Jenkinsfile and git authentication on Windows

· Read in about 2 min · (358 words) ·

In this post are my notes on how to get working git commands from Jenkinsfile running on Windows build agents.

Password authentication

Setting up username and password in Jenkins server

  • First in Jenkins server add a new Credentials entry of type Username with password: Jenkins username and password.
  • Set ID to repo_auth
    • This is later referenced in Jenkinsfile step withCredentials
  • Set Username
  • Set Password

Sample Jenkinsfile

  • Now the system is ready to use above information from Jenkinsfile
  • Build script then does following:

    1. Fetches username and password into environment variables
    2. Invokes any git command which requires authentication

      pipeline {
      agent { label 'vs2017' }
      
      environment {
      RELEASE_NUMBER = '1.0'
      VERSION_NUMBER = VersionNumber(versionNumberString: '1.0.${BUILDS_ALL_TIME}.0')
      }
      
      stages {
      stage('Compile'){
      steps {
      echo 'Compiling'
      
      bat "\"${tool name: 'Default', type: 'msbuild'}\\msbuild.exe\" \"build.msbuild\" /p:BuildNumber=${VERSION_NUMBER}"
      }
      }
      stage('Tagging') {
      steps {
      withCredentials([usernamePassword(credentialsId: 'repo_auth', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) {
        bat "git tag 'build-${VERSION_NUMBER}'"
        bat "git push http://${GIT_USERNAME}:${GIT_PASSWORD}@repourl.com/test.git --tags"
      }
      }
      }
      }
      

SSH key authentication (Github)

Setting up known hosts in Jenkins server

  • First in Jenkins server add a new Credentials entry of type Secret text Jenkins SSH known hosts.
  • Set ID to github-knownhosts
    • This is later referenced in Jenkinsfile step withCredentials
  • Set the content of known_hosts file as value

Setting up the SSH key in Jenkins server

  • Now in Jenkins server add a new Credentials entry of type SSH Username with private key Jenkins SSH username with private key.
  • Set ID to github
    • This is later referenced in Jenkinsfile step withCredentials

Sample Jenkinsfile

  • Now the system is ready to use above information from Jenkinsfile
  • Build script then does following (I am using these from docker build agents so the build agent always starts from scratch):

    1. Populates id_rsa key with received keyFileVariable
    2. Populates known_hosts
    3. Invokes any git command which requires authentication

      pipeline {
      agent {label 'machine'}
      
      environment {
      RELEASE_NUMBER = '1.0'
      VERSION_NUMBER = VersionNumber(versionNumberString: '1.0.${BUILDS_ALL_TIME}.0')
      }
      
      stages {
      stage('Build') {
      steps {
      bat "powershell.exe -NonInteractive -ExecutionPolicy Bypass -Command \"\$ErrorActionPreference='Stop';[Console]::OutputEncoding=[System.Text.Encoding]::UTF8;.\\build.ps1;EXIT \$global:LastExitCode\""
      }
      }
      stage('Publish on Github') {
      steps {
      withCredentials([
        string(credentialsId: 'github-knownhosts', variable: 'KNOWN_HOSTS'),
        sshUserPrivateKey(credentialsId: 'github', keyFileVariable: 'RSA_KEY', usernameVariable: 'SSH_USER')
      ]) {
        bat "mkdir ${USERPROFILE}\\.ssh"
        bat "copy ${RSA_KEY} ${USERPROFILE}\\.ssh\\id_rsa"
        bat "echo ${KNOWN_HOSTS} > ${USERPROFILE}\\.ssh\\known_hosts"
      
        bat "git tag 'build-${VERSION_NUMBER}'"
        bat "git push ${SSH_USER}@github.com:/project/repo.git --tags"
      }
      }
      }
      }
      }