为什么jenkins管道无法访问某些秘密_Jenkins

为什么jenkins管道无法访问某些秘密

jenkins

为什么jenkins管道无法访问某些秘密,jenkins,Jenkins,我正在jenkins中定义一些秘密凭证，现在我在jenkins管道中使用它，如下所示： pipeline { agent { node { label 'jenkins-master' } } environment { GITHUB_USERNAME = credentials('github-username') GITHUB_PASSWORD = c

我正在jenkins中定义一些秘密凭证，现在我在jenkins管道中使用它，如下所示：

pipeline {
    
    agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_USERNAME     = credentials('github-username')
        GITHUB_PASSWORD     = credentials('github-password')
        GITHUB_PASSWORD1    = credentials('github-password-1')
        df    = credentials('123')
    }

    stages {
        stage('checkout-source') {
            steps {
                git credentialsId: 'gitlab-project-auth',
                url: 'https://github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git'
             } 
        }
        
       stage('publish') {
            steps{
                sh "git config --global user.email \"jiangtingqiang@gmail.com\""
                sh "git config --global user.name \"jiangxiaoqiang\""
                sh "git add -A"
                sh "git diff-index --quiet HEAD || git commit -m \"[docs] scheduled auto commit task\" || git push"
                sh "echo ${GITHUB_USERNAME}"
                sh "echo ${GITHUB_PASSWORD}"
                sh "echo ${GITHUB_PASSWORD1}"
                sh "echo ${df}"
                sh "git push https://${GITHUB_USERNAME}:${GITHUB_PASSWORD}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_CRED = credentials('github-cred')
    }

    stages {  
       stage('publish') {
            steps{
                sh "echo ${GITHUB_CRED_USR}"
                sh "echo ${GITHUB_CRED_PSW}"
                sh "git push https://${GITHUB_CRED_USR}:${GITHUB_CRED_PSW}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

但似乎只有第一个工作，这是构建日志输出：

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/****/xiaoqiang-blog-source.git # timeout=10
Fetching upstream changes from https://github.com/****/xiaoqiang-blog-source.git
 > git --version # timeout=10
 > git --version # 'git version 2.11.0'
 > git fetch --tags --progress -- https://github.com/****/xiaoqiang-blog-source.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 # timeout=10
 > git branch -a -v --no-abbrev # timeout=10
 > git branch -D master # timeout=10
 > git checkout -b master d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 # timeout=10
Commit message: "[docs] add jenkinsfiles"
 > git rev-list --no-walk d24abcbc136a3f050b9c1aa365bf30dcc6b77bb9 # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (publish)
[Pipeline] sh
+ git config --global user.email jiangtingqiang@gmail.com
[Pipeline] sh
+ git config --global user.name ****
[Pipeline] sh
+ git add -A
[Pipeline] sh
+ git diff-index --quiet HEAD
[Pipeline] sh
+ echo ****
****
[Pipeline] sh
+ echo

[Pipeline] sh
+ git push https://****:@github.com/****/xiaoqiang-blog-source.git
remote: Invalid username or password.
fatal: Authentication failed for 'https://****:@github.com/****/xiaoqiang-blog-source.git/'
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 128
Finished: FAILURE

配置凭据中是否缺少某些内容？

您不能按原样使用jenkins凭据

请查看stackoverflow，答案解释了如何从bash脚本运行push。

您不能按原样使用jenkins凭据

请查看stackoverflow，答案解释了如何从bash脚本运行push。

这里我不回答如何使用git。我的答案是关于jenkins中的秘密用法

你使用了哪种秘密？密文

使用secrets-用户名和密码时，您可以单独调用用户名和密码，如下所示：

pipeline {
    
    agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_USERNAME     = credentials('github-username')
        GITHUB_PASSWORD     = credentials('github-password')
        GITHUB_PASSWORD1    = credentials('github-password-1')
        df    = credentials('123')
    }

    stages {
        stage('checkout-source') {
            steps {
                git credentialsId: 'gitlab-project-auth',
                url: 'https://github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git'
             } 
        }
        
       stage('publish') {
            steps{
                sh "git config --global user.email \"jiangtingqiang@gmail.com\""
                sh "git config --global user.name \"jiangxiaoqiang\""
                sh "git add -A"
                sh "git diff-index --quiet HEAD || git commit -m \"[docs] scheduled auto commit task\" || git push"
                sh "echo ${GITHUB_USERNAME}"
                sh "echo ${GITHUB_PASSWORD}"
                sh "echo ${GITHUB_PASSWORD1}"
                sh "echo ${df}"
                sh "git push https://${GITHUB_USERNAME}:${GITHUB_PASSWORD}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_CRED = credentials('github-cred')
    }

    stages {  
       stage('publish') {
            steps{
                sh "echo ${GITHUB_CRED_USR}"
                sh "echo ${GITHUB_CRED_PSW}"
                sh "git push https://${GITHUB_CRED_USR}:${GITHUB_CRED_PSW}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

此外，它还说明了您在哪里存储凭据：在全局范围还是在项目范围内。

这里我不回答如何使用git。我的答案是关于jenkins中的秘密用法

你使用了哪种秘密？密文

使用secrets-用户名和密码时，您可以单独调用用户名和密码，如下所示：

pipeline {
    
    agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_USERNAME     = credentials('github-username')
        GITHUB_PASSWORD     = credentials('github-password')
        GITHUB_PASSWORD1    = credentials('github-password-1')
        df    = credentials('123')
    }

    stages {
        stage('checkout-source') {
            steps {
                git credentialsId: 'gitlab-project-auth',
                url: 'https://github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git'
             } 
        }
        
       stage('publish') {
            steps{
                sh "git config --global user.email \"jiangtingqiang@gmail.com\""
                sh "git config --global user.name \"jiangxiaoqiang\""
                sh "git add -A"
                sh "git diff-index --quiet HEAD || git commit -m \"[docs] scheduled auto commit task\" || git push"
                sh "echo ${GITHUB_USERNAME}"
                sh "echo ${GITHUB_PASSWORD}"
                sh "echo ${GITHUB_PASSWORD1}"
                sh "echo ${df}"
                sh "git push https://${GITHUB_USERNAME}:${GITHUB_PASSWORD}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

agent { 
        node {
            label 'jenkins-master'
        }
    }

    environment {
        GITHUB_CRED = credentials('github-cred')
    }

    stages {  
       stage('publish') {
            steps{
                sh "echo ${GITHUB_CRED_USR}"
                sh "echo ${GITHUB_CRED_PSW}"
                sh "git push https://${GITHUB_CRED_USR}:${GITHUB_CRED_PSW}@github.com/jiangxiaoqiang/jiangxiaoqiang.github.io.git"
            }
        }
    }
}

此外，它还决定了您将凭证存储在哪里：全局范围还是项目范围