• Stars
    star
    130
  • Rank 277,575 (Top 6 %)
  • Language
    Java
  • License
    MIT License
  • Created almost 12 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Git client API for Jenkins plugins

Git Client Plugin

Introduction

Jenkins logo plus Git logo

The git client plugin provides git application programming interfaces (APIs) for Jenkins plugins. It can fetch, checkout, branch, list, merge, and tag repositories. Refer to the API documentation for specific API details.

The GitClient interface provides the primary entry points for git access. It supports username / password credentials for git repository access with HTTP and HTTPS protocols (for example, https://github.com/jenkinsci/git-client-plugin or https://git.example.com/your-repo.git ). It supports private key credentials for git repository access with SSH protocol (for example, [email protected]:jenkinsci/git-client-plugin.git or ssh://[email protected]/jenkinsci/git-client-plugin.git ). Credential support is provided by the Jenkins credentials plugin.

Changelog in GitHub Releases

Release notes have been recorded in GitHub since git client plugin 2.8.1. Prior release notes were recorded in the git client plugin repository change log.

Implementations

The git client plugin default implementation requires that command line git is installed on the controller and on every agent that will use git. Command line git implementations working with large files should also install git LFS. The command line git implementation is the canonical implementation of the git interfaces provided by the git client plugin.

Command line git is enabled by default when the git client plugin is installed.

JGit

The git client plugin also includes two optional implementations ("jgit" and "jgitapache") that use Eclipse JGit, a pure Java implementation of git. The JGit implementation in the git client plugin provides most of the functionality of the command line git implementation. When the JGit implementation is incomplete, the gap is noted in console logs.

JGit is disabled by default when the git client plugin is installed.

Enabling JGit

Click the "Add Git" button in the "Global Tool Configuration" section under "Manage Jenkins" to add JGit or JGit with Apache HTTP Client as a git implementation.

Enable JGit or JGit with Apache HTTP Client

JGit timeout

The command line git implementation in the git client plugin provides a timeout setting for many operations like fetch and checkout. Operations that take more than the specified time are canceled. When the timeout is exceeded, the command line git process fails and the git client plugin API operation fails.

The JGit implementation in the git client plugin uses a different concept of timeout. The JGit timeout is a network level transport timeout rather than a timeout of a higher level JGit operation. If the JGit network transport does not receive a response within the defined timeout, the JGit API call fails. The JGit javadoc describes the JGit API.

The JGit timeout implementation prevents JGit operations from hanging indefinitely when a remote server stops responding. It does not stop a JGit operation if it has executed for more than a specified time. The JGit timeout counter is reset each time a response is received from the remote server during the JGit API call. The command line git timeout counter is set at the start of the command line git call and is not reset during the call.

JGit with Apache HTTP Client

The original JGit implementation inside the git client plugin had issues with active directory authentication. A workaround was implemented to provide JGit but use Apache HTTP client for authentication. The issue in JGit has now been resolved and delivered in git client plugin releases. JGit with Apache HTTP Client continues to delivered to assure compatibility.

Installing MinGit for Windows Automatically

Jenkins can install MinGit for Windows automatically. MinGit for Windows is an intentionally minimal, non-interactive distribution of Git for Windows, with third-party applications as its intended audience. Jenkins is well suited to use MinGit on Windows agents.

Configure MinGit for Windows to install automatically
  • Configure a global git tool from "Manage Jenkins" >> "Global Tool Configuration" with git as the Path to Git executable

  • Set the label windows to limit the tool installer to agents with the windows label

  • Set the Download URL for binary archive as the URL of your locally downloaded copy of the MinGit zip file

  • Specify mingw64\bin\git.exe as the Subdirectory of extracted archive.

Git for Windows Portable will be installed on each agent in tools\git\mingw64. The path to the git executable will be tools\git\mingw64\bin\git.exe.

