I'm working on a set of jobs to tag a bunch of related Git repos with the same tag. At the moment, the flow is decomposed into three types of jobs: an overall Jenkins scripted Pipeline, a job that does a build and drops a tag if the build succeeds, and a job triggered by the tagging job that does the final release build. My intention is to allow users to run either the overall pipeline or one of the jobs beneath it depending on if they need to re-run a step in the process or do an entire release.
One of my requirements is that this all needs to happen with the invoking user's credentials, which are then passed to Git so the updates (maven pom changes, etc.) are logged into the commit history as their user. I was successful in this by combining User-scoped credentials with the Authorize Project plugin (so the job can access the user-scoped credentials), the Build User Vars to set user.name and user.email in Git, and the SSH Agent plugin to supply the keys to Git so the commit and tag can be pushed as the correct user.
What I'm trying to do now is collect the user's SSH key with a credentials parameter to the scripted pipeline job and then pass that credentials parameter to the downstream tagging job (which also takes a credentials parameter). Unfortunately, when I do that the downstream job fails because the SSH Agent in the downstream job can't retrieve the credentials based on the value that the credentials parameter in the pipeline passes on to the credentials parameter in the tagging job.
The error I'm getting is:
FATAL:
java.io.IOException: [ssh-agent] Could not find specified credentials
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
at hudson.model.Run.execute(Run.java:1737)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
FATAL: [ssh-agent] Could not find specified credentials
java.io.IOException: [ssh-agent] Could not find specified credentials
at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:209)
at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
at hudson.model.Run.execute(Run.java:1737)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
Right now, my Job DSL for the pipeline job looks like this:
parameters {
stringParam('sitePrefix',Projects.siteAbbr,"Three-character site code")
activeChoiceParam('modules'){
choiceType('MULTI_SELECT')
groovyScript{
script("[${projectsAsGroovyString}]")
}
description("Modules to build")
}
credentialsParam('gitUser'){
type('com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey')
required()
description('Personal SSH Key for tagging and releasing')
}
stringParam('gitBranch','develop','Branch to tag')
stringParam('releaseVersion',null,'Version you want to release')
stringParam('developmentVersion',null,'Snapshot version to set after release. If unset, generates a new patch snapshot based on the release version')
}
and my actual pipeline code contains code like this:
def tag_params = [
[$class:'com.cloudbees.plugins.credentials.CredentialsParameterValue',name: 'gitUser',value:params.gitUser],
// credentials(name:'gitUser',value:params.gitUser),
string(name:'gitBranch',value:params.gitBranch),
string(name:'releaseVersion',value:params.releaseVersion),
string(name:'developmentVersion',value:params.developmentVersion),
booleanParam(name:'buildRelease',value:false),
]
stage('Tag bom'){
// Run tag job
build job: "bom_tag_release", parameters: tag_params
// Run release build
build job: "bom_tag_build", parameters: build_params
}
The downstream job is just using another credentials parameter to receive the credentials, not the Credentials Binding plugin because that only seems to handle secret files not the SSH keys that SSH Agent needs. Is passing a credential id from a pipeline to a job even possible or should I be looking at another approach?
Thanks!
