0

I am trying to nest a shell script into a Jenkins job but the script will infinitely get stuck when using the bash git clone command.

jenkins job console output

It doesn't even send me an error. I suspect the script is asking for a password when coming to the git clone command.

Jenkins Job Configuration : 

#!/bin/sh
set -x
whoami #returns 'jenkins'
sudo -u root ./my_script.sh

my_script.sh

whoami #returns ROOT
sudo git clone 'https://myusername:[email protected]/project/my-project.git' -b "master" --verbose

What have I tried so far

  1. I edited my sudoers and added jenkins ALL=NOPASSWD: ALL
  2. I intentionnaly wrote wrong credential in the git clone command, and I get an error remote: HTTP Basic: Access denied
  3. With a terminal, I went in my workspace project, switched to jenkins user and ran sudo ./my_script.sh and it worked fine, no password asked.
  4. It also work fine when ran under root user ( not a surprise )

Does anyone know how I can get my job to make this command pass ?

Edit

I am on Mac OS

Improve this question

2 Answers 2

Reset to default
1

I finally solved it, it did come from a credential, but not the one I thought of. The problem came from Keychain Access. Also I appologize, I did not specified I was on Mac, I thought it wasn't relevant here since I was using bash.

When running the script under the Jenkins user, it worked fine as I was using sudo, but when I tried to run directly the sudo git clone 'https://myusername:[email protected]/project/my-project.git' -b "master" --verbose I got an error :

Keychain

I couldn't find the error message in english, but basically it says "unable to find a Keychain to store..." and the answers "cancel" and "reset my default keychain"

From there I :

  1. Created a new Keychain called jenkins-dev in the Keychain manager
  2. I copied it from /Users/myuser/Library/Keychains to /Users/Shared/Jenkins/Library/Keychains under myuser
  3. Then I ran security unlock-keychain /Users/Shared/Jenkins/Library/Keychains/jenkins-dev.keychain-db under jenkins user
  4. finally security default-keychain /Users/Shared/Jenkins/Library/Keychains/jenkins-dev.keychain-db under jenkins user
  5. I ran once more the git clone ... command line under jenkins user, and then it found the keychain, stored the access and my Jenkins script wasn't stuck anymore

Hope this can help

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Do you have a key in ~/.ssh/id_rsa.pub in that machine?

Improve this answer

7 Comments

Yes I do, but only under jenkins user. when loged as root I don't even have that file. Is this normal?
(also just tried to run the script as root in the terminal, no password asked either)
I think Jenkins always need ~/.ssh/id_rsa.pub present to run git commands, no matter what. Can you add it with user root? What happens if you run the script on Jenkins job with user jenkins instead of root?
If I launch the script directly with Jenkins user by command line it works fine. Also I don't know if it is related but today I tried to use the jenkins git plugin and now I get stuck on git fetch which runs until timeout.. My git is completely broken it seems...
If you are able to run on terminal with exact same scenario, it should not be a git problem. What happens if you run the script on Jenkins job with user jenkins instead of root?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.