我已经在Ubuntu服务器上安装了最新的Jenkins,并在Gitlab上的项目库中安装了Jenkinsfile。
我可以使用Jenkins项目管道配置上的用户名/密码凭据连接到Gitlab上的私有存储库,而不使用Jenkins Gitlab插件。我觉得这不安全。我如何使用Gitlab API令牌代替Jenkins的用户名/密码来访问远程私有Gitlab存储库,而不使用Jenkins Gitlab插件。另一个选项是在Jenkins服务器上设置ssh私钥来验证Gitlab存储库。这一选择是否可行?
Jenkins Gitlab插件没有得到官方支持,也没有得到很好的维护,因为Gitlab希望客户使用他们自己的CI/CD解决方案,以便出于营销原因将客户与他们的平台联系起来。
2条答案
按热度按时间sxpgvts31#
A relatively safe way to handle this situation is to store your credentials is the credentials system in Jenkins (that way you do not have to include the credentials in the JenkinsFile), and using a deploy token (available for Gitlab 10.7 and later) for the relevant repository. That token allows you to provide read-only rights to the repository.
Step 1 - setup the deploy token in GitLab
From the GitLab documentation
You can create as many deploy tokens as you like from the settings of your project:
Step 2 - Saving the deploy token in Jenkins' credentials system
Since the deploy tokens have a username and password, pick that as the type in the steps below. Write down the id you will use in this step (see below) as you will need it in your pipeline declaration.
From the Jenkins documentation
To add new global credentials to your Jenkins instance:
(...)
Step 3 - Use the credentials in your pipeline declaration
You can use the credentials in your jenkinsFile like so:
In the above example I assume you picked the id
my-gitlab-repo-creds
in step 2.3j86kqsm2#
Jenkins连接私有回购Jenkins[Ubuntu] #的用户数据以安装Jenkins
设置1:-在Jenkins服务器上打开SSH登录
步骤2:-切换到Jenkins用户
第3步:-转到JenkinsWeb用户界面[http://public-ip:8080]
第3步:-转到JenkinsWeb用户界面[http://public-ip:8080]
注意:如果你使用的是内部部署的gitlab,那么你的ssh url应该是
1.你必须将你的jenkins服务器ip加入gitlab内部防火墙的白名单。