maven - Jenkins pipeline cannot push to gerrit using credentials

问题描述

I'm new to jenkins pipeline script, and I'm trying to use the maven release plugin in my pipeline. But I'm facing some problem during the push step of the release.

Here is my code :

node('linux') {
stage('Checkout') {
    checkout scm
}
 withMaven(maven: 'Maven 3') {

    stage('Build') {
        sh "mvn clean verify"
        junit '**/target/*-reports/TEST-*.xml'
    }

    stage('SonarQube analysis') {
       sh 'mvn sonar:sonar'
    }

     stage('Release') {
        withCredentials([usernamePassword(credentialsId: "jenkins-gerrit", usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
            sh 'git config user.email "************************"'
            sh 'git config user.name $USERNAME'
            sh 'mvn -B release:clean release:prepare release:perform -Dusername=$USERNAME -Dpassword=$PASSWORD'
    }
}

}

And I get the following error :

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.4.2:prepare (default-cli) on project aqt-router: Unable to commit files
[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] fatal: unable to access 'http://****:****@mygerritserver/myproject/': Could not resolve host: ****; Name or service not known
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

I tried to directly put my personnal credentials in the code, instead of using the withCredentials :

 sh 'mvn -B release:clean release:prepare release:perform -Dusername=johnDoe -Dpassword=password'

This time it seems to find the gerrit url, but obviously, the user is not allowed to push, as we have a gerrit architecture :

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.4.2:prepare (default-cli) on project aqt-router: Unable to commit files
[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] remote: Branch refs/heads/master:
[ERROR] remote: You are not allowed to perform this operation.
[ERROR] remote: To push into this reference you need 'Push' rights.
[ERROR] remote: User: johnDoe
[ERROR] remote: Please read the documentation and contact an administrator
[ERROR] remote: if you feel the configuration is incorrect
[ERROR] remote:
[ERROR] remote: Processing changes: refs: 1
[ERROR] remote: Processing changes: refs: 1, done
[ERROR] To http://johnDoe:password@mygerritserver/myproject
[ERROR] ! [remote rejected] master -> master (prohibited by Gerrit)

The thing is I need to use the gerrit user specified in our jenkins credentials, because he has the right to push and stuff. But it seems i cannot use it through the withCredentials function.

Please note that I cannot try to directly put the gerrit user in the command line because i don't know the username and the password.

Thank you for your help

EDIT :

Thanks to @ellak comment I found the solution :

 def encodedPassword = URLEncoder.encode("$PASSWORD",'UTF-8')
 sh "mvn -B release:clean release:prepare release:perform -Dusername=$USERNAME -Dpassword=$encodedPassword"

Indeed I think the password was containing special char that needed to be encoded.

标签： mavenjenkinsjenkins-pipelinegerritmaven-release-plugin