Git Clone in Jenkins with Personal Access Token idles forever

git jenkins
17,050

Solution 1

Problem was that I needed to run as myself instead of as jenkins. Running as the user jenkins doesn't allow us to clone.

We can check who we are running as by putting the command whoami into the execute shell build step. If your whoami doesn't match your username (it is most likely that whoami will return jenkins as the username), we have some configuring to do.

Go to the jenkins home, select Manage Jenkins, then select Manage Nodes. Create a new node.

Give this new node one executor, choose "Only build jobs with label expressions matching this node" in usage, and give your project a unique label. Choose "Launch agent agents via SSH" in your launch method. Make your host localhost, and add your credentials (username and password) for logging into the machine you're using. Choose not to verify host keys, and select "Keep this agent online as much as possible" in availability, and save. You'll need to launch the agent.

Now go to your job. Under configure in the General tab, check "Restrict where this job can run" and enter that unique label. Save. Your job should now clone in precisely the same way as your command line git does.

This works on Mac, not sure of windows, but I assume it is basically the same.

Solution 2

I found one more easy option to do this,

please refer to this answer https://stackoverflow.com/a/61104238/5108695

After some intense googling I found the answer, which proved to be a lot easier then I thought:

Apparently a personal access token can be used as a password, as far as Jenkins is concerned at least. I added new credentials to the credential manager, chose type 'username and password', put in a non-existing username ('user') and put the personal access token in the password field.

This way I could choose the credentials from the dropdown as I did before, and the project was cloned without issues

Share:
17,050

Related videos on Youtube

jaredad7
Author by

jaredad7

Graduated from Louisiana Tech University May 2017 with a B.S. in Computer Science and a B.S. in Cyber Engineering. Focused primarily on Cyber Security and secure development, I work at a consulting firm as a security consultant for fortune 500 companies.

Updated on June 04, 2022

Comments

  • jaredad7
    jaredad7 almost 2 years

    We have an enterprise github running on a remote github server outside of our company network and need to use an https proxy to clone. We are not allowed to use password authentication, so either ssh (which is a no go due to proxy issues) or PAT.

    On my command line, the command

    git clone https://user:[email protected]/org/repo.git

    clones the repository no problem, and it takes about 5-10 seconds.

    In Jenkins, the console output reads "cloning into directory-name" and then there's a spinning wheel that spins endlessly and this never resolves.

    I am running this inside an execute shell script as the github plugin runs some commands that apparently still want to do password authentication, even when I feed it the PAT version of the url with no credentials, and I don't see a PAT authorization option in the add credentials modal.

    To clarify the url given to the Jenkins plugin is:

    https://user:[email protected]/org/repo.git

    and I get this sort of output:

    No credentials specified
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://user:[email protected]/org/repo.git # timeout=10
Fetching upstream changes from https://[email protected]/org/repo.git
 > git --version # timeout=10
Setting http proxy: corporateproxy.com:8080
 > git fetch --tags --progress https://[email protected]/org/repo.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://[email protected]/org/repo.git
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:894)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192)
    at hudson.scm.SCM.checkout(SCM.java:504)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1208)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
    at hudson.model.Run.execute(Run.java:1818)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:429)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress https://[email protected]/org/repo.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: remote: Password authentication is not available for Git operations.
remote: You must use a personal access token or SSH key.
remote: See https://github.exampleco.com/settings/tokens or https://github.exampleco.com/settings/ssh
fatal: unable to access 'https://[email protected]/org/repo.git': The requested URL returned error: 403

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2042)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1761)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$400(CliGitAPIImpl.java:72)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:442)
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:892)
    ... 11 more
ERROR: Error fetching remote repo 'origin'
Finished: FAILURE

    I do notice that the user:token@ is dropped in favor of simply user@ after the remote origin is configured. I tried running all of these commands manually in a shell and when I got to the second one, that is:

    git fetch --tags --progress https://user:[email protected]/org/repo.git

    it also just idled forever like the clone command does.

    • JRichardsz
      JRichardsz almost 5 years
      Could you try with user:password instead user: token?
    • jaredad7
      jaredad7 almost 5 years
      That wouldn't work. Password authentication is not allowed. I've found the solution and am in the process of adding an answer here.
  • Dupinder Singh
    Dupinder Singh about 4 years
    Can I have the references? because your posted answer is bit unclear

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Jenkins with Git: Status code 128
How to set tag for Maven release
ERROR: Invalid value of sonar.sources
How to trigger a Jenkins Pipeline on commit to a branch?
Publish Jenkins Job build status to Gitlab commit with Jenkins Pipeline job
How to assign git commit hash to a variable in Jenkins File
How to checkout git repo with an specific revision in Jenkins
Multiple pipelines in one branch with Jenkinsfile
Jenkins unable to fetch repo - code 255 permission denied
Trigger Jenkins build when pull request is merged in Github