Ufdjrw

My mentor says to set image to Fine instead of RAW — how is this different from JPG?

Most effective melee weapons for arboreal combat? (pre-gunpowder technology)

A proverb that is used to imply that you have unexpectedly faced a big problem

Why not send Voyager 3 and 4 following up the paths taken by Voyager 1 and 2 to re-transmit signals of later as they fly away from Earth?

Resize vertical bars (absolute-value symbols)

Random body shuffle every night—can we still function?

Why shouldn't this prove the Prime Number Theorem?

What is the origin of 落第?

Central Vacuuming: Is it worth it, and how does it compare to normal vacuuming?

The Nth Gryphon Number

How can I prevent/balance waiting and turtling as a response to cooldown mechanics

As a dual citizen, my US passport will expire one day after traveling to the US. Will this work?

Is multiple magic items in one inherently imbalanced?

Delete free apps from library

How do living politicians protect their readily obtainable signatures from misuse?

Did any compiler fully use 80-bit floating point?

I got rid of Mac OSX and replaced it with linux but now I can't change it back to OSX or windows

Where is the Next Backup Size entry on iOS 12?

Project Euler #1 in C++

Did pre-Columbian Americans know the spherical shape of the Earth?

Monty Hall Problem-Probability Paradox

In musical terms, what properties are varied by the human voice to produce different words / syllables?

AppleTVs create a chatty alternate WiFi network

Why is a lens darker than other ones when applying the same settings?

Bash Command to Add File to Git Working Directory, Then Remove When Job Completes - Jenkins

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

1

I had this setup at my previous job, but can't remember what the specific command is, and can't find any examples at my new job. I have a creds file I want to pull into git when the job runs, then remove when the job completes, so the creds aren't stored on git.

So basically pre-build load the file from the Jenkins server to the working directory Git is expecting it to be in, then removing it from the WD once the job completes.

bash git jenkins

share|improve this question

edited Mar 6 at 17:48

anutter

asked Mar 6 at 17:38

anutteranutter

195

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  No. Just no. Anything that automatically manipulates a git repo is fundamentally broken. Source control is for humans. If you want a versioned file system, or some other functionality, use a different tool. But it sounds like you don't actually want to write the credentials into git, you just want them in the working directory.
  
  – William Pursell
  Mar 6 at 17:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, that's what I want to do, manipulate the working directory. Will edit my question to reflect, thanks.
  
  – anutter
  Mar 6 at 17:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why don't you use the builtin Jenkins Credentials functionality? It can store many types of secrets. Tokens, Username/Passwords, Private Keys, Secret files.
  
  – Praveen Premaratne
  Mar 8 at 21:41
  

  
  
  
  

add a comment | 

0

1

I had this setup at my previous job, but can't remember what the specific command is, and can't find any examples at my new job. I have a creds file I want to pull into git when the job runs, then remove when the job completes, so the creds aren't stored on git.

So basically pre-build load the file from the Jenkins server to the working directory Git is expecting it to be in, then removing it from the WD once the job completes.

bash git jenkins

share|improve this question

edited Mar 6 at 17:48

anutter

asked Mar 6 at 17:38

anutteranutter

195

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  No. Just no. Anything that automatically manipulates a git repo is fundamentally broken. Source control is for humans. If you want a versioned file system, or some other functionality, use a different tool. But it sounds like you don't actually want to write the credentials into git, you just want them in the working directory.
  
  – William Pursell
  Mar 6 at 17:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, that's what I want to do, manipulate the working directory. Will edit my question to reflect, thanks.
  
  – anutter
  Mar 6 at 17:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why don't you use the builtin Jenkins Credentials functionality? It can store many types of secrets. Tokens, Username/Passwords, Private Keys, Secret files.
  
  – Praveen Premaratne
  Mar 8 at 21:41
  

  
  
  
  

add a comment | 

I had this setup at my previous job, but can't remember what the specific command is, and can't find any examples at my new job. I have a creds file I want to pull into git when the job runs, then remove when the job completes, so the creds aren't stored on git.

