Develop Reference

How do I pass SSH keys from Jenkins Pipeline to Jenkins build jobs?

I'm working on a set of jobs to tag a bunch of related Git repos with the same tag. At the moment, the flow is decomposed into three types of jobs: an overall Jenkins scripted Pipeline, a job that does a build and drops a tag if the build succeeds, and a job triggered by the tagging job that does the final release build. My intention is to allow users to run either the overall pipeline or one of the jobs beneath it depending on if they need to re-run a step in the process or do an entire release.
One of my requirements is that this all needs to happen with the invoking user's credentials, which are then passed to Git so the updates (maven pom changes, etc.) are logged into the commit history as their user. I was successful in this by combining User-scoped credentials with the Authorize Project plugin (so the job can access the user-scoped credentials), the Build User Vars to set user.name and user.email in Git, and the SSH Agent plugin to supply the keys to Git so the commit and tag can be pushed as the correct user.
What I'm trying to do now is collect the user's SSH key with a credentials parameter to the scripted pipeline job and then pass that credentials parameter to the downstream tagging job (which also takes a credentials parameter). Unfortunately, when I do that the downstream job fails because the SSH Agent in the downstream job can't retrieve the credentials based on the value that the credentials parameter in the pipeline passes on to the credentials parameter in the tagging job.
The error I'm getting is:
FATAL:
java.io.IOException: [ssh-agent] Could not find specified credentials
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
at hudson.model.Run.execute(Run.java:1737)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
FATAL: [ssh-agent] Could not find specified credentials
java.io.IOException: [ssh-agent] Could not find specified credentials
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
at hudson.model.Run.execute(Run.java:1737)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
Right now, my Job DSL for the pipeline job looks like this:
parameters {
stringParam('sitePrefix',Projects.siteAbbr,"Three-character site code")
activeChoiceParam('modules'){
choiceType('MULTI_SELECT')
groovyScript{
script("[${projectsAsGroovyString}]")
}
description("Modules to build")
}
credentialsParam('gitUser'){
type('com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey')
required()
description('Personal SSH Key for tagging and releasing')
}
stringParam('gitBranch','develop','Branch to tag')
stringParam('releaseVersion',null,'Version you want to release')
stringParam('developmentVersion',null,'Snapshot version to set after release. If unset, generates a new patch snapshot based on the release version')
}
and my actual pipeline code contains code like this:
def tag_params = [
[$class:'com.cloudbees.plugins.credentials.CredentialsParameterValue',name: 'gitUser',value:params.gitUser],
// credentials(name:'gitUser',value:params.gitUser),
string(name:'gitBranch',value:params.gitBranch),
string(name:'releaseVersion',value:params.releaseVersion),
string(name:'developmentVersion',value:params.developmentVersion),
booleanParam(name:'buildRelease',value:false),
]
stage('Tag bom'){
// Run tag job
build job: "bom_tag_release", parameters: tag_params
// Run release build
build job: "bom_tag_build", parameters: build_params
}
The downstream job is just using another credentials parameter to receive the credentials, not the Credentials Binding plugin because that only seems to handle secret files not the SSH keys that SSH Agent needs. Is passing a credential id from a pipeline to a job even possible or should I be looking at another approach?
Thanks!

