins商店的凭据
我在詹金斯做了一个多分支管道项目。我需要使用两个存储库,并且都需要凭据。
我在repository1中创建了一个Jenkins文件:
node ('label1'){
stage 'sanity check'
sh 'echo sanity check'
stage 'checkout other repository'
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'https://BRNTZN@bitbucket.org/BRNTZN/repository2.git'],[credentialsId:'23b2eed1-2863-49d5-bc7b-bcccb9ad914d']]
])
stage 'log results'
sh 'echo result = OK'
}
当我将此文件推送到repository1的分支并启动构建时,我在Jenkins中收到以下错误:
Branch indexing
Setting origin to https://BRNTZN@bitbucket.org/BRNTZN/repository1.git
Fetching origin...
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://BRNTZN@bitbucket.org/BRNTZN/repository1.git # timeout=10
Fetching upstream changes from https://BRNTZN@bitbucket.org/BRNTZN/repository1.git
> git --version # timeout=10
using .gitcredentials to set credentials
> git config --local credential.username BRNTZN # timeout=10
> git config --local credential.helper store --file=/tmp/git1367320661933193799.credentials # timeout=10
> git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
> git config --local --remove-section credential # timeout=10
Checking out Revision d997a29e9d1f639d56eb425ec00e03309e099c7a (jenkinsfilebranch1)
> git config core.sparsecheckout # timeout=10
> git checkout -f d997a29e9d1f639d56eb425ec00e03309e099c7a
> git rev-list f81d0d366fd751857a2640c587817f4d047a15af # timeout=10
[Pipeline] node
Running on jenkins agent (i-07353fc08cb42f10e) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://BRNTZN@bitbucket.org/BRNTZN/repository2.git # timeout=10
Fetching upstream changes from https://BRNTZN@bitbucket.org/BRNTZN/repository2.git
> git --version # timeout=10
> git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://BRNTZN@bitbucket.org/BRNTZN/repository2.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:52)
at hudson.security.ACL.impersonate(ACL.java:213)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: remote: Invalid username or password. If you log in via a third party service you must ensure you have an account password set in your account profile.
fatal: Authentication failed for 'https://BRNTZN@bitbucket.org/BRNTZN/repository2.git/'
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:152)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:145)
at hudson.remoting.UserRequest.perform(UserRequest.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:50)
at hudson.remoting.Request$2.run(Request.java:332)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
at ......remote call to jenkins agent (i-07353fc08cb42f10e)(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
at hudson.remoting.Channel.call(Channel.java:781)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy75.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
凭据应该是正确的:
在自由式项目中使用该存储库的凭据不会产生任何错误:
更新
我使用SSH凭据创建了一个自由式项目,并将该公钥添加到我的Bitbucket帐户以测试我是否可以使SSH工作:
这有效:
Started by user admin
Building remotely on jenkins agent (i-039385e75b60d70f7) (label1) in workspace /var/jenkins/workspace/gitcredentials test
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository2.git
> git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 1d51064143e7337cbc0b1910918166facc9c2330 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f 1d51064143e7337cbc0b1910918166facc9c2330
First time build. Skipping changelog.
Finished: SUCCESS
但是,以下列方式更新jenkins文件时:
node ('label1'){
stage 'sanity check'
sh 'echo sanity check'
stage 'checkout other repository'
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])
stage 'log results'
sh 'echo result = OK'
}
我仍然得到同样的错误:
Started by user admin
Setting origin to git@bitbucket.org:BRNTZN/repository1.git
Fetching origin...
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository1.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository1.git
> git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
Checking out Revision 29fc47911827d829f5abe9456bd8df78bc478fe7 (jenkinsfilebranch1)
> git config core.sparsecheckout # timeout=10
> git checkout -f 29fc47911827d829f5abe9456bd8df78bc478fe7
> git rev-list 29fc47911827d829f5abe9456bd8df78bc478fe7 # timeout=10
[Pipeline] node
Running on jenkins agent (i-039385e75b60d70f7) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository2.git
> git --version # timeout=10
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@bitbucket.org:BRNTZN/repository2.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:52)
at hudson.security.ACL.impersonate(ACL.java:213)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:152)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:145)
at hudson.remoting.UserRequest.perform(UserRequest.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:50)
at hudson.remoting.Request$2.run(Request.java:332)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
at ......remote call to jenkins agent (i-039385e75b60d70f7)(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
at hudson.remoting.Channel.call(Channel.java:781)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at sun.reflect.GeneratedMethodAccessor1180.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy75.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
4 个答案:
答案 0 :(得分:23)
您的GitSCM类实例化不正确。您已经创建了两个UserRemoteConfig对象 - 一个URL为' git@bitbucket.org:BRNTZN / repository2.git'还有一个凭证为jenkinsmaster'。相反,您需要一个具有两个属性的对象。
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])
应该是:
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git',credentialsId:'jenkinsmaster']]
])
注意" userRemoteConfigs"中的逗号周围没有括号。在第二种情况下的部分。
我刚遇到同样的问题,并将一个Eclipse调试器连接到Jenkins以找到问题。
请参阅 git-plugin GitSCM does not support ssh credentials when using checkout in a Jenkinsfile (45007)。
答案 1 :(得分:5)
我遇到了完全相同的问题:使用自由式项目中的凭据结帐工作正常,在shell中签出(因为jenkins用户)工作正常,并且管道中的结帐失败。我已将Jenkins +插件更新到最新版本。
我终于设法通过在/var/lib/jenkins/.ssh/id_rsa中放置正确的密钥来使其工作。看起来GitSCM插件完全忽略了提供的credentialsId,只使用了/var/lib/jenkins/.ssh/id_rsa中的密钥。我为此创建了一个没有密码短语的密钥对。
这是一种解决方法,我怀疑GitSCM有一个错误,但至少你可以使用管道插件。
答案 2 :(得分:1)
您使用什么样的凭据?
我建议您使用SSH凭据(即私钥/公钥):
- Generate一个SSH密钥对(确保为正确的用户名生成它!)
- 添加您的公开SSH key to your Bitbucket account
- 配置Jenkins以使用新创建的SSH私钥,如下例所示:
然后你需要使用SSH URL连接你的Git管道中的凭据(而不是HTTP URL),如下所示:
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url:'ssh://BRNTZN@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkins_ssh_key']]
])
另请注意,您可能需要为凭据设置特定ID(例如jenkins_ssh_key或BRNTZN_ssh_key),以提高可读性并简化管道配置。
答案 3 :(得分:0)
如Pipeline plugin tutorial中所述,对于多分支项目,您不必在节点中指定存储库。只需使用checkout scm即可。
相关问题
- 在jenkins文件中使用Jenkins商店的凭据
- 如何在jenkinsfile中单独获取存储在Jenkins凭据中的用户名密码
- 在Jenkinsfile中使用readJSON的RejectedAccessException
- 从Jenkinsfile中访问git Jenkinsfile url repo
- 使用凭据从Jenkinsfile进行API调用
- 从Jenkinsfile
- 使用脚本化的jenkinsfile
- 从另一个Jenkinsfile运行一个Jenkinsfile
- Jenkinsfile:使用groovy代码捕获jenkinsfile中的github pull详细信息
- Jenkinsfile访问AWS凭证
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?