0

Checkout using GitSCM using Github Organization.

We have setup a Github organization in Jenkins using the Github Branch Source plugin. For the scanning credentials we use an OAuth token (set as username/password with the token in the password and an empty username).

How do we checkout the projects over SSH? When we use

checkout scm

 Jenkins tries to checkout using username password which won't work because we set an OAuth token.

I assume I need to do something more advanced along the lines of this:

sshagent(['c798bf84-708c-4615-8559-9768100e4f96']) {
checkout([
$class: 'GitSCM',
branches: scm.branches,
doGenerateSubmoduleConfigurations: scm.doGenerateSubmoduleConfigurations,
extensions: scm.extensions,
userRemoteConfigs: scm.userRemoteConfigs
])
}

I assume I am really close to solving the issue. Here is the SCM documentation link:
https://jenkins.io/doc/pipeline/steps/workflow-scm-step/

And here the Github Branch Source Plugin Documentation:
https://go.cloudbees.com/docs/plugins/github-branch-source/#github-branch-source-sect-intro

I just cannot figure out how to get the SSH URL from the Branch Source Plugin and pass that into the SCM.

Help would be greatly appreciated.

 

2 comments

  • 0
    Avatar
    Denys Digtiar

    Hi Jor,

    There should be no need to change the `checkout` step. In the behaviors section of the GitHub Organization's configuration look for the "Checkout over SSH". Once it is added the `checkout scm` should be preconfigured with ssh remote and credentials for you.

  • 0
    Avatar
    Jor Sanders

    Hi Denys,

    Thanks you for the help. I didn't think to check under the behaviors, this works great. I ran into another issue but I don't think they are Cloudbees related. 

    Now I have setup the additional behavior to checkout over SSH I can remove the SSH credentials from the Jenkinsfile to checkout the SCM. But our Jenkins server also applies some automated fixes then commits and pushes those changes. Is there a way to push changes using the same credentials selected in the additional behavior section? Currently we have the setup to run like this:

    sshagent(['c798bf84-708c-4615-8559-9768100e4f96']) {
    sh "git push origin HEAD:${CHANGE_BRANCH}"
    }

    While this isn't a big problem, but if we are to change or update our credentials for some reason we would have to update all our individual Jenkinsfile. Naturally we would prefer to set our Credentials in one place to make for easier maintainability. 

    Again thank you for your help already. Sorry to add another sort of unrelated issue here.

     

    Edited by Jor Sanders
Please sign in to leave a comment.