使用Git LFS的Jenkins Git插件在Mac奴隶上失败并显示“Bad Credentials”
[英]Jenkins Git Plugin with Git LFS fails with 'Bad Credentials' on Mac slave
问题描述
At my company we have been setting up a Jenkins CI system against our internal GitHub Enterprise instance using the Jenkins Git Plugin (2.4.2) and Git LFS (1.1.2). 
在我的公司,我们使用Jenkins Git Plugin(2.4.2)和Git LFS(1.1.2)针对我们的内部GitHub Enterprise实例建立了Jenkins CI系统。 Despite having valid credentials stored in Jenkins and also stored on the Mac slave using the globally configured credentials, checking out the repository always ends with this failure: 尽管存储在Jenkins中的有效凭证使用全局配置的凭证存储在Mac从站上,但检查存储库始终以此失败结束:
Caused by: hudson.plugins.git.GitException: Command "git checkout -f ___my_commit_hash___ returned status code 128:
stdout:
stderr: Downloading ___my_lfs_file___ (754 B)
Error accessing media: ___my_lfs_file___ (___my_lfs_file_hash___)
Errors logged to .git\lfs\objects\logs\___my_lfs_log___.log
Use `git lfs logs last` to view the log.
error: external filter git-lfs smudge %f failed 2
error: external filter git-lfs smudge %f failed
fatal: ___my_lfs_file___: smudge filter lfs failed
And the git log shows: 并且git日志显示:
Git credentials for https://git.mycompany.com/myrepository.git not found.
or: 要么:
Bad Credentials
When I log onto the slave and directly run the commands, everything works; 当我登录到奴隶并直接运行命令时,一切正常; only the Jenkins slave process triggers the errors. 只有Jenkins从属进程才会触发错误。 This also only seems to affect our Mac slave, the Windows slave uses the stored credentials and properly runs Git LFS. 这也似乎只影响我们的Mac奴隶,Windows奴隶使用存储的凭据并正确运行Git LFS。 How can I configure the Git Plugin to properly run Git LFS on a Mac slave? 如何配置Git插件以在Mac从站上正确运行Git LFS?
2 个解决方案
解决方案1
6 2016-03-05 03:30:05
The issue with the Mac slave involved many facets. Mac奴隶的问题涉及很多方面。
First, we were launching the slave with Launch slave agents on Unix machines via SSH . 首先,我们通过SSH在Unix机器上使用Launch slave代理启动slave 。 This starts a non-interactive shell to launch the Jenkins slave.jar java process. 这将启动一个非交互式shell来启动Jenkins slave.jar java进程。 The fact that this is a not a login shell means that it won't have access to the credentials stored in the keychain without some additional setup. 事实上,这不是登录shell意味着如果没有一些额外的设置,它将无法访问存储在钥匙串中的凭证。 It also means it won't pick up any paths from /etc/paths (used by Homebrew when installing git-lfs) without some bash profile configurations. 这也意味着它不会从/ etc / paths中获取任何路径(在安装git-lfs时由Homebrew使用)而没有一些bash配置文件配置。 If we had been launching Jenkins on the slave using Launch slave agents via Java Web Start (which is how our Windows slave was configured) it's possible that we may not have been affected by the access issues (but this wasn't tested). 如果我们通过Java Web Start使用启动从属代理 (这是我们的Windows奴隶的配置方式)在奴隶上启动Jenkins,那么我们可能不会受到访问问题的影响(但是没有经过测试)。
We had Git LFS installed using Homebrew which modifies /etc/paths to add /usr/local/bin. 我们使用Homebrew安装了Git LFS,修改了/ etc / paths以添加/ usr / local / bin。 The paths in this file are loaded by .profile which only gets used for login shells. 此文件中的路径由.profile加载,仅用于登录shell。 To add /usr/local/bin to the path (so that git-lfs could be found by the Jenkins slave process) we added a ~/.bashrc file with the modified path. 要将/ usr / local / bin添加到路径中(以便Jenkins从属进程可以找到git-lfs),我们添加了带有修改路径的〜/ .bashrc文件。
To enable Git LFS, it was also necessary to modify ~/.gitconfig (using git config --global ) with the following values: 要启用Git LFS,还需要使用以下值修改〜/ .gitconfig(使用git config --global ):
[filter "lfs"]
clean = git-lfs clean %f
smudge = git-lfs smudge %f
required = true
Without this, checkout would succeed but Git LFS would silently not run leaving its stubs in the repository. 如果没有这个,checkout会成功,但是Git LFS会默默运行而不会将其存根保留在存储库中。
It was also necessary to add a credentials helper to the global git configuration (see this link for more details). 还需要向全局git配置添加凭证帮助程序(有关更多详细信息,请参阅此链接 )。
[credential]
helper = "osxkeychain "
The Git Plugin uses the slightly weird approach of init+fetch rather than clone to download the repository (see JENKINS-30318 for more details). Git插件使用init + fetch的稍微奇怪的方法而不是克隆来下载存储库(有关更多详细信息,请参阅JENKINS-30318 )。 This was added to work around a credentials issue (which should no longer be necessary). 这被添加到解决凭证问题(不再需要)。 The plugin uses the local git config file (which is why init+fetch was necessary) to temporarily store credentials which are subsequently removed. 该插件使用本地git配置文件(这就是为什么需要init + fetch)来临时存储随后被删除的凭据。 Specific commands are wrapped with this credentials setup (fetch is one). 使用此凭据设置包装特定命令(fetch是一个)。 Unfortunately, the git checkout command was not wrapped with the credentials. 不幸的是,git checkout命令没有包含凭据。 This means that when git-lfs is invoked, it must get its credentials from somewhere other than what is stored on Jenkins. 这意味着当调用git-lfs时,它必须从除Jenkins之外的其他地方获取其凭据。 From the Git LFS API , it shows that Git LFS can use gitcredentials to access the server (GitHub). 从Git LFS API ,它显示Git LFS可以使用gitcredentials访问服务器(GitHub)。 On our Windows slave, this just worked. 在我们的Windows奴隶上,这只是起作用。 On the Mac slave however, because the Jenkins process was not run in a login shell, Git LFS didn't have permission to access the user keychain and would fail. 但是在Mac上,由于Jenkins进程没有在登录shell中运行,因此Git LFS没有访问用户密钥链的权限而且会失败。 Opening Keychain Access and moving the keys from the 'Login' category to the 'System' category (see this comment ) and allowing all applications to access the key (see this answer ), we were finally able to get checkout with Git LFS working. 打开Keychain访问并将密钥从“登录”类别移动到“系统”类别(请参阅此注释 )并允许所有应用程序访问密钥(请参阅此答案 ),我们终于可以通过Git LFS工作结账了。
解决方案2
0 2017-03-06 22:12:28
You could try that setup again with the latest Jenkins Git plugin , whose 3.1.0 just got released with: 您可以使用最新的Jenkins Git插件再次尝试该设置,其3.1.0刚刚发布:
Add command line git large file support (LFS) ( JENKINS-30318 , JENKINS-35687 , JENKINS-38708 , JENKINS-40174 )
That allows you to add " Git LFS Pull After Checkout " as an Additional Behavior 这允许您添加“ Git LFS Pull After Checkout ”作为附加行为
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.