Reading this answer the way of checking out an external project from a jenkins pipeline is as follows:
git branch: 'master',
credentialsId: '12345-1234-4696-af25-123455',
url: 'ssh://git#bitbucket.org:company/repo.git'
The author of the post also says:
If you're using the ssh url then your credentials must be username + private key. If you're using the https clone url instead of the ssh one, then your credentials should be username + password.
However, not fully clear how the second case works (https URL and username + password)... Which syntax is use in this case for creadentialsId? Or that field is not used and others are used to specify username and password? Could somebody provide an example of it, please?
Thanks!
Store the username and password on Jenkins by following:
https://www.jenkins.io/doc/book/using/using-credentials/
Adding new global credentials To add new global credentials to your
Jenkins instance:
If required, ensure you are logged in to Jenkins (as a user with the
Credentials > Create permission). From the Jenkins home page (i.e. the
Dashboard of the Jenkins classic UI), click Manage Jenkins > Manage
Credentials. image
Under Stores scoped to Jenkins on the right, click on Jenkins. image
Under System, click the Global credentials (unrestricted) link to
access this default domain. image
Click Add Credentials on the left. Note: If there are no credentials
in this default domain, you could also click the add some credentials
link (which is the same as clicking the Add Credentials link). From
the Kind field, choose the type of credentials to add. From the Scope
field, choose either: Global - if the credential/s to be added is/are
for a Pipeline project/item. Choosing this option applies the scope of
the credential/s to the Pipeline project/item "object" and all its
descendent objects. System - if the credential/s to be added is/are
for the Jenkins instance itself to interact with system administration
functions, such as email authentication, agent connection, etc.
Choosing this option applies the scope of the credential/s to a single
object only. Add the credentials themselves into the appropriate
fields for your chosen credential type: Secret text - copy the secret
text and paste it into the Secret field. Username and password -
specify the credential’s Username and Password in their respective
fields. Secret file - click the Choose file button next to the File
field to select the secret file to upload to Jenkins. SSH Username
with private key - specify the credentials Username, Private Key and
optional Passphrase into their respective fields. Note: Choosing Enter
directly allows you to copy the private key’s text and paste it into
the resulting Key text box. Certificate - specify the Certificate and
optional Password. Choosing Upload PKCS#12 certificate allows you to
upload the certificate as a file via the resulting Upload certificate
button. Docker Host Certificate Authentication - copy and paste the
appropriate details into the Client Key, Client Certificate and Server
CA Certificate fields. In the ID field, specify a meaningful
credential ID value - for example,
jenkins-user-for-xyz-artifact-repository. The inbuilt (default)
credentials provider can use upper- or lower-case letters for the
credential ID, as well as any valid separator character, other
credential providers may apply further restrictions on allowed
characters or lengths. However, for the benefit of all users on your
Jenkins instance, it is best to use a single and consistent convention
for specifying credential IDs. Note: This field is optional. If you do
not specify its value, Jenkins assigns a globally unique ID (GUID)
value for the credential ID. Bear in mind that once a credential ID is
set, it can no longer be changed. Specify an optional Description for
the credential/s. Click OK to save the credentials
Then, use the ID from that in the credentialsId field in the code above.
Related
I am trying to release the app to the app store but as 2FA is now mandatory for the apple account I am facing an issue while uploading the app to the store.
I tried using FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD as per the this link
but it did not work out.
I have added an app-specific password in the service connection as well.
after adding an app-specific password in that and got the following error:
also, it is saying that you can pass the password using FASTLANE_PASSWORD in the environment variable but I don't know how to pass it.
I went through the answer provided by
Two-factor Authentication With Fastlane
but it's not helping me with Azure DevOps. Is there another way to make it work?
When you download the API key, you will get a .p8 certificate (e.g AuthKey_426ZIF325NY.p8) but most probably you cannot save this file as a pipeline variable, but you can save it as a string.
Open terminal and go to your Download Folder then open your file with some Text Editor (preferred) e.g vim AuthKey_426ZIF325NY.p8 or nano AuthKey_426ZIF325NY.p8, but you can use any editor you are familiar with (e.g VS Code).
