Git tag error in declarative pipeline

[Thor Waway]

I would like clarification on: 

• how jenkins master nodes and worker nodes communicate with git
• how both use credentials and ssh plugins to authenticate with git 
• when to use Credentials plugin vs SSHAgent plugin
  

Right now, I believe that the Master Node stores all credentials and then passes these credentials to the worker agents. This makes me believe that only one node - the master node - should have ssh keys for git. 

Thus far this seems to be true because, when a build is trigged on master, the worker node is able to run git clone and git init even though no ssh keys are configured on worker agent. 

So why then does this step: 

      steps{
        sh('git remote -v')
        sh('git show-ref')
          sh('git tag -a $BRANCH_NAME.$BUILD_NUMBER -m "git sha is $GIT_COMMIT"')
          sh('git push origin HEAD:development --tags')
      }

result in this error: 

[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Deploy-Staging)
[Pipeline] tool
[Pipeline] envVarsForTool
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
[K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
+ git remote -v
origin https://github.com/WaterBottleInc/Reactjs-Front.git (fetch)
origin https://github.com/WaterBottleInc/Reactjs.git (push)
[Pipeline] sh
[K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
+ git show-ref
a12ea59545db96fc8681dbdd5d44923108c01b40 refs/remotes/origin/feature-jenkinsfile
[Pipeline] sh
[K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
+ git tag -a feature-jenkinsfile.24 -m git sha is a12ea59545db96fc8681dbdd5d44923108c01b40
[Pipeline] sh
[K-Front_feature-jenkinsfile-KHCSHNIRHLZUOTSCIQPWI7] Running shell script
+ git push origin HEAD:development --tags
fatal: could not read Username for 'https://github.com': No such device or address
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Declarative: Post Actions)
[Pipeline] deleteDir
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline

this line from the error print out above: 

fatal: could not read Username for 'https://github.com': No such device or address
completely throws me off because I have no idea where it is looking for a username. 

Can someone please help me out?  Thanks. 

[Mark Waite]

On Sunday, October 8, 2017 at 12:38:32 PM UTC-6, Thor Waway wrote:

I would like clarification on: 

• how jenkins master nodes and worker nodes communicate with git
• how both use credentials and ssh plugins to authenticate with git 
• when to use Credentials plugin vs SSHAgent plugin
  

Right now, I believe that the Master Node stores all credentials and then passes these credentials to the worker agents. This makes me believe that only one node - the master node - should have ssh keys for git. 

I might clarify the phrasing slightly.  The master should have the needed credentials.  Those credentials may include usernames and passwords (for https and http based access to git repositories), private keys (for ssh based access to git repositories), and other credentials as needed.

The master should generally not run jobs, since it is best used as a coordinator of the work of agents, rather than as a worker.

If the master must run a job, it should obtain its ssh keys through credentials, just as other agents obtain credentials.  I think it is generally unwise to rely that the account which is executing the Jenkins master has default ssh access to things.

The shell based "git push" command is not executed by the git plugin, but by an "sh" step.  The credentials from the git plugin are not shared with other steps.

The message that's being displayed by "git push" is telling you that it can't find a source for a username and password to use in the push.

You could use the withCredentials wrapper to gather the user name and password, then could pass those into the sh step for use by command line git.  For instance, you could push to a specific URL and embed the username and password in the URL to which you are pushing.  Something like https://username:pass...@github.com/organization/repository/.

You could provide username and password to command line git with a separate file (https://git-scm.com/docs/gitcredentials) 

Mark Waite