[英]Jenkins Pipeline based on groovy : unable to push into git => Permission denied (publickey)
Jenkins Context 詹金斯语境
Jenkins version : version 2.23 Jenkins版本:2.23版
I am trying to make a git push from a jenkins pipeline using a groovy script. 我正在尝试使用groovy脚本从jenkins管道进行git推送。 The goal is to create a tag in a stage and push it remotely on my git repo. 目标是在舞台上创建一个标签,并在我的git仓库上远程推送它。
What is going wrong with my pipeline job configuration (cf below)? 我的管道作业配置出了什么问题(参见下文)?
Problem 问题
I have an account with credentialsId that runs perfectly for the fetch and clone. 我有一个使用credentialsId的帐户,可以完美地运行获取和克隆。 But I get the following error when I try to push my tags. 但是当我尝试推送我的标签时,我收到以下错误。
git push ssh://git.server:29418/AA/myrepo.git --tags Permission denied (publickey). git push ssh://git.server:29418 / AA / myrepo.git --tags Permission denied(publickey)。 fatal: Could not read from remote repository. 致命:无法从远程存储库读取。
Credentials / SSH 凭据/ SSH
Public key is correctly added into my git/gerrit server 公钥正确添加到我的git / gerrit服务器中
The account has "ALLOW" rights on gerrit : 该帐户对gerrit具有“ALLOW”权利:
Reference: refs/tags/* 参考:refs / tags / *
Jenkins Pipeline : groovy script Jenkins Pipeline:时髦的剧本
node {
echo "=================="
string workspace=pwd()
sh ('ls -al $workspace')
String credentialsId="aaa-bbb-ccc-ddd-eee"
String gitRepo="ssh://git.server:29418/AA/myrepo.git"
// stage
stage "Test Tag Push"
git credentialsId: "${credentialsId}", url: "${gitRepo}"
println "cmd = git tag "
sh(script: 'git tag')
tagName="MyTag"
sh(script: "git tag -d $tagName")
sh(script: "git tag $tagName")
sh(script: 'git tag')
println "git repo : ${gitRepo}"
sh('git push ssh://git.server:29418/AA/myrepo.git --tags')
}
Console Output 控制台输出
> Entering stage Test Tag Push
Proceeding
[Pipeline] git
> git rev-parse --is-inside-work-tree # timeout=10
> git config remote.origin.url ssh://git.server:29418/AA/myrepo.git # timeout=10
Fetching upstream changes from ssh://git.server:29418/AA/myrepo.git
> git --version # timeout=10
using GIT_SSH to set credentials aacloud user for gerrit connection
> git -c core.askpass=true fetch --tags --progress ssh://git.server:29418/AA/myrepo.git +refs/heads/*:refs/remotes/origin/*
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
> git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 20fc371cf27bb57049e75a040f00986ab6a71473 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f 20fc371cf27bb57049e75a040f00986ab6a71473
> git branch -a -v --no-abbrev # timeout=10
> git branch -D master # timeout=10
> git checkout -b master 20fc371cf27bb57049e75a040f00986ab6a71473
> git rev-list 20fc371cf27bb57049e75a040f00986ab6a71473 # timeout=10
[Pipeline] echo
cmd = git tag
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag
MyTag
Tag001
tc001
tc002
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag -d MyTag
Deleted tag 'MyTag' (was 20fc371)
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag MyTag
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag
MyTag
Tag001
tc001
tc002
[Pipeline] echo
git repo : ssh://git.server:29418/AA/myrepo.git
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git push ssh://git.server:29418/AA/myrepo.git --tags
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 128
Finished: FAILURE
Git credentials are valid only for the git
step (ie fetching the repository). Git凭证仅对git
步骤有效(即获取存储库)。 You need to wrap your sh
step with sshagent
: 你需要用sshagent
包装你的sh
步骤:
sshagent(credentialsId) {
sh('git push ssh://git.server:29418/AA/myrepo.git --tags')
}
Thanks a lot Jil, that is the trick !!! 非常感谢Jil,这就是诀窍! It works perfectly with sshagent 它与sshagent完美配合
I would add it is also necessecary to add the account in the repository parameter 我想补充说,在存储库参数中添加帐户也是必要的
gitRepo="ssh://MyAccount@git.server:29418/AA/myrepo.git"
Complete solution is 完整的解决方案
node {
String credentialsId="aaa-bbb-ccc-ddd-eee"
String gitLogin="MyAccount"
String gitRepo="ssh://${gitLogin}@git.server:29418/AA/myrepo.git"
stage "Test Tag Push"
git credentialsId: "${credentialsId}", url: "${gitRepo}"
tagName="MyTag"
sh(script: "git tag $tagName")
sshagent([credentialsId]) {
sh(script: 'git push --tags')
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.