在 jenkinsfile 中使用来自 Jenkins 存储的凭据
Using credentials from Jenkins store in a jenkinsfile
我在 Jenkins 中做了一个多分支管道项目。我需要使用两个存储库并且都需要凭据。
我在 repository1 中创建了一个 Jenkinsfile:
node ('label1'){
stage 'sanity check'
sh 'echo sanity check'
stage 'checkout other repository'
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'https://BRNTZN@bitbucket.org/BRNTZN/repository2.git'],[credentialsId:'23b2eed1-2863-49d5-bc7b-bcccb9ad914d']]
])
stage 'log results'
sh 'echo result = OK'
}
当我将此文件推送到 repository1 的一个分支并开始构建时,我在 Jenkins 中收到以下错误:
Branch indexing
Setting origin to https://BRNTZN@bitbucket.org/BRNTZN/repository1.git
Fetching origin...
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://BRNTZN@bitbucket.org/BRNTZN/repository1.git # timeout=10
Fetching upstream changes from https://BRNTZN@bitbucket.org/BRNTZN/repository1.git
> git --version # timeout=10
using .gitcredentials to set credentials
> git config --local credential.username BRNTZN # timeout=10
> git config --local credential.helper store --file=/tmp/git1367320661933193799.credentials # timeout=10
> git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
> git config --local --remove-section credential # timeout=10
Checking out Revision d997a29e9d1f639d56eb425ec00e03309e099c7a (jenkinsfilebranch1)
> git config core.sparsecheckout # timeout=10
> git checkout -f d997a29e9d1f639d56eb425ec00e03309e099c7a
> git rev-list f81d0d366fd751857a2640c587817f4d047a15af # timeout=10
[Pipeline] node
Running on jenkins agent (i-07353fc08cb42f10e) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://BRNTZN@bitbucket.org/BRNTZN/repository2.git # timeout=10
Fetching upstream changes from https://BRNTZN@bitbucket.org/BRNTZN/repository2.git
> git --version # timeout=10
> git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://BRNTZN@bitbucket.org/BRNTZN/repository2.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.call(AbstractSynchronousNonBlockingStepExecution.java:52)
at hudson.security.ACL.impersonate(ACL.java:213)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.run(AbstractSynchronousNonBlockingStepExecution.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: remote: Invalid username or password. If you log in via a third party service you must ensure you have an account password set in your account profile.
fatal: Authentication failed for 'https://BRNTZN@bitbucket.org/BRNTZN/repository2.git/'
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access0(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.execute(CliGitAPIImpl.java:314)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:152)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:145)
at hudson.remoting.UserRequest.perform(UserRequest.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:50)
at hudson.remoting.Request.run(Request.java:332)
at hudson.remoting.InterceptingExecutorService.call(InterceptingExecutorService.java:68)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
at ......remote call to jenkins agent (i-07353fc08cb42f10e)(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
at hudson.remoting.Channel.call(Channel.java:781)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy75.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
凭据应该是正确的:
并且在自由式项目中使用该存储库的这些凭据不会出现错误:
更新
我使用 SSH 凭据创建了一个自由式项目,并将 public 密钥添加到我的 Bitbucket 帐户以测试我是否可以使 SSH 工作:
这有效:
Started by user admin
Building remotely on jenkins agent (i-039385e75b60d70f7) (label1) in workspace /var/jenkins/workspace/gitcredentials test
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository2.git
> git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 1d51064143e7337cbc0b1910918166facc9c2330 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f 1d51064143e7337cbc0b1910918166facc9c2330
First time build. Skipping changelog.
Finished: SUCCESS
然而,当以下列方式更新 jenkinsfile 时:
node ('label1'){
stage 'sanity check'
sh 'echo sanity check'
stage 'checkout other repository'
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])
stage 'log results'
sh 'echo result = OK'
}
我仍然遇到同样的错误:
Started by user admin
Setting origin to git@bitbucket.org:BRNTZN/repository1.git
Fetching origin...
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository1.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository1.git
> git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
Checking out Revision 29fc47911827d829f5abe9456bd8df78bc478fe7 (jenkinsfilebranch1)
> git config core.sparsecheckout # timeout=10
> git checkout -f 29fc47911827d829f5abe9456bd8df78bc478fe7
> git rev-list 29fc47911827d829f5abe9456bd8df78bc478fe7 # timeout=10
[Pipeline] node
Running on jenkins agent (i-039385e75b60d70f7) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository2.git
> git --version # timeout=10
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@bitbucket.org:BRNTZN/repository2.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.call(AbstractSynchronousNonBlockingStepExecution.java:52)
at hudson.security.ACL.impersonate(ACL.java:213)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.run(AbstractSynchronousNonBlockingStepExecution.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access0(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.execute(CliGitAPIImpl.java:314)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:152)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:145)
at hudson.remoting.UserRequest.perform(UserRequest.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:50)
at hudson.remoting.Request.run(Request.java:332)
at hudson.remoting.InterceptingExecutorService.call(InterceptingExecutorService.java:68)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
at ......remote call to jenkins agent (i-039385e75b60d70f7)(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
at hudson.remoting.Channel.call(Channel.java:781)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at sun.reflect.GeneratedMethodAccessor1180.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy75.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
您使用哪种凭据?