Jenkins change job's svn path programatically

I am searching for a best practice for switching svn repo paths from many jenkins jobs at once.
We have many different jobs which all define an svn path and poll our svn repo every 5 minutes.
Normally we build all projects from their trunks (subversion plugin 2.7.1).
But sometimes for bugfix reasons we want to be able to build all or certain projects from predefined tags or branches.
This switch should be made on a global job level not in the actual jobs themselves.
I have defined a job which lists all svn paths for our projects (using List Subversion tags plugin).
When the job gets fired every selected path gets written into a properties file with a key-value pair like "SVN_Projectname=tags/TAGNAME".
When no subversion tag is selected for a project the default vaule "SVN_Projectname=trunk" is written to the file for that project.
This is running without any issues...
I created a test job with a textparameter called "SVN_Projectname" and used the envInject plugin option "Prepare an environment for the run" with "Override Build Parameters" to read the already existent properties file.
Also the subversion plugin is provided with the parameter "${SVN_Projectname}" for the read parameter value from file.
Additional credentials (realm and credentials) are also provided and polling is activated for that job too.
Running that job manually is no problem, but the actual value from the file is generating polling results of the following error (scm-polling.log):
Started on 11.10.2017 14:53:00
Received SCM poll call on master for XXX_TAG on 11.10.2017 14:53:00
ERROR: Failed to check repository revision for http://XXX/svn/repository_XXX/Project/tags/tagname
[8mha:AAAAWB+LCAAAAAAAAP9b85aBtbiIQSmjNKU4P08vOT+vOD8nVc8DzHWhSE4tKMnjz/PLL0ldFVf2c+b/lb8MDAwVRQxSaBqxXTRIIQMEMIIUFgAAckCEiWAAAAA=[0morg.tmatesoft.svn.core.SVNCancelException: svn: E200015: E200015: ISVNAuthentication provider did not provide credentials; HTTP authorization cancelled.
svn: E200015: ISVNAuthentication provider did not provide credentials; HTTP authorization cancelled.
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:66)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:57)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:798)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:391)
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:379)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:862)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:698)
at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:118)
at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1049)
at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:189)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.getRevisionNumber(SvnNgRepositoryAccess.java:119)
at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.getLocations(SvnRepositoryAccess.java:195)
at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepositoryFor(SvnNgRepositoryAccess.java:46)
at org.tmatesoft.svn.core.internal.wc2.remote.SvnRemoteGetInfo.run(SvnRemoteGetInfo.java:46)
at org.tmatesoft.svn.core.internal.wc2.remote.SvnRemoteGetInfo.run(SvnRemoteGetInfo.java:31)
at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1235)
at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
at org.tmatesoft.svn.core.wc.SVNWCClient.doInfo(SVNWCClient.java:2535)
at hudson.scm.SubversionSCM.parseSvnInfo(SubversionSCM.java:1228)
at hudson.scm.CompareAgainstBaselineCallable.call(CompareAgainstBaselineCallable.java:79)
at hudson.scm.CompareAgainstBaselineCallable.call(CompareAgainstBaselineCallable.java:27)
at hudson.remoting.LocalChannel.call(LocalChannel.java:45)
at hudson.scm.SubversionSCM.compareRemoteRevisionWith(SubversionSCM.java:1425)
at hudson.scm.SCM.compareRemoteRevisionWith(SCM.java:391)
at hudson.scm.SCM.poll(SCM.java:408)
at hudson.model.AbstractProject._poll(AbstractProject.java:1460)
at hudson.model.AbstractProject.poll(AbstractProject.java:1363)
at jenkins.triggers.SCMTriggerItem$SCMTriggerItems$Bridge.poll(SCMTriggerItem.java:128)
at hudson.triggers.SCMTrigger$Runner.runPolling(SCMTrigger.java:557)
at hudson.triggers.SCMTrigger$Runner.run(SCMTrigger.java:603)
at hudson.util.SequentialExecutionQueue$QueueEntry.run(SequentialExecutionQueue.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.tmatesoft.svn.core.SVNCancelException: svn: E200015: ISVNAuthentication provider did not provide credentials; HTTP authorization cancelled.
at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:728)
... 34 more
Done. Took 0,17 sec
No changes
While i have provided all credentials to the job and starting the job manually, there is no problem. I dont understand what the actual problem is...
Or is there a better way of automating such a behavior?
Maybe manipulating the projects config.xmls with a changed svn path is a possibility?
But then jenkins service would have to be restarted? and i would prefer to make the change on the fly ^^

Jenkins ssh agent, private key without password

I am trying to get my Jenkins publish files over ssh. I use pipeline scripts, that is because I have to use the ssh agent. But I am not able to configure it correctly, it is always throwing an exception. This is what I did so far for debugging:
I configured ssh credentials on the "Publish over SSH" part in global settings and as credentials (SSH Username with private key).
I use a file on the master without passphrase.
I created a freestyle job and configured the "Publish SSH"-Plugin to make an "ls" on the remote machine. This works.
I checked the box to use "ssh agent", but this leads to an exception:
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent] Java/JNR ssh-agent
[ssh-agent] Skipped registering BouncyCastle, not running on a remote agent
[ssh-agent] Started.
[ssh-agent] Unable to read key: Unable to create OpenSSL PBDKF: Could not generate secret key
org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key
at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
at jenkins.bouncycastle.api.PEMEncodable.decode(PEMEncodable.java:162)
at com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.addIdentity(JNRRemoteAgent.java:79)
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper$SSHAgentEnvironment.add(SSHAgentBuildWrapper.java:395)
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:229)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:528)
at hudson.model.Run.execute(Run.java:1741)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:410)
Caused by: java.security.spec.InvalidKeySpecException: Could not generate secret key
at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:347)
... 15 more
Caused by: java.lang.IllegalArgumentException: password empty
at org.bouncycastle.jcajce.provider.symmetric.OpenSSLPBKDF$PBKDF.engineGenerateSecret(Unknown Source)
at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:336)
... 15 more
I tried to type some dummy passphrase, this leads to a different exception (something with "check your credentials").
I tried to set the path for the key file to something different, this leads to a third exception (Like FileNotFound)
There is no difference between running on master or slave.
The error message "password empty" looks as if the empty passphrase makes problems - but the "publish over ssh" plugin has no problems with it, so I think it should be ok like this.
I have no idea what else I could check. I am near to create a freestyle job with "publish over ssh" which is triggered by my pipeline job... but seriously this is not the way it should be done?...

