git-plugin
git-plugin copied to clipboard
Extend the GitUsernamePasswordBinding by exporting the credentials suitable for git credential store
Extend the GitUsernamePasswordBinding
by exporting the credentials suitable for git credential store
Checklist
- [x] I have read the CONTRIBUTING doc
- [x] I have added tests that verify my changes
- [x] Unit tests pass locally with my changes
- [x] I have added documentation as necessary
- [x] No Javadoc warnings were introduced with my changes
- [x] No spotbugs warnings were introduced with my changes
- [x] Documentation in README has been updated as necessary
- [x] I have interactively tested my changes
Types of changes
- [x] New feature (non-breaking change which adds functionality)
Further comments
This extend the GitUsernamePasswordBinding
by exporting the credentials in a file format suitable for git credential store
which is in turn useful for docker.build
step using BuildKit secret mount. This is currently the best option for forwarding HTTP credentials to docker.build
while avoiding storing these in the image.
# Jenkins pipeline
withCredentials([gitUsernamePassword(credentialsId: 'my-credentials-id',
hostName: 'github.com')]) {
withEnv(['DOCKER_BUILDKIT=1']) {
docker.build '', "--secret id=git_store,src=${GIT_CREDENTIAL_STORE} ."
}
}
# Dockerfile
RUN --mount=type=secret,id=git_store \
git config credential.helper 'store --file /run/secrets/git_store' && \
git clone https://github.com/private/repo
The above configuration is best used with GitHub App authentication provided by GitHub Branch Source plugin. This issues scoped temporary token valid for one hour, which is then used in HTTPS Basic Auth.
Is there any update on this getting merged?
Is there any update on this getting merged?
It will likely be several months before I'm able to review, test, and merge this pull request.