git step in pipeline job in Docker container fails

[Martin Schmude]

Hi all,

I need help with an issue related to the git step in a pipeline job, that is executed in a Docker container.

The pipeline looks like this:

node('Docker-capable-node') {
  docker.inside('image-with-git-installed').inside {
    git credentialsId: 'my-credentials', url: 'https://gitlab.mycompany.com/myproject'
  }
}

This fails with 

using credential my-credentials
Warning: JENKINS-30600: special launcher org.jenkinsci.plugins.docker.workflow.WithContainerStep$Decorator$1@12e7bf52; decorates RemoteLauncher[hudson.remoting.Channel@XXX] will be ignored (a typical symptom is the Git executable not being run inside a designated container)
Cloning the remote Git repository
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --progress https://gitlab.mycompany.com/myproject.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://gitlab.mycompany.com/myproject/documentation.git/': Peer's Certificate issuer is not recognized.

Am I right that this is the already known issue https://issues.jenkins.io/browse/JENKINS-30600?

I am pretty sure that this is not a matter of SSL certificates, because this works without SSL certificate issues:

node('Docker-capable-node') {
  docker.inside('image-with-git-and-ssl-certificate-installed').inside {
    sh 'git clone https://gitlab.mycompany.com/myproject'
  }
}

(I had to install a SSL certificate in that Docker image "image-with-git-and-ssl-certificate-installed" to avoid certificate issues.)

Of course I'd prefer the builtin git step. Am I right that I can't due to the JENKINS-30600 issue?

What workaround do you recommend? The 

sh 'git clone ...'

is an obvious way to go, but maybe there is something better?

Thanks in advance.

[Martin Schmude]

I forgot the versions.

Jenkins: 2.220

git plugin: 4.1.1

Pipeline plugin: 2.6

[Mark Waite]

Yes, you're understanding the message correctly.  That is an instance of JENKINS-30600.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d53e698d-946b-4a33-8560-54f42edf4ca2o%40googlegroups.com.

[Martin Schmude]

Is there chance, that JENKINS-30600 will ever be fixed? It dates back to 2015, so presumably not?

Until then thanks for

https://issues.jenkins.io/browse/JENKINS-30600?focusedCommentId=383360&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-383360

This was helpful.

[Mark Waite]

Past attempts to fix JENKINS-30600 without breaking compatibility for existing users have failed.  I'm not very hopeful that we'll be able to fix JENKINS-30600.

I like Jesse Glick's recommendation for the preferred solution.  He recommends that we allow the pipeline user to have much greater control of the checkout.

One idea to give the user much more control was to create two new Pipeline steps, withGitCredentials and withGitSSHCredentials .  Those would be wrapper steps like withCredentials and would provide the necessary environment and files to allow the user to call command line git from their sh, bat, and powershell commands.  Unfortunately, implementation work on that idea has not started yet.

Mark Waite

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/08a14334-656f-49fa-9e32-17c5aba49a68o%40googlegroups.com.