Windows Credentials Manager

Git for Windows is able to integrate with the Windows Credentials Manager for secure storage of credentials. Windows Credentials Manager works very well for interactive users on the Windows desktop. Windows Credentials Manager does not work as well for batch processing in the git client plugin. It is best to disable Windows Credentials Manager when installing Git on Jenkins agents running Windows.

SSH Host Key verification

Git Client plugin provides various options to verify the SSH keys presented by Git repository host servers. By default, Git Client plugin uses the "Known hosts file" strategy to verify all host keys using the known_hosts file.

Host key verification strategies include:

Accept first connection

Remembers the first host key encountered for each git server and requires that the same host key must be use for later access. This is usually the most convenient setting for administrators while still providing ssh host key verification

Known hosts file

Uses the existing known_hosts file on the controller and on the agent. This assumes the administrator has already configured this file on the controller and on all agents

Manually provided keys

Provides a form field where the administrator inserts the host keys for the git repository servers. This works well when a small set of repository servers meet the needs of most users

No verification

Disables all verification of ssh host keys. Not recommended because it provides no protection from "man-in-the-middle" attacks

Configure the host key verification strategy from "Manage Jenkins" >> "Configure Global Security" >> "Git Host Key Verification Configuration".

Configure Ssh host key verification
Note

OpenSSH releases prior to OpenSSH 7.6 (released Oct 2017) do not support the ssh command line argument used to accept first connection. Red Hat Enterprise Linux 7, CentOS 7, AWS Linux 2, and Debian 9 all deliver OpenSSH releases older than OpenSSH 7.6. The "Git Host Key Verification Configuration" for those systems cannot use the "Accept first connection" strategy with command line git.

Users of those operating systems have the following options:

  • Use the "Manually provided keys" host key verification strategy and provide host keys for their git hosts

  • Use the "Known hosts file" host key verification strategy and provide a known_hosts file on the agents with values for the required hosts

  • Enable JGit and use JGit instead of command line git on agents and controllers with those older OpenSSH versions

  • Switch the repository URL’s in job definitions from ssh protocol to https protocol and provide a username / password credential for the clone instead of a private key credential

  • Use the "No verification" host key verification strategy (not recommended)

Configuration as Code Sample

The configuration as code plugin can define the SSH host key verification strategy.

The "Accept first connection" host key verification strategy can be configured like this:

security:
  gitHostKeyVerificationConfiguration:
    sshHostKeyVerificationStrategy: "acceptFirstConnectionStrategy"

The "Known hosts file" host key verification strategy can be configured like this:

security:
  gitHostKeyVerificationConfiguration:
    sshHostKeyVerificationStrategy: "knownHostsFileVerificationStrategy"

The "Manually provided keys" host key verification strategy might be configured like this:

security:
  gitHostKeyVerificationConfiguration:
    sshHostKeyVerificationStrategy:
      manuallyProvidedKeyVerificationStrategy:
        approvedHostKeys: |-
          bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
          git.assembla.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+whKLd9tzS4IIbZD7rCgly2LNxlvxef4JvwSaL/YZ7
          github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
          gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf

The "No verification" strategy (not recommended) can be configured like this:

security:
  gitHostKeyVerificationConfiguration:
    sshHostKeyVerificationStrategy: "noHostKeyVerificationStrategy"

Bug Reports

Report issues and enhancements with the Jenkins issue tracker. Please use the "How to Report an Issue" guidelines when reporting issues.

Contributing to the Plugin

Refer to contributing to the plugin for contribution guidelines.

Plugin Properties

Some plugin settings are controlled by Java system properties. The properties are often used to override a standard behavior or to revert to previous behavior. Refer to Jenkins Features Controlled with System Properties for more details on system properties and how to set them.

checkRemoteURL

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL is set to false it disables the safety checking of repository URLs.

Default is true so that repository URL’s are rejected if they start with - or contain space characters.

forceFetch

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.forceFetch is set to false it allows command line git versions 2.20 and later to not update tags which have already been fetched into the workspace.

