I want to use the M2 Relase Plugin to release artifacts on a Jenkins server. The access to and checkout of the sources from Subversion is done with help of the Credentials Plugin. For tagging and committing the changes during the maven release:prepare phase I need (in my case) the same credentials.
Is there a way to convince the M2 Release Plugin to take credentials from the Credentials Plugin?
Note: I don’t want to insert the credentials manually in the SCM login/password fields and I don’t want to store the credentials in an extra settings.xml file on the server as often suggested.
I have implemented the following solution, where I do not have to insert the credentials manually again, but where the credentials are stored in a temporary settings.xml file on the file system during the build.
With help of the Config File Provider Plugin I have created an empty settings.xml and used the stored credentials as server settings. The server id I have filled with the hostname from the scm url (see answer to Externalising SCM credentials with Maven). In the Build Environment section of the Jenkins job configuration I have enabled Provide Configuration Files, selected the self created settings.xml, assigned a Variable and used this variable in Release goals and options with -s $variable (like in Running the Maven Release Plugin with Jenkins).
Related
I have set up a new Jenkins Server and copied the Jobs and plugins from the old Jenkins Server, but stragely there are 2 Options missing while entering a private key for the global User/Account. The Options are "from a file on jenkins master" and "From the Jenkins master ~/.ssh".
I doubt that there is some plugin missing, as I have copied all the plugins from old Server. Any clue will be helpful.
These options was removed due to security reasons since version 1.14 of SSH Credentials Plugin:
SSH Credentials Plugin no longer supports SSH credentials from files on the Jenkins master file system, neither user-specified file paths nor ~/.ssh. Existing SSH credentials of these kinds are migrated to "directly entered" SSH credentials.
I am using bitbucket to host my Jenkins config file. I have one question though. Does Jenkins pull latest config file everytime Jenkin is restarted from bitbucket or will it pull it from local stored configuration and use SCM for only version control?
It works Viceversa. But
By default, SCM Sync plugin will check-in your local Jenkins changes to Bitbucket and keep it in sync with your local system (backup your changes)
if you want to retrieve/get changes from bitbucket you need to do manually "Jenkins->configuration->SCM Sync configuration->Reload config from SCM" manually then only you get backup from bitbucket account otherwise it's going to step 1 as it will keep your files safe in bit bucket
There are lots of question on here about Permission denied (publickey) errors when using the Jenkins git plugin.
Can someone explain the authentication flow this plugin uses to check out a repository? I can't find a good description on the plugin page.
I want to just SSH into the build slave, checkout the repository there, then run my job, but clearly that is not how it works.
I guess I could add my credentials to the jenkins master, but I dont want any code there. I want it on my build slave.
Issue has nothing to do with git really. As their documentation states, it relies on git runtime which in its turn relies on system environment when it comes to secure connections. Ssh requires client to have valid key to connect and fails to that message if client does not provide one. Without any additional actions, key is not injected into environment, so client could not provide any valid key.
What you actually can use is ssh agent plugin. That allows to add key to ssh-agent on slave that will be catched up by git.
I have set up a few Jenkins jobs which are using TFS. For each one I had to manually input TFS username and password inside the TFS plugin.
Is there a way to change password in all jobs using some king of global setting? Or do I have to manually change password on all jobs when I change my password.
Any help would be appreciated.
Thanks,
Daniel
Get latest TFS (5.0.0) and Credentials (2.1.4) plugins.
Add domain and credentials usable to connect to your TFS server via Jenkins > Configure Credentials.
Now select just added domain, click "Configure", and add your TFS server hostname (or proper wildcard) under Hostname > Include, so jenkins will know where provided credentials can be used.
Now, you can just leave user/password fields empty in job's TFS SCM configuration.
Instructions are mostly taken from TFS plugin GitHub page
Even though TFS Plugin bug Allow use of credentials from Credentials Plugin isn't resolved, all is working fine.
The TFS Plugin for Jenkins does not read the global credentials. You need to enter the username and password for each job manually.
In the Jenkins admin you can add "global" credentials. For this, as a Jenkins admin, go in :
Manage Jenkins > Manage Credentials > Add Credentials > Username with password and save it.
These credentials will be available in all the jobs configuration of this Jenkins instance.
If you don't the the Manage Credentials item, you'll maybe need to install the Jenkins Credentials Plugin
I've just setup Jenkins and i have some Repositories in my Stash.
I installed the "Git plugin" in jenkins.
I can now enter the repository url but there is nothing to enter my credentials.
It's possible using
http://username:password#mydomain/xx/yy.git
but that is something i dont want to do.
What else can i do to authenticate?
I am the author of this stash plugin that might help you: https://github.com/palantir/stashbot
Taking selectively from the readme:
To work with Jenkins, you MUST install the following jenkins plugins first.
Jenkins GIT plugin
Post build task
Next, build and install the plugin using the plugin SDK (more details in the readme)
Next, the stash admin goes into the Stashbot Admin page and creates a jenkins server config - here you give it the URL, username/password, etc details of the jenkins server.
Next, for each repository a "Stashbot CI Admin" link shows up for repo admins. From there you can check the "enabled" checkbox and tell it what branches you want build (via a regex) and what command it should run to do the build (optionally verifies and publishes).
After this point, the remainder is completely self-service. Any repo admin can ask for their project to "have CI" by filling out that form, and the jobs will automatically be created in the jenkins server.
Hope that helps.
Set up an SSH key for the user that runs your Jenkins builds and add it to the repository's SSH keys in Stash. See the Stash docs for instructions.
Two things to add to Gareth's answer.
While I agree that using SSH keys are definitely better than hard-coding the username/password, it's worth mentioning that Stash (currently) scales better with HTTP when it comes to CI. If you have quite a few builds we generally recommend using HTTP. We are currently extending our Git cache support to support SSH so this no longer an issue.
Somewhat related, you might be interested in watching and voting for the following feature which will make it easier to create CI specific keys.
Lastly having build icons show up in Stash is surprisingly handy, and you should have a look at the following plugin if you haven't already:
https://github.com/jenkinsci/stashNotifier-plugin
Since version 2.0 of "Git Plugin" for jenkins you should be able to directly add the required credentials for both ssh and username/password (based on credentials plugin).
See changelog of Git plugin: https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin#GitPlugin-Changelog for details.
For further integration of git and stash regarding pull requests you additionally need the "Stash Webhook for jenkins" add-on in stash and the "Stash Notifier" plugin for jenkins to connect each other.