Jenkins, fetch git submodule over ssh with multiple users?
don't know if the title describes anything about what I'm trying to say but here it is:
I would like to know what would be the "best practice" when setting up Jenkins with git submodules. Both the main and submodule repo are accessed over ssh, and since we have several users all of these have their individual user name. This is the case also for Jenkins that has its own user. HOWEVER, we've (I have) stumbled upon a problem. If I create a submodule: git submodule add ssh://my-user-name@address-to-module-repo and push it, Jenkins will refer to me as a user when trying to fetch the submodule, which obviously will fail. And if some other user does a pull, my username will still be in the paths ( in .gitmodule, .git/config et cetera).
I found another post Git submodules and ssh access handling sharing between "normal" users, but it doesn't really solve the issue when Jenkins will try to build, since I'm only allowed to execute shell cmd's after Jenkins has fetched everything I cannot do as mentioned in the link, or can I (Jenkins newbie)?
So, to sum things up. How can this be solved so that Jenkins will use its own user when fetching the submodule over ssh?
Br, Mr. Pistol
There is a good solution I found at another question on StackOverflow: Git submodule URL not including username?
You can use
[submodule foosub] path = foosub url = ./../foosub
To define an URL relative to the one that is being used for the project. For example, if you have your Project URL firstname.lastname@example.org/git/project and your Submodule URL email@example.com/git/foosub, the configuration should work. Of course, it cannot work if the submodule lies on a different server than the project.
Now Jenkins should apply its own user data to the submodule because it has its own user data set in the project URL.
If the generic Jenkins ssh "account" is authorized to at least pull from those submdules, then you could add a script which will:
- detect it is running in a Jenkins environment
- detect the content of the .gitmodules file
- change the content of the .gitmodules in order to replace any user by the Jenkins one
You can also have another script which would restore the original content of the .gitmodules file, in order to not record any modification on it.
The way those scripts would automatically work would be through a content filter driver:
The solution was to alter the ssh config file for our Jenkins user to use it's own default user when setting up a ssh connection towards the submodule repository.