You will get something like this:
You need to to save this key as string, but you cannot just copy the content, because there are some \n symbols you do not see and you will not copy them with normal copy/paste. So you need to add them manually and delete the line brakes:
Before:
-----BEGIN PRIVATE KEY-----
GTAGTAgEAMBMGByqGSM49AgEGTTqGSM49AwEHBHkwdwIBAQQg6YnlZ7oLdukc99KL
TZBVNjYeCpNQtZh3uY2SZw6jh+igCgYIKoZIzj0DAQehRANCAAQ2dMU6ss1I3760
OLjYhPBLn5f1T9ZXVbI4kFcKARM/JfPOKh7rK95LHoEOGdpBQHEaAmZo0x2pnF1+
AhD4UTiE
-----END PRIVATE KEY-----
After:
"-----BEGIN PRIVATE KEY-----\nGTAGTAgEAMBMGByqGSM49AgEGTTqGSM49AwEHBHkwdwIBAQQg6YnlZ7oLdukc99KL\nTZBVNjYeCpNQtZh3uY2SZw6jh+igCgYIKoZIzj0DAQehRANCAAQ2dMU6ss1I3760\nOLjYhPBLn5f1T9ZXVbI4kFcKARM/JfPOKh7rK95LHoEOGdpBQHEaAmZo0x2pnF1+\n
AhD4UTiE\n-----END PRIVATE KEY-----"
Now save this "After" parameter (but use your certificate) as a pipeline variable with name key.
You Upload Job (Upload to TestFlight) needs access to this certificate and other two variables.
If you want, you can post your fastlane upload lane here and I will write you the additonal part.
How about setting all of the three variables to be environment variables?
FASTLANE_PASSWORD
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD
FASTLANE_SESSION
In addition, please note that, unlike the normal pipeline variables, the secret pipeline variables will not be automatically mapped as environment variables on the agents during the pipeline running. You need to explicitly map secret variables to be environment variables. For details, see "Set secret variables".
[UPDATE]
The FASTLANE_PASSWORD should be the password of your iCloud account (or App Store Connect account). However usually it is not necessary in CI/CD pipeline.
You can try the following command line:
fastlane spaceauth -u <your-email-address>
This command line can generate a login session for your Apple ID in advance. Then you need to store the generated value inside the FASTLANE_SESSION environment variable on the agent machine.
To view more details, you can see "Storing a manually verified session using spaceauth".
Most probably the FASTLANE_SESSION is not valid anymore, so you need to create a new: https://docs.fastlane.tools/best-practices/continuous-integration/
Recommended way is to use the App Store Connect API, so you do not need 2FA and do not need to recreate fastlane session:
https://docs.fastlane.tools/app-store-connect-api/
You need to set key_id, issuer_id and key once (the key can be stored as a String) and no need to change it ever.
The Account Holder must give you access to the App Store Connect API.
There are few solutions, but you can use pipeline variables for instance.
Name: key_id
Value: <You will find this in AppStoreConnect>
Name: issuer_id
Value: <You will find this in AppStoreConnect>
Name: key
Value: <Open the .p8 Certificate in editor and add '\n' for every newline>
Jenkins blue ocean pretty cool continuous integration tool, but I faced the following problem:
At the main page, as was asked, I inserted my GitHub access token
And after that I realized that was incorrect token from another company.
And now I want to change to another token but there is no option to do that. I'm always getting the following screen without the possibility to change the key.
I found out that if I the token was deleted from GiHub tokens page I can insert the new one at the page depicted above. But now there is no way to delete that token. I need to resolve the problem from Jenkins UI.
Any Ideas how to change?
Steps to delete the Access-Token:
Go to the 'old' interface (i.e. not Blue Ocean)
Click on your username in the top right
Click on Credentials on the left
You should see an entry with the domain blueocean-github-domain the id github and the name <username>/****** (Github Access Token).
Delete it.
Afterward, BlueOcean will ask for an Access Token again, when using "Github" as the source.
I tried many things, at the moment best solution is to delete project and create new blueocean project with new credentials.
