Jenkins npm build using Github personal access token

Question

I have an npm package that depends on a repo in a private github server in its package.json:

"my-package": "git+https://private.github.example.com/my-org/my-package.git"

The github server is secured with personal access tokens (which are used as passwords during authentication). In local builds, users can store their .gitcredentials for https://private.github.example.com and git will automatically use them to access the github repository during the npm build.

I also have a technical user in a Jenkins which in general has access to the github server via a personal access token. However Jenkins uses those credentials only to check out from the github server and the credentials for that appear only to be bound to the github api url, not to git checkouts from any repo on that server that occur during the Jenkins Job.

I have seen https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs , which describes how to define credentials and inject them into build scripts as environment vars. However, I do not think it is a good idea to introduce environment variables in a package.json, if that is possible at all.

How can I make credentials defined by the credentials plugin accessible for git during npm builds?

Answer 1

使用秘密存储中的凭据在代理上编写一个.gitcredentials文件，然后在发布步骤中再次对其进行清理。