CICD 小提示：Jenkins 拉取私有 Git 仓库如何设置？

精选原创

dyadin112 2023-12-11 12:33:00 博主文章分类：cicd ©著作权

文章标签 git Jenkins对接Gitlab Jenkins拉取私有仓库 ssh拉取 文章分类 云原生云计算

©著作权归作者所有：来自51CTO博客作者dyadin112的原创作品，请联系作者获取转载授权，否则将追究法律责任

本文是此长文中的部分内容，方便初学者照着操作。

问题说明

环境中部署了私有 Gitlab，一开始为了测试方便设置为公开仓库，后来为了安全，改成了私有仓库，此时再次运行流水线报拉取错误。

Running on ruoyi-gateway-28-5bgb1-l7z8q-845lt in /home/jenkins/agent/workspace/ruoyi-gateway
[Pipeline] {
[Pipeline] stage
[Pipeline] { (拉取代码)
[Pipeline] git
The recommended git tool is: NONE
using credential b4aa2f30-e922-423d-9ede-eccf6dc75a6d
Cloning the remote Git repository
Cloning repository https://gitlab.halfcoffee.com/root/ruoyi.git
 > git init /home/jenkins/agent/workspace/ruoyi-gateway # timeout=10
Fetching upstream changes from https://gitlab.halfcoffee.com/root/ruoyi.git
 > git --version # timeout=10
 > git --version # 'git version 2.39.2'
using GIT_SSH to set credentials Git
Verifying host key using known hosts file
You're using 'Known hosts file' strategy to verify ssh host keys, but your known_hosts file does not exist, please go to 'Manage Jenkins' -> 'Security' -> 'Git Host Key Verification Configuration' and configure host key verification.
 > git fetch --tags --force --progress -- https://gitlab.halfcoffee.com/root/ruoyi.git +refs/heads/*:refs/remotes/origin/* # timeout=10
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --force --progress -- https://gitlab.halfcoffee.com/root/ruoyi.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.halfcoffee.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'https://gitlab.halfcoffee.com/root/ruoyi.git/'

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2842)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2185)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:635)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:871)
	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:170)
	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$GitCommandMasterToSlaveCallable.call(RemoteGitImpl.java:161)
	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
	at hudson.remoting.Request$2.run(Request.java:377)
	at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:137)
	at java.base/java.lang.Thread.run(Unknown Source)

解决办法

一开始仓库公开时使用 https 地址进行拉取，设置为私有仓库后，可以通过 SSH 来免密进行拉取，具体操作如下：

创建 SSH 密钥对

使用 Linux 生成了一个 ssh 密钥对，公钥添加到 gitlab，私钥放在 jenkins 中。

在 Jenkins 中创建 git 秘钥

在 https://jenkins.halfcoffee.com/manage/credentials/store/system/domain/_/ 下创建一个 SSH 用户名和私钥。此秘钥用于通过 SSH 拉取代码，记录 ID：

CICD 小提示：Jenkins 拉取私有 Git 仓库如何设置？_git

CICD 小提示：Jenkins 拉取私有 Git 仓库如何设置？_ssh拉取_02

同时在全局安全配置中建议进行下列配置，允许 ssh 连接时信任首次使用的公钥：

CICD 小提示：Jenkins 拉取私有 Git 仓库如何设置？_git_03

在 Gitlab 中创建 SSH 密钥

在用户的设置中添加“SSH密钥”，输入SSH公钥：

CICD 小提示：Jenkins 拉取私有 Git 仓库如何设置？_ssh拉取_04

Jenkins 流水线配置

在 Gitlab 中获取仓库的 SSH 地址：

CICD 小提示：Jenkins 拉取私有 Git 仓库如何设置？_ssh拉取_05

在 Jenkins 流水线中设置 Git 信息：

        stage('拉取代码') {
            git credentialsId: 'b4aa2f30-e922-423d-9ede-eccf6dc75a6d', url: 'ssh://git@gitlab.halfcoffee.com:10022/root/ruoyi.git'
            container('maven') {
                stage('代码编译') {
                    sh 'mvn -U clean install -Dmaven.test.skip=true && GIT_COMMIT=`git log --abbrev-commit --pretty=format:"%h" -1` && echo "GIT_COMMIT=$GIT_COMMIT" >> /home/jenkins/agent/env.txt'
                }
            }
        }

其中 git crendentialsId 为之前在 Jenkins 中创建的 SSH 私钥 ID；

URL 为 Gitlab 参考的 SSH 地址。

最终流水线的日志：

Running on ruoyi-gateway-31-jmcsl-csxd3-r6ztz in /home/jenkins/agent/workspace/ruoyi-gateway
[Pipeline] {
[Pipeline] stage
[Pipeline] { (拉取代码)
[Pipeline] git
The recommended git tool is: NONE
# 使用 ssh 秘钥拉取
using credential b4aa2f30-e922-423d-9ede-eccf6dc75a6d
Cloning the remote Git repository
Cloning repository ssh://git@gitlab.halfcoffee.com:10022/root/ruoyi.git
 > git init /home/jenkins/agent/workspace/ruoyi-gateway # timeout=10
Fetching upstream changes from ssh://git@gitlab.halfcoffee.com:10022/root/ruoyi.git
 > git --version # timeout=10
 > git --version # 'git version 2.39.2'
using GIT_SSH to set credentials Git
# 此处发现访问的地址不在 known hosts 列表中，自动信任
Verifying host key using known hosts file, will automatically accept unseen keys
 > git fetch --tags --force --progress -- ssh://git@gitlab.halfcoffee.com:10022/root/ruoyi.git +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
Checking out Revision 7930d922da0de217ad196ba54849c6fd5540945a (origin/master)
 > git config remote.origin.url ssh://git@gitlab.halfcoffee.com:10022/root/ruoyi.git # timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse remotes/origin/master^{commit} # timeout=10
 > git branch -a -v --no-abbrev --contains 7930d922da0de217ad196ba54849c6fd5540945a # timeout=10
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 7930d922da0de217ad196ba54849c6fd5540945a # timeout=10
 > git branch -a -v --no-abbrev # timeout=10
 > git checkout -b master 7930d922da0de217ad196ba54849c6fd5540945a # timeout=10
Commit message: "test5"
First time build. Skipping changelog.