So ideally I'd recommend using ssh-agent, though you may in that case need to force the checkout credentials to be ssh variant to have consistent behaviour.
And you may want to ensure that your pipeline doesn't go commit on anything other than blessed branches... keep in mind PRs will have access to the ssh-agent unless you use the trusted override for the origin jenkinsfile (which means you may not get PR validation of Jenkinsfile changes) (There is some philosophical differences in how multi-branch should work with various trust constraints... my view is that the job should be able to define rules that get applied to untrusted branches... jesse's view is that the target branch's jenkinsfile should apply the rules and use trusted revision feature to ensure that untrusted branches cannot supply their own jenkinsfile... there are swings and roundabouts in this, no one answer is correct... pipeline follows jesse's thinking ATM) So anyway, using ssh-agent to wrap the git commits is probably best... certainly reduces the boilerplate. (Downside is getting ssh-agent to work on all build nodes) On Wednesday, 30 November 2016, Torsten Reinhard <[email protected]> wrote: > See also http://stackoverflow.com/questions/39237910/jenkins- > pipeline-cannot-check-code-into-git > - but thereĀ“s no real answer, just workarounds using ssh-agent - or a > different protocol with user/password. > > So still the question: Any idea how to setup this in a straight-forward > manner ? > > Am Mittwoch, 30. November 2016 12:20:22 UTC+1 schrieb Torsten Reinhard: >> >> Hi all, >> >> I have a Multi Branch Project, using a *.git Repository. All branches are >> detected and the checkout is working. >> In my JenkinsFile I need to execute some "git" commands, like: >> >> ... >> sh "git tag -d FOR_INTEGRATION_TESTING" // removes >> the tag in local env. >> sh "git push origin :refs/tags/FOR_INTEGRATION_TESTING" // >> removes the tag in remote env. >> sh "git tag -a FOR_INTEGRATION_TESTING" // adds >> the tag to different commit >> sh "git push origin FOR_INTEGRATION_TESTING" // pushes >> the change to the remote >> ... >> >> How can I apply the credentials here ? >> When trying >> >> withCredentials [$class: 'UsernamePasswordMultiBinding', credentialsId: >> git_creds, usernameVariable: 'G_USER', passwordVariable: 'G_PASS'] { >> ... >> } >> >> >> I see this exception: >> >> org.jenkinsci.plugins.credentialsbinding.impl.CredentialNotFoundException: >> Credentials 'a378e16a-3d20-4465-aef1-b2bd233f15b6' is of type 'SSH Username >> with private key' >> where >> 'com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials' >> was expected >> >> >> Is there another class instead of "UsernamePasswordMultiBinding" I have >> to use? >> >> Thanx for pointing me in the right direction, >> >> Torsten >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <javascript:_e(%7B%7D,'cvml','jenkinsci-users%[email protected]');> > . > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/493ec847-06ac-486d-befb-26c9d9496b92%40googlegroups. > com > <https://groups.google.com/d/msgid/jenkinsci-users/493ec847-06ac-486d-befb-26c9d9496b92%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Sent from my phone -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMx9N8tBDWhjaF2L4sEresc-0JWDyTua4pvxUbhJrsqfkA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
