3

I have a bat script that is run on my jenkins pipeline.

It is used to tag a specific commit of my branch, and push it back to git. Looks like this:

"scriptCommand": https://%C_USERNAME%:%C_PASSWORD%@bitbucket.psr.io/scme/ci/ci.git\ngit push origin TAG1\ngit remote set-url --push origin https://bitbucket..psr.io/scme/ci/ci.git"

That command is made using the variables C_USERNAME, C_PASSWORD and the TAG1 The first two are taken from a usernamePassword type jenkins credentials, and are injected into the string, the TAG1 is a stimple string that should be used to get my git branch tagged

And that works, when I use the http link instead of the SSH link for my repo

I need to be able to handle the SSH link as well. For that, I researched on SSH private key, and turns out that the jenkins credentials have a specific field for it: SSH Username with private key

I made one such credential in jenkins, using my private key, and username

But now I am having trouble on how to create a batch line that works the same as the one above with the http link.

Needless to say, I have 0 exp on this matter.

Can some help me on this? And thank you for your time.

Elydasian
  • 2,016
  • 5
  • 23
  • 41

1 Answers1

4

The SSH URL would be like:

git@bitbucket.psr.io/scme/ci/ci.git

But you might want to use a dedicated plugin, like publish over SSH, which you can include in a pipeline.

In your case:

git remote set-url --push origin git@bitbucket.psr.io/scme/ci/ci.git

Using an SSH agent plugin

node {
  sshagent (credentials: ['myKey']) {
    sh 'git push git@bitbucket.psr.io/scme/ci/ci.git aTag'
  }
}

Assuming you have registered your private key in the Jenkins Global credentials (unrestricted), as an entry named 'myKey'.

Using withCredentials, as shown here, assuming Git 2.10+ for GIT_SSH_COMMAND:

withCredentials([sshUserPrivateKey(credentialsId: "myKey", keyFileVariable: 'key')]) {
        //auth to git here then do some commands for example:
        sh 'git commmit -am "hello my commit message'
        sh 'GIT_SSH_COMMAND = "ssh -i $key"'
        sh 'git push git@bitbucket.psr.io/scme/ci/ci.git aTag'
    }
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • thx for the advise, I will give it a try, but can you tell me how the git command would have too look like if I had to add a tag to an ssh type link? – Elydasian Apr 20 '22 at 10:47
  • @Elydasian "add a tag to an SSH type link"? What do you mean? Like a Host entry in a `~/.ssh/config` file? – VonC Apr 20 '22 at 12:20
  • well, if I would use the line that I posted above in my question would push a tag to my git repo (using http protocol), how would the same line would look like if I were to use the ssh protocol? (I hope this makes sense :)) – Elydasian Apr 20 '22 at 12:37
  • @Elydasian OK, got it. the set-url would be: `git remote set-url --push origin git@bitbucket.psr.io/scme/ci/ci.git` – VonC Apr 20 '22 at 12:52
  • thx, that worked! Also, I am looking into this answer https://stackoverflow.com/questions/44377238/use-ssh-credentials-in-jenkins-pipeline-with-ssh-scp-or-sftp, posted by tianzhipeng, would you mind taking a look? I am close to implementing the ssh key, but I dont know what is the keyFileVariable: 'keyfile' used for? – Elydasian Apr 20 '22 at 13:01
  • @Elydasian I would assume an sshAgent step is enough. I have edited the answer to include an example, as well as relevant links to documentation. – VonC Apr 20 '22 at 13:31
  • yes, on my side I cannot install the sshagent, how would that example look if you were to use the withCredentials method? Assuming the Credentials Binding Plugin, Credentials Plugin are present? (I have quite a bit of logic in this, and I need to use it with those plugins) – Elydasian Apr 20 '22 at 13:36
  • @Elydasian OK. I have edited the answer to add the version using `withCredentials`. – VonC Apr 20 '22 at 13:40
  • YESSSSS, thank you very much!! Just tell me, whats that keyFileVariable? – Elydasian Apr 20 '22 at 13:40
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/244054/discussion-between-vonc-and-elydasian). – VonC Apr 20 '22 at 13:45
  • Hello @VonC, im using withCredentials, but i get this error "fatal: not a git repository (or any parent up to mount point /var)" – dssof Feb 01 '23 at 18:12
  • @dssof That means the job did not checkout a Git repository. Try and ask a separate question with more details on your Jenkins setup and job configuration. – VonC Feb 01 '23 at 18:29