我建议您使用 SSH 凭据(即 private/public 密钥):
- Generate SSH 密钥对(确保为正确的用户名生成它!)
- 添加你的publicSSH key to your Bitbucket account
- 将您的 Jenkins 配置为使用您新创建的 SSH 私钥,如下例所示:
然后您需要使用 SSH URL 作为您管道中 Git 您凭据的连接(而不是 HTTP URL),如下所示:
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url:'ssh://BRNTZN@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkins_ssh_key']]
])
此外,请注意,您可能希望为您的凭据设置一个特定的 ID(例如 jenkins_ssh_key 或 BRNTZN_ssh_key)以提高可读性并简化管道配置。
我遇到了完全相同的问题:在自由式项目中使用凭据结帐工作正常,在 shell(作为 jenkins 用户)中结帐工作正常,并在管道中结帐失败。我已经将 Jenkins + 插件更新到最新版本。
我终于设法通过在 /var/lib/jenkins/.ssh/id_rsa 中放置正确的密钥来让它工作。看起来 GitSCM 插件完全忽略了提供的 credentialsId,而只使用 /var/lib/jenkins/.ssh/id_rsa 中的密钥。我为此生成了一个没有密码的密钥对。
这是一种解决方法,我怀疑 GitSCM 有错误,但至少你可以使用管道插件。
如Pipeline plugin tutorial所述,对于多分支项目,您不必在节点中指定存储库。只需使用 checkout scm。
您的 GitSCM class 实例化不正确。您创建了两个 UserRemoteConfig 对象 - 一个的 URL 为 'git@bitbucket.org:BRNTZN/repository2.git',另一个的 credentialsId 为 'jenkinsmaster'。相反,您想要一个同时设置了两个属性的对象。
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])
应该是:
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git',credentialsId:'jenkinsmaster']]
])
请注意,在第二种情况下 "userRemoteConfigs" 部分的逗号周围没有括号。
我刚刚 运行 遇到了同样的问题,并将 Eclipse 调试器连接到 Jenkins 以查找问题。
参见 git-plugin GitSCM does not support ssh credentials when using checkout in a Jenkinsfile (45007)。
场景,使用 HTTPS 检出回购 A,然后在快速通道文件中使用 HTTPS 在两个不同的阶段检出回购 B 和 C,并使用快速通道快速文件中的 git 命令将提交推送到回购 B 和 C 中的分支。在管道 Jenkinsfile 部分环境和以下步骤中:
environment {
GITHUB_ACCESS_TOKEN = credentials("unique-credential-github-pat")
GIT_REPO_B = "https://unique-credential-github-pat:${GITHUB_ACCESS_TOKEN}@github.com/organization_name/repository_name.git"
GIT_REPO_C = "https://unique-credential-github-pat:${GITHUB_ACCESS_TOKEN}@github.com/organization_name/repository_name.git"
}
stage (B) {
steps {
checkout([$class: 'GitSCM', branches: [[name: "myname/branch_name"]], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'GitLFSPull'],[$class: 'CloneOption', depth: 1, noTags: true, reference: '', shallow: true]], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'unique-credential-github-pat', url: GIT_REPO_B]]])
}
}
stage (C) {
steps {
checkout([$class: 'GitSCM', branches: [[name: "myname/branch_name"]], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'GitLFSPull'],[$class: 'CloneOption', depth: 1, noTags: true, reference: '', shallow: true]], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'unique-credential-github-pat', url: GIT_REPO_C]]])
}
}
fastlane fastfile lane中使用的命令:
sh ('git add file_to_add.txt')
sh ('git commit -m "Commit file text"')
sh ('git remote -v')
sh ('git push origin myname/branch_name')
我在 Jenkins 中做了一个多分支管道项目。我需要使用两个存储库并且都需要凭据。
我在 repository1 中创建了一个 Jenkinsfile:
node ('label1'){
stage 'sanity check'
sh 'echo sanity check'
stage 'checkout other repository'
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'https://BRNTZN@bitbucket.org/BRNTZN/repository2.git'],[credentialsId:'23b2eed1-2863-49d5-bc7b-bcccb9ad914d']]
])
stage 'log results'
sh 'echo result = OK'
}
当我将此文件推送到 repository1 的一个分支并开始构建时,我在 Jenkins 中收到以下错误:
Branch indexing
Setting origin to https://BRNTZN@bitbucket.org/BRNTZN/repository1.git
Fetching origin...