So basically pre-build load the file from the Jenkins server to the working directory Git is expecting it to be in, then removing it from the WD once the job completes.

bash git jenkins

share|improve this question

edited Mar 6 at 17:48

anutter

asked Mar 6 at 17:38

anutteranutter

195

share|improve this question

edited Mar 6 at 17:48

anutter

asked Mar 6 at 17:38

anutteranutter

195

share|improve this question

edited Mar 6 at 17:48

anutter

asked Mar 6 at 17:38

anutteranutter

195

asked Mar 6 at 17:38

anutteranutter

195

asked Mar 6 at 17:38

anutteranutter

195

2 Answers
2

active

oldest

votes

0

So this was a lot simpler than I was thinking:

cp $JENKINS_HOME/path_to_creds_file $WORKSPACE/path_to_dummy_file_to_overwrite

Followed by the post build step of:

rm $WORKSPACE/path_to_dummy_file_to_overwrite

share|improve this answer

answered Mar 8 at 21:19

anutteranutter

195

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  There's a downside to this. Any user with SSH access to the Jenkins can see the file. Or with the Script Console, you can simply print the file content by any user who can login to the Jenkins UI. This a security flaw in Jenkins and make sure you've blocked the Script Console if you take this approach.
  
  – Praveen Premaratne
  Mar 8 at 21:43
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So locking down access the box and Jenkins will prevent both of those access methods, or limit to a list of known trusted people.
  
  – anutter
  Mar 9 at 22:53
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If you evaluate that has minimal security risk and adequate for you; that's your decision. I just want to give you the facts that Jenkins has some security flaws they addressing slowly.
  
  – Praveen Premaratne
  Mar 9 at 22:57
  

  
  
  
  

add a comment | 

0

Jenkins provides credentials support via the Credentials Binding plugin

This plugin allows several kinds of credentials or secrets like user:password, tokens, secrets texts, secrets files, etc to be bound to environment variables (and if you have installed de ssh plugin too you will have the ssh key credentials available as well)

You can consume the credentials and secrets as environment vars inside the withCredentials() blocks, and is fully Jenkinsfile Pipeline syntax compatible, you can find the documentation here

Some examples of usage of the credentials in scripted Pipelines (that work also on declarative pipelines) are:

node 
 withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) 
 sh '''
 set +x
 curl -H "Token: $TOKEN" https://some.api/
 '''
 

node 
 dir('subdir') 
 withCredentials([file(credentialsId: 'secret', variable: 'FILE')]) 
 sh 'use $FILE'
 
 

share|improve this answer

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I did try using the plugin, was unable to figure out how to pass those variables to my test framework(Karate). The tests we run don't require the complexity of a pipeline job config.
  
  – anutter
  Mar 9 at 22:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Have a look at the Jenkins Syntax docs especially the Environemnt section where it tells you how to load credentials from the builtin plugin to the pipeline environment.
  
  – Praveen Premaratne
  Mar 9 at 23:00
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55029136%2fbash-command-to-add-file-to-git-working-directory-then-remove-when-job-complete%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

So this was a lot simpler than I was thinking:

cp $JENKINS_HOME/path_to_creds_file $WORKSPACE/path_to_dummy_file_to_overwrite

Followed by the post build step of:

rm $WORKSPACE/path_to_dummy_file_to_overwrite

share|improve this answer

answered Mar 8 at 21:19

anutteranutter

195

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  There's a downside to this. Any user with SSH access to the Jenkins can see the file. Or with the Script Console, you can simply print the file content by any user who can login to the Jenkins UI. This a security flaw in Jenkins and make sure you've blocked the Script Console if you take this approach.
  
  – Praveen Premaratne
  Mar 8 at 21:43
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So locking down access the box and Jenkins will prevent both of those access methods, or limit to a list of known trusted people.
  
  – anutter
  Mar 9 at 22:53
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If you evaluate that has minimal security risk and adequate for you; that's your decision. I just want to give you the facts that Jenkins has some security flaws they addressing slowly.
  
  – Praveen Premaratne
  Mar 9 at 22:57
  

  
  
  
  

add a comment | 

0

So this was a lot simpler than I was thinking:

cp $JENKINS_HOME/path_to_creds_file $WORKSPACE/path_to_dummy_file_to_overwrite

Followed by the post build step of:

rm $WORKSPACE/path_to_dummy_file_to_overwrite

share|improve this answer

answered Mar 8 at 21:19

anutteranutter

195

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  There's a downside to this. Any user with SSH access to the Jenkins can see the file. Or with the Script Console, you can simply print the file content by any user who can login to the Jenkins UI. This a security flaw in Jenkins and make sure you've blocked the Script Console if you take this approach.
  
  – Praveen Premaratne
  Mar 8 at 21:43
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So locking down access the box and Jenkins will prevent both of those access methods, or limit to a list of known trusted people.
  