Add a new credential in Jenkins and choose "Username and Password" as the type. The username should be your GitHub username and the password is the API token. Make sure the credential is added to a store that the project has access to.
tkausl's instructions didn't work for me because there was no "Delete" or "Modify" button. So here is my extended solution (it needs shell access).
With shell access, you can find the file where your token is stored (in my case it was ./users//config.xml). However, you cannot just edit that file, because the token is stored in encrypted form (and base64-encoded). So instead, create a new dummy credential with the correct token. The dummy credential gets added (in encrypted form) in the file ./credentials.xml. Open that file and copy the password (in base64 and encrypted form) into where the actual credentials are (./users//config.xml). Finally, go to "Manage Jenkins" > "Reload Configuration from Disk".
I think #bhow has something similar but just to make it clear - you don't need to delete the project or the existing token.
You can go to Blue Ocean, choose the project and then choose the gear icon to change the project settings.
Under "Branch Sources" you'll see the current Github credentials. From there you can choose to add new credentials. In my case I added a new "Username with password" where the username was my username, and password was my Github token. By choosing this new option from the credentials dropdown I could see that the authenticated user changed.
i am using jenkins masking plugin to mask the passwords.
I have an user (i054564) defined in credentials as username/password type
The user name /password is defined in the bindings section as well as in the mask password subsection of Build environment section.So whenever i am using that user/password in my build job as a variable, the password is not masked and logged in the console
Some snapshots have been attached to depict the problem
Snapshot -1 Build specific settings
Snapshot -2 Credentials settings
Snapshot -3 Manage Jenkins Mask password settings
Strange thing is initially it works and then after 2-3 builds it stops working.
please let me know if you need any further details
best Regards,
Saurav
You can use "Inject passwords to the build as environment variables" from Build Environment and defined its value as your "password parameter". ( password parameter - for which you can ask user to enter the password at run time). (e.g.: define inject password value as : ${password_parameter} ).
The password which you will pass while running job will display as [*******]
I want to verify and validate credentials (user and password) by using Credentials-plugin for Jenkins. I added Credentials-plugin in my POM file. But I don't know how to verify access to my domain name.
Do you have any idea how I can verify credentials for a domain name (aa.example.com) by using credentials-plugin through java.
Thanks
Jenkins 'credential' plugin is to facilitate keeping passwords(user/pwd or any other form) safe outside of code. So you can only use those wherever you want in code by using the variable names you have created in configuration. Jenkins will get this password to you wherever you ask but it will not use those for any authentication. It is up to us to get the values through system vairables and use them to authenticate for given domain name. Refer below to see if that is helping you.
Inject passwords to the build as environment variables
When I go to mydomain.example:8080 there is no authorization mechanism by default. I have had look at the configuration area but cannot find anywhere to add a basic username and password
Go to Manage Jenkins > Configure Global Security and select the Enable Security checkbox.
For the basic username/password authentication, I would recommend selecting Jenkins Own User Database for the security realm and then selecting Logged in Users can do anything or a matrix based strategy (in case when you have multiple users with different permissions) for the Authorization.
Assuming you have Manage Jenkins > Configure Global Security > Enable Security and Jenkins Own User Database checked you would go to:
Manage Jenkins > Manage Users > Create User
Try deleting the .jenkins folder from your system which is located ate the below path.
C:\Users\"Your PC Name"\.jenkins
Now download a fresh and a stable version of .war file from official website of jenkins. For eg. 2.1 and follow the steps to install.
You will be able to do via this method
You need to Enable security and set the security realm on the Configure Global Security page (see: Standard Security Setup) and choose the appropriate Authorization method (Security Realm).
Depending on your selection, create the user using appropriate method. Recommended method is to select Jenkins’ own user database and tick Allow users to sign up, hit Save button, then you should be able to create user from the Jenkins interface. Otherwise if you've chosen external database, you need to create the user there (e.g. if it's Unix database, use credentials of existing Linux/Unix users or create a standard user using shell interface).
See also: Creating user in Jenkins via API
If installed as an admin, use:
uname - admin
pw - the passkey that was generated during installation