Itai Ganot Itai Ganot - 2 months ago 116
Groovy Question

How to add git credentials to the build so it would be able to be used within a shell code?

I've wrote the following Jenkinsfile:

node("master") {
def artifactory_creds = 'bb43ff2f-eeee-4530-a544-e6a44504498f'
def git_creds = 'a378e16a-3d20-eeee-aef1-b2bd233f15b6'
java = docker.image('openjdk:8-jdk')
java.pull()
java.inside("-u root --ulimit core=99999999") {
withCredentials([ // Use Jenkins credentials ID of artifactory
[$class: 'UsernamePasswordMultiBinding', credentialsId: artifactory_creds, usernameVariable: 'A_USER', passwordVariable: 'A_PASS'],
[$class: 'UsernamePasswordMultiBinding', credentialsId: git_creds, usernameVariable: 'G_USER', passwordVariable: 'G_PASS'] // Use Jenkins credentials ID of git
]) {
sh '''
cd $PWD && git clone ${G_USER}:${G_PASS}@github.com/ganoti/AutoCAD360-Android .
NDK_VER="r12b"
SDK_VER="r24.4.1"
export GRADLE_USER_HOME=$PWD/AutoCAD360-Android/.gradle
export PATH=$PATH:$GRADLE_USER_HOME:$GRADLE_USER_HOME/android-ndk-$NDK_VER
# apt-get update && apt-get install gcc-multilib lib32z1 make file -y
if [ ! -d "$GRADLE_USER_HOME/android-sdk-linux" ]; then
if [ ! -f "$GRADLE_USER_HOME/android-sdk_$SDK_VER-linux.tgz" ]; then
curl -o "$GRADLE_USER_HOME/android-sdk_$SDK_VER-linux.tgz" https://dl.google.com/android/android-sdk_$SDK_VER-linux.tgz
cd $GRADLE_USER_HOME && tar -xvzf android-sdk_$SDK_VER-linux.tgz
fi
fi
if [ ! -d "$GRADLE_USER_HOME/android-ndk-$NDK_VER" ]; then
if [ ! -f "$GRADLE_USER_HOME/android-ndk_$SDK_VER-linux.tgz" ]; then # Checks if the sdk tarball exists on system
curl -o "$GRADLE_USER_HOME/android-ndk-$NDK_VER-linux-x86_64.zip" https://dl.google.com/android/repository/android-ndk-$NDK_VER-linux-x86_64.zip
cd $GRADLE_USER_HOME && unzip -o android-ndk-$NDK_VER-linux-x86_64.zip
fi
fi


# Downloads the required SDK tools
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 2 # Android SDK Tools, revision 25.2.2 rc1
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 3 # Android SDK Platform-tools, revision 24.0.2
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 4 # Android SDK Build-tools, revision 24.0.2
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 6 # Android SDK Build-tools, revision 24
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 7 # Android SDK Build-tools, revision 23.0.3
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 8 # Android SDK Build-tools, revision 23.0.2
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 30 # SDK Platform Android 7.0, API 24, revision 2
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 53 # Android TV Intel x86 Atom System Image, Android API 24, revision 6
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 54 # Android Wear ARM EABI v7a System Image, Android API 24, revision 1
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 55 # Android Wear Intel x86 Atom System Image, Android API 24, revision 1
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 57 # ARM EABI v7a System Image, Android API 24, revision 6
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 58 # Intel x86 Atom_64 System Image, Android API 24, revision 6
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 59 # Intel x86 Atom System Image, Android API 24, revision 6
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 153 # Android Support Repository, revision 36
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 160 # Google Play services, revision 32
# echo "y" | $GRADLE_USER_HOME/android-sdk-linux/tools/android update sdk -u -a -t 161 # Google Repository, revision 32
# Downloads the constraint-layouts files from Artifactory
curl -u ${A_USER}:${A_PASS} -o "$GRADLE_USER_HOME"/m2repository.tar.gz https://artifactory.company.net/android-tmp/m2repository.tar.gz
tar -xzf $GRADLE_USER_HOME/m2repository.tar.gz -C $GRADLE_USER_HOME/android-sdk-linux/extras/
#cd $PWD && ./gradlew -DBUILD_FLAVOR=staging -DUSE_OLD_BUILD_PROCESS=false -DCORE_BRANCH=NONE -DVERSION_NAME=4.1.10 -DAutomation_Scenario_Tag_To_Run=short_sanity -DUSE_BUNDLE_NDK=true -DIS_X86_COMPATIBLE=false -D Automation_Device=Nexus_7 -DBUILD_TYPE=Debug -DGIT_BRANCH=origin/develop -DAutomation_Run_Config=autocad_appium -DANDROID_VIEWS_BRANCH= clean assemblestagingDebug
ls -l $PWD
ls -l $PWD/.gradle
'''
}

}
}


I'm able to run this build without this line:

[$class: 'UsernamePasswordMultiBinding', credentialsId: git_creds, usernameVariable: 'G_USER', passwordVariable: 'G_PASS']


But after adding this line, when I run the build, I get the following error:

org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: Credentials 'a378e16a-3d20-4465-aef1-b2bd233f15b6' is of type 'SSH Username with private key' where 'com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials' was expected


I'm trying to bind git username and password and use them within the '''sh''' code just like I used artifactory credentials.

Anyone knows why I'm getting this error? The credentials I specified exist on the Jenkins server

Answer

Using SSH credentials you can do that pretty easily.

Configure SSH credentials for Jenkins

First, you need to configure credentials on your Jenkins instance, i.e. tell Jenkins where it can find the private key that will be used to authenticate to your Git repository. Such as configuration could look like this :

enter image description here

I personnaly chose to generate SSH (private + public) keys for the jenkins user and add it to the classic user directory ~/.ssh and I added jenkins user as a member of my Git repository collaborators, but that's up to you. For more information about SSH configuration for your Git account, you can check Github doc for how to generate a new SSH key or how to add a new SSH key to your Github account.

Use SSH credentials in your pipeline

Next step is to actually use the credentials in your pipeline. Here is a simple example :

node("master") {
  stage 'Checkout'
  git url: "ssh://jenkins@your.git.server:port/git-project.git",
     credentialsId: 'jenkins_ssh_key',
     branch: master

  // The rest of your Groovy here...

  stage 'Use Git'
  // Do anything you like with your Git repo
  sh 'git add -A && git commit -m "Update code" && git push origin master'
}

When declared at checkout time, credentials should be kept for all Git commands you will further execute in your pipeline, so that should do the trick.

Comments