如何在Jenkins的shell脚本中使用git凭据？

Question

So I have a plain shell script and I want to execute 2 git commands but don't have the credentials. How do I get the credentials into my environment? Do I have to set GIT_ASKPASS or something? I am not the admin so "install a plugin" isn't a great option.

The environment has the following available already:

BUILD_URL
UPDATE_VERSION
HOSTNAME
PASS            <--- This one looks like a possible but still no user id. 
POM_GROUPID
HUDSON_SERVER_COOKIE
BUILD_TAG
POM_DISPLAYNAME
GIT_PREVIOUS_COMMIT
WORKSPACE
JOB_URL
RUN_CHANGES_DISPLAY_URL
POM_ARTIFACTID
MAVEN_OPTS
JENKINS_SWARM_VERSION
NLSPATH
GIT_COMMIT
JENKINS_HOME
MAVEN_HOME
PATH
RUN_DISPLAY_URL
PWD
JAVA_HOME
HUDSON_URL
JAVA_VERSION
JOB_NAME
POM_VERSION
BUILD_VERSION
XFILESEARCHPATH
BUILD_DISPLAY_NAME
BUILD_ID
JENKINS_URL
JOB_BASE_NAME
GIT_PREVIOUS_SUCCESSFUL_COMMIT
POM_PACKAGING
HOME
GIT_SSL_NO_VERIFY
SHLVL
M2_HOME
GIT_BRANCH
EXECUTOR_NUMBER
JENKINS_SERVER_COOKIE
GIT_URL
NODE_LABELS
HUDSON_HOME
NODE_NAME
BUILD_NUMBER
JOB_DISPLAY_URL
HUDSON_COOKIE

Update: here is some new information. GIT_ASKPASS uses these? ...and I note that Jenkins is using GIT_ASKPASS to check out in the first place.

+ git help -a
+ grep credential-
  credential-cache          remote-ext
  credential-cache--daemon  remote-fd
  credential-gnome-keyring  remote-ftp
  credential-store          remote-ftps

Answer 1

Afraid I don't know much about Jenkins, but you can store a git credential from a shell script using your git credential helper (assuming you have one configured), eg:

printf "protocol=https/nhost=your.git.host/nusername=your_user/npassword=Y0urP@55w0rd/n/n" | git credential approve # git credential takes its arguments on stdin - the final double newline is needed to signal end of input

Git commands should then use it, or if you need the credential itself you can retrieve it on stdout with:

printf "protocol=https/nhost=your.git.host/username=your_user/npassword=Y0urP/n/n" | git credential fill

Answer 2

If your script has to have those credentials, then you can check the second option " Job DSL plugin: Build Variables "

All build variables are exposed to the Job DSL scripts as variables, see User Power Moves .
There are several ways to define credentials as build variables, eg the EnvInject Plugin provides a "Inject passwords to the build as environment variables" setting to inject passwords either defined globally in "Configure System" or directly on a job.

// use the FLOWDOCK_TOKEN variable to configure the Flowdock publisher
job('example-4') {
    publishers {
        flowdock(FLOWDOCK_TOKEN) {
            unstable()
            success()
            aborted()
            failure()
            fixed()
            notBuilt()
        }
    }
}

// variables can also be using in configure blocks
job('example-5') {
    configure { project ->
        project / builders << 'org.foo.FooBuilder' {
            userName(FOO_USER)
            password(FOO_PASSWORD)
        }
    }
}