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://BRNTZN@bitbucket.org/BRNTZN/repository1.git # timeout=10
Fetching upstream changes from https://BRNTZN@bitbucket.org/BRNTZN/repository1.git
> git --version # timeout=10
using .gitcredentials to set credentials
> git config --local credential.username BRNTZN # timeout=10
> git config --local credential.helper store --file=/tmp/git1367320661933193799.credentials # timeout=10
> git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
> git config --local --remove-section credential # timeout=10
Checking out Revision d997a29e9d1f639d56eb425ec00e03309e099c7a (jenkinsfilebranch1)
> git config core.sparsecheckout # timeout=10
> git checkout -f d997a29e9d1f639d56eb425ec00e03309e099c7a
> git rev-list f81d0d366fd751857a2640c587817f4d047a15af # timeout=10
[Pipeline] node
Running on jenkins agent (i-07353fc08cb42f10e) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url https://BRNTZN@bitbucket.org/BRNTZN/repository2.git # timeout=10
Fetching upstream changes from https://BRNTZN@bitbucket.org/BRNTZN/repository2.git
> git --version # timeout=10
> git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://BRNTZN@bitbucket.org/BRNTZN/repository2.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.call(AbstractSynchronousNonBlockingStepExecution.java:52)
at hudson.security.ACL.impersonate(ACL.java:213)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.run(AbstractSynchronousNonBlockingStepExecution.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress https://BRNTZN@bitbucket.org/BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: remote: Invalid username or password. If you log in via a third party service you must ensure you have an account password set in your account profile.
fatal: Authentication failed for 'https://BRNTZN@bitbucket.org/BRNTZN/repository2.git/'
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access0(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.execute(CliGitAPIImpl.java:314)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:152)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:145)
at hudson.remoting.UserRequest.perform(UserRequest.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:50)
at hudson.remoting.Request.run(Request.java:332)
at hudson.remoting.InterceptingExecutorService.call(InterceptingExecutorService.java:68)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
at ......remote call to jenkins agent (i-07353fc08cb42f10e)(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
at hudson.remoting.Channel.call(Channel.java:781)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy75.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
凭据应该是正确的:
并且在自由式项目中使用该存储库的这些凭据不会出现错误:
更新
我使用 SSH 凭据创建了一个自由式项目,并将 public 密钥添加到我的 Bitbucket 帐户以测试我是否可以使 SSH 工作:
这有效:
Started by user admin
Building remotely on jenkins agent (i-039385e75b60d70f7) (label1) in workspace /var/jenkins/workspace/gitcredentials test
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository2.git
> git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 1d51064143e7337cbc0b1910918166facc9c2330 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f 1d51064143e7337cbc0b1910918166facc9c2330
First time build. Skipping changelog.
Finished: SUCCESS
然而,当以下列方式更新 jenkinsfile 时:
node ('label1'){
stage 'sanity check'
sh 'echo sanity check'
stage 'checkout other repository'
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])
stage 'log results'
sh 'echo result = OK'
}
我仍然遇到同样的错误:
Started by user admin
Setting origin to git@bitbucket.org:BRNTZN/repository1.git
Fetching origin...
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository1.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository1.git
> git --version # timeout=10
using GIT_SSH to set credentials jenkinsmaster key
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository1.git +refs/heads/*:refs/remotes/origin/*
Checking out Revision 29fc47911827d829f5abe9456bd8df78bc478fe7 (jenkinsfilebranch1)
> git config core.sparsecheckout # timeout=10
> git checkout -f 29fc47911827d829f5abe9456bd8df78bc478fe7
> git rev-list 29fc47911827d829f5abe9456bd8df78bc478fe7 # timeout=10
[Pipeline] node
Running on jenkins agent (i-039385e75b60d70f7) in /var/jenkins/workspace/multiBranch/jenkinsfilebranch1
[Pipeline] {
[Pipeline] stage (sanity check)
Entering stage sanity check
Proceeding
[Pipeline] sh
[jenkinsfilebranch1] Running shell script
+ echo sanity check
sanity check
[Pipeline] stage (checkout other repository)
Entering stage checkout other repository
Proceeding
[Pipeline] checkout
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git config remote.origin.url git@bitbucket.org:BRNTZN/repository2.git # timeout=10
Fetching upstream changes from git@bitbucket.org:BRNTZN/repository2.git
> git --version # timeout=10
> git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@bitbucket.org:BRNTZN/repository2.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.call(AbstractSynchronousNonBlockingStepExecution.java:52)
at hudson.security.ACL.impersonate(ACL.java:213)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution.run(AbstractSynchronousNonBlockingStepExecution.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress git@bitbucket.org:BRNTZN/repository2.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access0(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.execute(CliGitAPIImpl.java:314)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:152)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.call(RemoteGitImpl.java:145)
at hudson.remoting.UserRequest.perform(UserRequest.java:153)
at hudson.remoting.UserRequest.perform(UserRequest.java:50)
at hudson.remoting.Request.run(Request.java:332)
at hudson.remoting.InterceptingExecutorService.call(InterceptingExecutorService.java:68)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
at ......remote call to jenkins agent (i-039385e75b60d70f7)(Native Method)
at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1416)
at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
at hudson.remoting.Channel.call(Channel.java:781)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:145)
at sun.reflect.GeneratedMethodAccessor1180.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:131)
at com.sun.proxy.$Proxy75.execute(Unknown Source)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 13 more
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: null
Finished: FAILURE
您使用哪种凭据?
