Jenkins Pipeline基於groovy：無法推入git => Permission denied（publickey）

Question

詹金斯語境

Jenkins版本：2.23版
我正在嘗試使用groovy腳本從jenkins管道進行git推送。 目標是在舞台上創建一個標簽，並在我的git倉庫上遠程推送它。

我的管道作業配置出了什么問題（參見下文）？

問題

我有一個使用credentialsId的帳戶，可以完美地運行獲取和克隆。 但是當我嘗試推送我的標簽時，我收到以下錯誤。

git push ssh：//git.server：29418 / AA / myrepo.git --tags Permission denied（publickey）。 致命：無法從遠程存儲庫讀取。

憑據/ SSH

公鑰正確添加到我的git / gerrit服務器中
該帳戶對gerrit具有“ALLOW”權利：

參考：refs / tags / *

• 創建參考
• 偽造作者身份
• 偽造提交者身份
• 推
• 推注釋標簽
• 推送簽名標簽

Jenkins Pipeline：時髦的劇本

---

node {
    echo "=================="
    string workspace=pwd()
    sh ('ls -al $workspace')

    String credentialsId="aaa-bbb-ccc-ddd-eee"
    String  gitRepo="ssh://git.server:29418/AA/myrepo.git"

    // stage
    stage "Test Tag Push"

    git credentialsId: "${credentialsId}", url: "${gitRepo}"


    println "cmd = git tag "
    sh(script: 'git tag')

    tagName="MyTag"

    sh(script: "git tag -d $tagName")
    sh(script: "git tag $tagName")
    sh(script: 'git tag')
    println "git repo : ${gitRepo}"
    sh('git push ssh://git.server:29418/AA/myrepo.git --tags')
}

---

控制台輸出

> Entering stage Test Tag Push
Proceeding
[Pipeline] git
 > git rev-parse --is-inside-work-tree # timeout=10
 > git config remote.origin.url ssh://git.server:29418/AA/myrepo.git # timeout=10
Fetching upstream changes from ssh://git.server:29418/AA/myrepo.git
 > git --version # timeout=10
using GIT_SSH to set credentials aacloud user for gerrit connection
 > git -c core.askpass=true fetch --tags --progress ssh://git.server:29418/AA/myrepo.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 20fc371cf27bb57049e75a040f00986ab6a71473 (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 20fc371cf27bb57049e75a040f00986ab6a71473
 > git branch -a -v --no-abbrev # timeout=10
 > git branch -D master # timeout=10
 > git checkout -b master 20fc371cf27bb57049e75a040f00986ab6a71473
 > git rev-list 20fc371cf27bb57049e75a040f00986ab6a71473 # timeout=10
[Pipeline] echo
cmd = git tag 
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag
MyTag
Tag001
tc001
tc002
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag -d MyTag
Deleted tag 'MyTag' (was 20fc371)
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag MyTag
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git tag
MyTag
Tag001
tc001
tc002
[Pipeline] echo
git repo : ssh://git.server:29418/AA/myrepo.git
[Pipeline] sh
[cockpit-pipeline-test-TC] Running shell script
+ git push ssh://git.server:29418/AA/myrepo.git --tags
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 128
Finished: FAILURE

Answer 1

Git憑證僅對git步驟有效（即獲取存儲庫）。 你需要用sshagent包裝你的sh步驟：

sshagent(credentialsId) {
    sh('git push ssh://git.server:29418/AA/myrepo.git --tags')
}

Answer 2

非常感謝Jil，這就是訣竅！ 它與sshagent完美配合

我想補充說，在存儲庫參數中添加帳戶也是必要的

gitRepo="ssh://MyAccount@git.server:29418/AA/myrepo.git"

完整的解決方案

    node {
      String credentialsId="aaa-bbb-ccc-ddd-eee"
      String gitLogin="MyAccount"
      String gitRepo="ssh://${gitLogin}@git.server:29418/AA/myrepo.git"
      stage "Test Tag Push"
      git credentialsId: "${credentialsId}", url: "${gitRepo}"   
      tagName="MyTag"    
      sh(script: "git tag $tagName")
      sshagent([credentialsId]) {
        sh(script: 'git push --tags')
      }
    }