git step in pipeline job in Docker container fails

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

git step in pipeline job in Docker container fails

Martin Schmude-2
Hi all,
I need help with an issue related to the git step in a pipeline job, that is executed in a Docker container.
The pipeline looks like this:

node('Docker-capable-node') {
  docker
.inside('image-with-git-installed').inside {
    git credentialsId
: 'my-credentials', url: 'https://gitlab.mycompany.com/myproject'
 
}
}

This fails with 

using credential my-credentials
Warning: JENKINS-30600: special launcher org.jenkinsci.plugins.docker.workflow.WithContainerStep$Decorator$1@12e7bf52; decorates RemoteLauncher[hudson.remoting.Channel@XXX] will be ignored (a typical symptom is the Git executable not being run inside a designated container)
Cloning the remote Git repository
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --progress https://gitlab.mycompany.com/myproject.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://gitlab.mycompany.com/myproject/documentation.git/': Peer's Certificate issuer is not recognized.

Am I right that this is the already known issue https://issues.jenkins.io/browse/JENKINS-30600?

I am pretty sure that this is not a matter of SSL certificates, because this works without SSL certificate issues:
node('Docker-capable-node') {
  docker
.inside('image-with-git-and-ssl-certificate-installed').inside {
    sh
'git clone https://gitlab.mycompany.com/myproject'
 
}
}
(I had to install a SSL certificate in that Docker image "image-with-git-and-ssl-certificate-installed" to avoid certificate issues.)

Of course I'd prefer the builtin git step. Am I right that I can't due to the JENKINS-30600 issue?
What workaround do you recommend? The 
sh 'git clone ...'
is an obvious way to go, but maybe there is something better?

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d53e698d-946b-4a33-8560-54f42edf4ca2o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: git step in pipeline job in Docker container fails

Martin Schmude-2
I forgot the versions.
Jenkins: 2.220
git plugin: 4.1.1
Pipeline plugin: 2.6

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2876121d-42a5-4591-aa53-3e02e5983520o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: git step in pipeline job in Docker container fails

Mark Waite-2
In reply to this post by Martin Schmude-2
Yes, you're understanding the message correctly.  That is an instance of JENKINS-30600.

On Thu, Jul 2, 2020 at 2:51 AM Martin Schmude <[hidden email]> wrote:
Hi all,
I need help with an issue related to the git step in a pipeline job, that is executed in a Docker container.
The pipeline looks like this:

node('Docker-capable-node') {
  docker
.inside('image-with-git-installed').inside {
    git credentialsId
: 'my-credentials', url: 'https://gitlab.mycompany.com/myproject'
 
}
}

This fails with 

using credential my-credentials
Warning: JENKINS-30600: special launcher org.jenkinsci.plugins.docker.workflow.WithContainerStep$Decorator$1@12e7bf52; decorates RemoteLauncher[hudson.remoting.Channel@XXX] will be ignored (a typical symptom is the Git executable not being run inside a designated container)
Cloning the remote Git repository
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch --tags --progress https://gitlab.mycompany.com/myproject.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'https://gitlab.mycompany.com/myproject/documentation.git/': Peer's Certificate issuer is not recognized.

Am I right that this is the already known issue https://issues.jenkins.io/browse/JENKINS-30600?

I am pretty sure that this is not a matter of SSL certificates, because this works without SSL certificate issues:
node('Docker-capable-node') {
  docker
.inside('image-with-git-and-ssl-certificate-installed').inside {
    sh
'git clone https://gitlab.mycompany.com/myproject'
 
}
}
(I had to install a SSL certificate in that Docker image "image-with-git-and-ssl-certificate-installed" to avoid certificate issues.)

Of course I'd prefer the builtin git step. Am I right that I can't due to the JENKINS-30600 issue?
What workaround do you recommend? The 
sh 'git clone ...'
is an obvious way to go, but maybe there is something better?

Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d53e698d-946b-4a33-8560-54f42edf4ca2o%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEiyHTp_fFvvnTXVVwrb9%3D_efdevRHVw63_1G73vpvASw%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: git step in pipeline job in Docker container fails

Martin Schmude-2
Is there chance, that JENKINS-30600 will ever be fixed? It dates back to 2015, so presumably not?

Until then thanks for
https://issues.jenkins.io/browse/JENKINS-30600?focusedCommentId=383360&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-383360
This was helpful.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/08a14334-656f-49fa-9e32-17c5aba49a68o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: git step in pipeline job in Docker container fails

Mark Waite-2
Past attempts to fix JENKINS-30600 without breaking compatibility for existing users have failed.  I'm not very hopeful that we'll be able to fix JENKINS-30600.

I like Jesse Glick's recommendation for the preferred solution.  He recommends that we allow the pipeline user to have much greater control of the checkout.

One idea to give the user much more control was to create two new Pipeline steps, withGitCredentials and withGitSSHCredentials .  Those would be wrapper steps like withCredentials and would provide the necessary environment and files to allow the user to call command line git from their sh, bat, and powershell commands.  Unfortunately, implementation work on that idea has not started yet.

Mark Waite

On Thu, Jul 2, 2020 at 3:35 AM Martin Schmude <[hidden email]> wrote:
Is there chance, that JENKINS-30600 will ever be fixed? It dates back to 2015, so presumably not?

Until then thanks for
This was helpful.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/08a14334-656f-49fa-9e32-17c5aba49a68o%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtESTOZb61g8i2KoXyP4ONXMCwO6FeOrLtk9r1NOS9pwnA%40mail.gmail.com.