Jenkinsfile and git authentication on Windows

· Read in about 2 min · (358 words) ·

In this post are my notes on how to get working git commands from Jenkinsfile running on Windows build agents.

Password authentication

Setting up username and password in Jenkins server

  • First in Jenkins server add a new Credentials entry of type Username with password: Jenkins username and password.
  • Set ID to repo_auth
    • This is later referenced in Jenkinsfile step withCredentials
  • Set Username
  • Set Password

Sample Jenkinsfile

  • Now the system is ready to use above information from Jenkinsfile
  • Build script then does following:
    1. Fetches username and password into environment variables
    2. Invokes any git command which requires authentication
pipeline {
  agent { label 'vs2017' }

  environment {
    RELEASE_NUMBER = '1.0'
    VERSION_NUMBER = VersionNumber(versionNumberString: '1.0.${BUILDS_ALL_TIME}.0')
  }

  stages {
    stage('Compile'){
      steps {
        echo 'Compiling'

        bat "\"${tool name: 'Default', type: 'msbuild'}\\msbuild.exe\" \"build.msbuild\" /p:BuildNumber=${VERSION_NUMBER}"
      }
    }
    stage('Tagging') {
      steps {
        withCredentials([usernamePassword(credentialsId: 'repo_auth', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) {
          bat "git tag 'build-${VERSION_NUMBER}'"
          bat "git push http://${GIT_USERNAME}:${GIT_PASSWORD}@repourl.com/test.git --tags"
        }
      }
    }
}

SSH key authentication (Github)

Setting up known hosts in Jenkins server

  • First in Jenkins server add a new Credentials entry of type Secret text Jenkins SSH known hosts.
  • Set ID to github-knownhosts
    • This is later referenced in Jenkinsfile step withCredentials
  • Set the content of known_hosts file as value

Setting up the SSH key in Jenkins server

  • Now in Jenkins server add a new Credentials entry of type SSH Username with private key Jenkins SSH username with private key.
  • Set ID to github
    • This is later referenced in Jenkinsfile step withCredentials

Sample Jenkinsfile

  • Now the system is ready to use above information from Jenkinsfile
  • Build script then does following (I am using these from docker build agents so the build agent always starts from scratch):
    1. Populates id_rsa key with received keyFileVariable
    2. Populates known_hosts
    3. Invokes any git command which requires authentication
pipeline {
  agent {label 'machine'}

  environment {
    RELEASE_NUMBER = '1.0'
    VERSION_NUMBER = VersionNumber(versionNumberString: '1.0.${BUILDS_ALL_TIME}.0')
  }

  stages {
    stage('Build') {
      steps {
        bat "powershell.exe -NonInteractive -ExecutionPolicy Bypass -Command \"\$ErrorActionPreference='Stop';[Console]::OutputEncoding=[System.Text.Encoding]::UTF8;.\\build.ps1;EXIT \$global:LastExitCode\""
      }
    }
    stage('Publish on Github') {
      steps {
        withCredentials([
          string(credentialsId: 'github-knownhosts', variable: 'KNOWN_HOSTS'),
          sshUserPrivateKey(credentialsId: 'github', keyFileVariable: 'RSA_KEY', usernameVariable: 'SSH_USER')
        ]) {
          bat "mkdir ${USERPROFILE}\\.ssh"
          bat "copy ${RSA_KEY} ${USERPROFILE}\\.ssh\\id_rsa"
          bat "echo ${KNOWN_HOSTS} > ${USERPROFILE}\\.ssh\\known_hosts"

          bat "git tag 'build-${VERSION_NUMBER}'"
          bat "git push ${SSH_USER}@github.com:/project/repo.git --tags"
        }
      }
    }
  }
}