jenkins job triggering downstram job with paramenters not working

I am trying to execute a downstream job using the jenkins plugin to pass the parameters to the downstream job. I have added the following configuration as a build step: . The top job completes successfully however in the downstream job, where I am using jenkins plugin for docker build and push, it does not accept the JBNAME :
Building in workspace /home/jenkins/workspace/dockerbuild
ERROR: Unrecognized macro '**JBNAME**' in 'url/repo/**${JBNAME**}'
org.jenkinsci.plugins.tokenmacro.MacroEvaluationException: Unrecognized macro 'JBNAME' in 'url/repo/**${JBNAME}**'
at org.jenkinsci.plugins.tokenmacro.TokenMacro.expand(TokenMacro.java:207)
at org.jenkinsci.plugins.tokenmacro.TokenMacro.expandAll(TokenMacro.java:246)
at org.jenkinsci.plugins.tokenmacro.TokenMacro.expandAll(TokenMacro.java:232)
at com.cloudbees.dockerpublish.DockerBuilder$Perform.expandAll(DockerBuilder.java:324)
at com.cloudbees.dockerpublish.DockerBuilder$Perform.getImageTags(DockerBuilder.java:336)
at com.cloudbees.dockerpublish.DockerBuilder$Perform.exec(DockerBuilder.java:305)
at com.cloudbees.dockerpublish.DockerBuilder$Perform.access$100(DockerBuilder.java:291)
at com.cloudbees.dockerpublish.DockerBuilder.perform(DockerBuilder.java:262)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.Build$BuildExecution.build(Build.java:205)
at hudson.model.Build$BuildExecution.doRun(Build.java:162)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
at hudson.model.Run.execute(Run.java:1720)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:404)
Build step 'Docker Build and Publish' marked build as failure
Finished: FAILURE
When I look at the parameters link on the failed build page, the field is empty, it did not pass any parameters, including current or predefined:
I am lost at the moment. I really need to pass the upstream job name to the docker build job in order to preserve the proper container naming.
Thank You very much!

Recent Jenkins versions do not allow undeclared parameters anymore. See related security advisory for details.
In your case the you probably could just declare the JBNAME as a parameter for the downstream job. I.e. select
This build is parameterized in the downstream job configuration and add new string parameter of name JBNAME.

Jenkins - Integrating JIRA with Jenkins, for creating ticket automatically when build fails, in Jenkins

I am using Jenkins to run jobs and want to create/update tickets in JIRA, whenever build fails. I have downloaded JIRA plugin, Jira Issue Updater, JiraTestResultReporter plugins and configured URL and credentials, under Manage Jenkins/Configure System.
In the job am running, under Post-build Actions, I added 'Create Jira Issue' with project key, assignee name etc and 'Jira Test Result Reporter' with all required credentials.
I get the following error in the console:
ERROR: Publisher 'Jira Test Result Reporter' aborted due to exception:
java.lang.NoSuchMethodError: hudson.model.AbstractBuild.getTestResultAction()Lhudson/tasks/test/AbstractTestResultAction;
at JiraTestResultReporter.JiraReporter.perform(JiraReporter.java:105)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:726)
at hudson.model.Build$BuildExecution.post2(Build.java:185)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:671)
at hudson.model.Run.execute(Run.java:1769)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:374)
Finished: FAILURE
Any idea whats going wrong? Is it not able to find the project? I have access to create ticket in the project specified, in jira.

It is generally possible to create tickets in JIRA programmatically, for example via their REST API.
Regarding your error, this behavior was introduced when the method signature of getTestResultAction() changed to return an Action instead of an AbstractTestResultAction.
The effect on the JiraTestResultReporter plugin is a known issue and is tracked at JENKINS-25140.
The error was fixed in the source of the plugin a while ago, but is still pending a release.
Solution:
As a workaround, Daniel Beck suggests to build and install a snapshot of the current JiraTestResultReporter plugin which seems to solve this particular error (see comments to the Jenkins ticket mentioned above).