tricky

• git clone

  • setup to fetch refs/changes only

  • setup to fetch only refs/heads/sandbox/marslo/*

  • fetch gerrit changes

• downgrade

  • jsch

  • grgit

git clone

[!NOTE|label:references:]

• Git - What is "Refspec"

• Jenkins Git Refspec not correctly substituted for branch specifier

• Why does "git clone" not take a refspec?

• Jenkins gerrit trigger not fetching my change when building

• How to execute Jenkinsfile with gerrit trigger plugin for changeset in jenkins?

setup to fetch refs/changes only

# Refspec
refs/changes/*:refs/remotes/origin/changes/*

setup to fetch only refs/heads/sandbox/marslo/*

# Refspec
refs/heads/sandbox/marslo/*:refs/remotes/origin/heads/sandbox/marslo/*

fetch gerrit changes

# Refspec
$GERRIT_REFSPEC:$GERRIT_REFSPEC

# branch
$GERRIT_REFSPEC
# or
FETCH_HEAD

downgrade

jsch

[!NOTE]

• JENKINS-71273: Gerrit Trigger fails to connect Gerrit 2.14 - com.jcraft.jsch.JSchException: verify: false

• Nicola Beghin

• Public key authentication fails with JSch but work with OpenSSH with the same key

• api

  • org.jenkinsci.plugins.jsch.JSchConnector

  • Package com.jcraft.jsch

  • com.jcraft.jsch.Session

  • com.jcraft.jsch.KeyExchange

  • com.jcraft.jsch.OpenSSHConfig

• references:

  • Java JSch Example to run Shell Commands on SSH Unix Server

  • Best Java code snippets using com.jcraft.jsch.JSch

  • Java SSH connect with key using JSch - Auth Failed

  • JSCH: SFTP. Hangs at session.connect() using the port 21

  • Creating JSch HostKey instance from a public key in .pub format

$ curl -O https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.7/jsch-0.2.7.jar
$ docker cp jsch-0.2.7.jar e6cd5d7516cd:/var/jenkins_home/plugins/jsch/WEB-INF/lib/jsch-0.1.55.jar
#                               ^
#                        Docker Container ID

import org.jenkinsci.plugins.jsch.JSchConnector
import java.io.InputStream

import com.jcraft.jsch.JSch
import com.jcraft.jsch.Session
import com.jcraft.jsch.LocalIdentityRepository
import com.jcraft.jsch.Channel
import com.jcraft.jsch.ChannelExec

String user = 'srv-ssd-fw-devops'
String host = 'sample.gerrit.com'
int port    = 29418
String path = System.getProperty( 'user.home' ) + '/.ssh/ed25519/devops@ssdfw'
// Byte[] privateKey = ''.getBytes()

JSch jsch = new JSchConnector( user, host, port ).getJSch()
jsch.addIdentity( path )

Session session = jsch.getSession( user, host, port )
session.setConfig( 'StrictHostKeyChecking', 'no' )
session.setConfig( 'HostkeyAlgorithms', '+ssh-rsa' )
session.setConfig( 'PreferredAuthentications', 'publickey' )

println """
  ${session.getClass()}:
    session client version : ${session.getClientVersion()} : ${session.clientVersion}
    session host           : ${session.getHost()} : ${session.host}
    session port           : ${session.getPort()} : ${session.port}
    session hostkey        : ${session.getHostKey()} : ${session.hostKey}
    session hostkey alias  : ${session.getHostKeyAlias()} : ${session.hostKeyAlias}
    session isConnected    : ${session.isConnected()}
"""

def knowHosts = session.getHostKeyRepository()
println """
  ${knowHosts.getClass()}:
    knownHosts host key     : ${knowHosts.getHostKey( host, 'ssh-rsa' )}
    knowHosts repository id : ${knowHosts.getKnownHostsRepositoryID()}
"""

def idRepo = jsch.getIdentityRepository()
println """
  ${idRepo.getClass()} :
      identityRepository name       : ${idRepo.getName()} : ${idRepo.name}
      identityRepository status     : ${idRepo.getStatus()} : ${idRepo.status}
      identityRepository identities : ${idRepo.getIdentities()} : ${idRepo.identities}
"""

session.connect()

• revert

  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/jsch* .
  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/gerrit* .
  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/maven-plugin* .
  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/mercuri* .
  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/ivy* .
  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/artifactory* .
  sudo cp -rp /jenkins/DEVOPS-JENKINS/plugins/bitbucket*

  

  jsch plugin issue

grgit

[!NOTE]

• grgit-authentication

  • This support must be explicitly enabled with the system property org.ajoberstar.grgit.auth.command.allow=true.

• grgit-clone

  Grgit.clone {
    dir = <path>
    uri = <path or uri>
    remote = <name>
    all = <boolean>
    bare = <boolean>
    branches = <full refs>
    checkout = <boolean>
    refToCheckout = <name>
    depth = <integer>
    credentials = <credentials>
  }

  • sample

    import org.ajoberstar.grgit.Grgit
    import org.ajoberstar.grgit.Credentials
    
    def grgit = Grgit.clone(dir: '...', url: '...', credentials: new Credentials(username, password))