  – anutter
  Mar 9 at 22:53
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If you evaluate that has minimal security risk and adequate for you; that's your decision. I just want to give you the facts that Jenkins has some security flaws they addressing slowly.
  
  – Praveen Premaratne
  Mar 9 at 22:57
  

  
  
  
  

add a comment | 

So this was a lot simpler than I was thinking:

cp $JENKINS_HOME/path_to_creds_file $WORKSPACE/path_to_dummy_file_to_overwrite

Followed by the post build step of:

rm $WORKSPACE/path_to_dummy_file_to_overwrite

share|improve this answer

answered Mar 8 at 21:19

anutteranutter

195

share|improve this answer

answered Mar 8 at 21:19

anutteranutter

195

answered Mar 8 at 21:19

anutteranutter

195

answered Mar 8 at 21:19

anutteranutter

195

0

Jenkins provides credentials support via the Credentials Binding plugin

This plugin allows several kinds of credentials or secrets like user:password, tokens, secrets texts, secrets files, etc to be bound to environment variables (and if you have installed de ssh plugin too you will have the ssh key credentials available as well)

You can consume the credentials and secrets as environment vars inside the withCredentials() blocks, and is fully Jenkinsfile Pipeline syntax compatible, you can find the documentation here

Some examples of usage of the credentials in scripted Pipelines (that work also on declarative pipelines) are:

node 
 withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) 
 sh '''
 set +x
 curl -H "Token: $TOKEN" https://some.api/
 '''
 

node 
 dir('subdir') 
 withCredentials([file(credentialsId: 'secret', variable: 'FILE')]) 
 sh 'use $FILE'
 
 

share|improve this answer

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I did try using the plugin, was unable to figure out how to pass those variables to my test framework(Karate). The tests we run don't require the complexity of a pipeline job config.
  
  – anutter
  Mar 9 at 22:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Have a look at the Jenkins Syntax docs especially the Environemnt section where it tells you how to load credentials from the builtin plugin to the pipeline environment.
  
  – Praveen Premaratne
  Mar 9 at 23:00
  

  
  
  
  

add a comment | 

0

Jenkins provides credentials support via the Credentials Binding plugin

This plugin allows several kinds of credentials or secrets like user:password, tokens, secrets texts, secrets files, etc to be bound to environment variables (and if you have installed de ssh plugin too you will have the ssh key credentials available as well)

You can consume the credentials and secrets as environment vars inside the withCredentials() blocks, and is fully Jenkinsfile Pipeline syntax compatible, you can find the documentation here

Some examples of usage of the credentials in scripted Pipelines (that work also on declarative pipelines) are:

node 
 withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) 
 sh '''
 set +x
 curl -H "Token: $TOKEN" https://some.api/
 '''
 

node 
 dir('subdir') 
 withCredentials([file(credentialsId: 'secret', variable: 'FILE')]) 
 sh 'use $FILE'
 
 

share|improve this answer

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I did try using the plugin, was unable to figure out how to pass those variables to my test framework(Karate). The tests we run don't require the complexity of a pipeline job config.
  
  – anutter
  Mar 9 at 22:56
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Have a look at the Jenkins Syntax docs especially the Environemnt section where it tells you how to load credentials from the builtin plugin to the pipeline environment.
  
  – Praveen Premaratne
  Mar 9 at 23:00
  

  
  
  
  

add a comment | 

Jenkins provides credentials support via the Credentials Binding plugin

This plugin allows several kinds of credentials or secrets like user:password, tokens, secrets texts, secrets files, etc to be bound to environment variables (and if you have installed de ssh plugin too you will have the ssh key credentials available as well)

You can consume the credentials and secrets as environment vars inside the withCredentials() blocks, and is fully Jenkinsfile Pipeline syntax compatible, you can find the documentation here

Some examples of usage of the credentials in scripted Pipelines (that work also on declarative pipelines) are:

node 
 withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) 
 sh '''
 set +x
 curl -H "Token: $TOKEN" https://some.api/
 '''
 

node 
 dir('subdir') 
 withCredentials([file(credentialsId: 'secret', variable: 'FILE')]) 
 sh 'use $FILE'
 
 

share|improve this answer

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216

node 
 withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) 
 sh '''
 set +x
 curl -H "Token: $TOKEN" https://some.api/
 '''
 

node 
 dir('subdir') 
 withCredentials([file(credentialsId: 'secret', variable: 'FILE')]) 
 sh 'use $FILE'
 
 

share|improve this answer

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216

answered Mar 8 at 23:00

theraulparejatheraulpareja

1216