Jenkins Pipeline基于groovy:无法推入git =>权限被拒绝(公钥)

时间:2016-10-07 14:03:26

标签: git jenkins ssh push jenkins-pipeline

Jenkins上下文

詹金斯版本:版本2.23
我正在尝试使用groovy脚本从jenkins管道进行git推送。 目标是在舞台上创建一个标签,并在我的git仓库上远程推送它。

我的管道作业配置出了什么问题(参见下文)?

问题

我有一个使用credentialsId的帐户,可以完美地运行获取和克隆。 但是当我尝试推送我的标签时出现以下错误。

  

git push ssh://git.server:29418 / AA / myrepo.git --tags   权限被拒绝(publickey)。致命:无法从远程读取   库中。

凭据/ SSH

公钥正确添加到我的git / gerrit服务器中
该帐户对gerrit具有“ALLOW”权利:

参考:refs / tags / *

  • 创建参考
  • 伪造作者身份
  • 伪造提交者身份
  • 推送带注释的标签
  • 推送签名标签

Jenkins Pipeline:groovy script 

node {
    echo "=================="
    string workspace=pwd()
    sh ('ls -al $workspace')

    String credentialsId="aaa-bbb-ccc-ddd-eee"
    String  gitRepo="ssh://git.server:29418/AA/myrepo.git"

    // stage
    stage "Test Tag Push"

    git credentialsId: "${credentialsId}", url: "${gitRepo}"


    println "cmd = git tag "
    sh(script: 'git tag')

    tagName="MyTag"

    sh(script: "git tag -d $tagName")
    sh(script: "git tag $tagName")
    sh(script: 'git tag')
    println "git repo : ${gitRepo}"
    sh('git push ssh://git.server:29418/AA/myrepo.git --tags')
}

控制台输出 

> Entering stage Test Tag Push
Proceeding
[Pipeline] git
 > git rev-parse --is-inside-work-tree # timeout=10
 > git config remote.origin.url ssh://git.server:29418/AA/myrepo.git # timeout=10
Fetching upstream changes from ssh://git.server:29418/AA/myrepo.git
 > git --version # timeout=10
using GIT_SSH to set credentials aacloud user for gerrit connection
 > git -c core.askpass=true fetch --tags --progress ssh://git.server:29418/AA/myrepo.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 20fc371cf27bb57049e75a040f00986ab6a71473 (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 20fc371cf27bb57049e75a040f00986ab6a71473
 > git branch -a -v --no-abbrev # timeout=10
 > git branch -D master # timeout=10
 > git checkout -b master 20fc371cf27bb57049e75a040f00986ab6a71473
 > git rev-list 20fc371cf27bb57049e75a040f00986ab6a71473 # timeout=10
[Pipeline] echo
cmd = git tag 
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag
MyTag
Tag001
tc001
tc002
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag -d MyTag
Deleted tag 'MyTag' (was 20fc371)
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag MyTag
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag
MyTag
Tag001
tc001
tc002
[Pipeline] echo
git repo : ssh://git.server:29418/AA/myrepo.git
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git push ssh://git.server:29418/AA/myrepo.git --tags
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 128
Finished: FAILURE

2 个答案:

答案 0 :(得分:5)

Git凭据仅对git步骤有效(即获取存储库)。您需要使用sh包裹sshagent步骤:

sshagent(credentialsId) {
    sh('git push ssh://git.server:29418/AA/myrepo.git --tags')
}

答案 1 :(得分:1)

非常感谢Jil,这就是诀窍! 它与sshagent完美配合

我想补充说,在存储库参数

中添加帐户也是必要的

gitRepo="ssh://MyAccount@git.server:29418/AA/myrepo.git"

完整的解决方案

    node {
      String credentialsId="aaa-bbb-ccc-ddd-eee"
      String gitLogin="MyAccount"
      String gitRepo="ssh://${gitLogin}@git.server:29418/AA/myrepo.git"
      stage "Test Tag Push"
      git credentialsId: "${credentialsId}", url: "${gitRepo}"   
      tagName="MyTag"    
      sh(script: "git tag $tagName")
      sshagent([credentialsId]) {
        sh(script: 'git push --tags')
      }
    }
相关问题
最新问题