0

I am define some secret credential in jenkins, and now I using it in jenkins pipeline like this:

pipeline {
    
    agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_USERNAME     = credentials('github-username')
        GITHUB_PASSWORD     = credentials('github-password')
        GITHUB_PASSWORD1    = credentials('github-password-1')
        df    = credentials('123')
    }

    stages {
        stage('checkout-source') {
            steps {
                git credentialsId: 'gitlab-project-auth',
                url: 'https://github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git'
             } 
        }
        
       stage('publish') {
            steps{
                sh "git config --global user.email \"jiangtingqiang@gmail.com\""
                sh "git config --global user.name \"jiangxiaoqiang\""
                sh "git add -A"
                sh "git diff-index --quiet HEAD || git commit -m \"[docs] scheduled auto commit task\" || git push"
                sh "echo ${GITHUB_USERNAME}"
                sh "echo ${GITHUB_PASSWORD}"
                sh "echo ${GITHUB_PASSWORD1}"
                sh "echo ${df}"
                sh "git push https://${GITHUB_USERNAME}:${GITHUB_PASSWORD}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

but it seems only the first works, this is the build log output:

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/****/xiaoqiang-blog-source.git # timeout=10
Fetching upstream changes from https://github.com/****/xiaoqiang-blog-source.git
 > git --version # timeout=10
 > git --version # 'git version 2.11.0'
 > git fetch --tags --progress -- https://github.com/****/xiaoqiang-blog-source.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 # timeout=10
 > git branch -a -v --no-abbrev # timeout=10
 > git branch -D master # timeout=10
 > git checkout -b master d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 # timeout=10
Commit message: "[docs] add jenkinsfiles"
 > git rev-list --no-walk d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (publish)
[Pipeline] sh
+ git config --global user.email jiangtingqiang@gmail.com
[Pipeline] sh
+ git config --global user.name ****
[Pipeline] sh
+ git add -A
[Pipeline] sh
+ git diff-index --quiet HEAD
[Pipeline] sh
+ echo ****
****
[Pipeline] sh
+ echo

[Pipeline] sh
+ git push https://****:@github.com/****/xiaoqiang-blog-source.git
remote: Invalid username or password.
fatal: Authentication failed for 'https://****:@github.com/****/xiaoqiang-blog-source.git/'
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 128
Finished: FAILURE

am I missing something in configuration credentials?

Dolphin
  • 29,069
  • 61
  • 260
  • 539

2 Answers2

1

You can't use jenkins credentials as is.

Please review this stackoverflow answer explains how to run push from bash script.

ozlevka
  • 1,988
  • 16
  • 28
1

Here I'm not answering how to use git. My answer is about secrets usage in jenkins only.

Which kind of secrets did you use? Secret text?

While using secrets - username and password, you can call separately username and password like this:

agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_CRED = credentials('github-cred')
    }

    stages {  
       stage('publish') {
            steps{
                sh "echo ${GITHUB_CRED_USR}"
                sh "echo ${GITHUB_CRED_PSW}"
                sh "git push https://${GITHUB_CRED_USR}:${GITHUB_CRED_PSW}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

Also it make sence where do you store credentials: in global or project scope.

Dmitriy Tarasevich
  • 1,082
  • 5
  • 6