我建议您使用 SSH 凭据(即 private/public 密钥):
- Generate SSH 密钥对(确保为正确的用户名生成它!)
- 添加你的publicSSH key to your Bitbucket account
- 将您的 Jenkins 配置为使用您新创建的 SSH 私钥,如下例所示:
然后您需要使用 SSH URL 作为您管道中 Git 您凭据的连接(而不是 HTTP URL),如下所示:
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url:'ssh://BRNTZN@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkins_ssh_key']]
])
此外,请注意,您可能希望为您的凭据设置一个特定的 ID(例如 jenkins_ssh_key 或 BRNTZN_ssh_key)以提高可读性并简化管道配置。
我遇到了完全相同的问题:在自由式项目中使用凭据结帐工作正常,在 shell(作为 jenkins 用户)中结帐工作正常,并在管道中结帐失败。我已经将 Jenkins + 插件更新到最新版本。
我终于设法通过在 /var/lib/jenkins/.ssh/id_rsa 中放置正确的密钥来让它工作。看起来 GitSCM 插件完全忽略了提供的 credentialsId,而只使用 /var/lib/jenkins/.ssh/id_rsa 中的密钥。我为此生成了一个没有密码的密钥对。
这是一种解决方法,我怀疑 GitSCM 有错误,但至少你可以使用管道插件。
如Pipeline plugin tutorial所述,对于多分支项目,您不必在节点中指定存储库。只需使用 checkout scm。
您的 GitSCM class 实例化不正确。您创建了两个 UserRemoteConfig 对象 - 一个的 URL 为 'git@bitbucket.org:BRNTZN/repository2.git',另一个的 credentialsId 为 'jenkinsmaster'。相反,您想要一个同时设置了两个属性的对象。
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git'],[credentialsId:'jenkinsmaster']]
])
应该是:
checkout([
$class: 'GitSCM', branches: [[name: '*/master']],
userRemoteConfigs: [[url: 'git@bitbucket.org:BRNTZN/repository2.git',credentialsId:'jenkinsmaster']]
])
请注意,在第二种情况下 "userRemoteConfigs" 部分的逗号周围没有括号。
我刚刚 运行 遇到了同样的问题,并将 Eclipse 调试器连接到 Jenkins 以查找问题。
参见 git-plugin GitSCM does not support ssh credentials when using checkout in a Jenkinsfile (45007)。
场景,使用 HTTPS 检出回购 A,然后在快速通道文件中使用 HTTPS 在两个不同的阶段检出回购 B 和 C,并使用快速通道快速文件中的 git 命令将提交推送到回购 B 和 C 中的分支。在管道 Jenkinsfile 部分环境和以下步骤中:
environment {
GITHUB_ACCESS_TOKEN = credentials("unique-credential-github-pat")
GIT_REPO_B = "https://unique-credential-github-pat:${GITHUB_ACCESS_TOKEN}@github.com/organization_name/repository_name.git"
GIT_REPO_C = "https://unique-credential-github-pat:${GITHUB_ACCESS_TOKEN}@github.com/organization_name/repository_name.git"
}
stage (B) {
steps {
checkout([$class: 'GitSCM', branches: [[name: "myname/branch_name"]], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'GitLFSPull'],[$class: 'CloneOption', depth: 1, noTags: true, reference: '', shallow: true]], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'unique-credential-github-pat', url: GIT_REPO_B]]])
}
}
stage (C) {
steps {
checkout([$class: 'GitSCM', branches: [[name: "myname/branch_name"]], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'GitLFSPull'],[$class: 'CloneOption', depth: 1, noTags: true, reference: '', shallow: true]], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'unique-credential-github-pat', url: GIT_REPO_C]]])
}
}
fastlane fastfile lane中使用的命令:
sh ('git add file_to_add.txt')
sh ('git commit -m "Commit file text"')
sh ('git remote -v')
sh ('git push origin myname/branch_name')