Command line git 2.20 and later have changed behavior when fetching remote tags that already exist in the repository. Command line git before 2.20 silently updates an existing tag if the remote tag points to a different SHA1 than the local tag. Command line git 2.20 and later do not update an existing tag if the remote tag points to a different SHA1 than the local tag unless the --force option is passed to git fetch.

Default is true so that newer command line git versions behave the same as older versions.

promptForAuthentication

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.promptForAuthentication is set to true it allows command line git versions 2.3 and later to prompt the user for authentication. Command line git prompting for authentication should be rare, since Jenkins credentials should be managed through the credentials plugin.

Credential prompting could happen on multiple platforms, but is more common on Windows computers because many Windows agents run from the desktop environment. Agents running on the desktop are much less common in Unix environments.

Default is false so that command line git does not prompt for interactive authentication.

useCLI

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.useCLI is set to false, it will use JGit as the default implementation instead of command line git.

Default is true so that command line git is chosen as the default implementation.

user.name.file.encoding

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.user.name.file.encoding is set to a non-empty value (like IBM-1047) and the agent is running on IBM zOS, the username credentials file is written using that character set. The character sets of other credential files are not changed. The character sets on other operating systems are not changed.

Default is empty so that zOS file encoding behaves as it did previously.

user.passphrase.file.encoding

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.user.passphrase.file.encoding is set to a non-empty value (like IBM-1047) and the agent is running on IBM zOS, the ssh passphrase file is written using that character set. The character sets of other credential files are not changed. The character sets on other operating systems are not changed.

Default is empty so that zOS file encoding behaves as it did previously.

user.password.file.encoding

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.user.password.file.encoding is set to a non-empty value (like IBM-1047) and the agent is running on IBM zOS, the password file is written using that character set. The character sets of other credential files are not changed. The character sets on other operating systems are not changed.

Default is empty so that zOS file encoding behaves as it did previously.

useSETSID

When org.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID is set to true and the setsid command is available, the git client process on non-Windows computers will be started with the setsid command so that they are detached from any controlling terminal. Most agents are run without a controlling terminal and the useSETSID setting is not needed. Enable useSETSID only in those rare cases where the agent is running with a controlling terminal. If it is not used in those cases, the agent may block on some authenticated git operations.

This setting can be helpful with Jenkins swarm agents and inbound agents started from a terminal emulator.

Default is false so that setsid is not used.

More Repositories

1

jenkins

Jenkins automation server
Java
21,381
star
2

docker

Docker official jenkins repo
Dockerfile
6,144
star
3

pipeline-examples

A collection of examples, tips and tricks and snippets of scripting for the Jenkins Pipeline plugin
Groovy
4,117
star
4

blueocean-plugin

Blue Ocean is a reboot of the Jenkins CI/CD User Experience
Java
2,877
star
5

configuration-as-code-plugin

Jenkins Configuration as Code Plugin
Java
2,521
star
6

kubernetes-plugin

Jenkins plugin to run dynamic agents in a Kubernetes/Docker environment
Java
2,206
star
7

job-dsl-plugin

A Groovy DSL for Jenkins Jobs - Sweeeeet!
Groovy
1,851
star
8

pipeline-plugin

Obsolete home for Pipeline plugins
1,711
star
9

JenkinsPipelineUnit

Framework for unit testing Jenkins pipelines
Groovy
1,426
star
10

gitlab-plugin

A Jenkins plugin for interfacing with GitLab
Java
1,418
star
11

jenkinsfile-runner

A command line tool to run Jenkinsfile as a function
Java
1,137
star
12

java-client-api

A Jenkins API client for Java
Java
888
star
13

jenkins-scripts

Scripts in Groovy, shell, Ruby, Python, whatever for managing/interacting with Jenkins
Groovy
880
star
14

build-monitor-plugin

Jenkins Build Monitor Plugin
Java
722
star
15

git-plugin

Git repository access for Jenkins jobs
Java
668
star
16

slack-plugin

A Jenkins plugin for posting notifications to a Slack channel
Java
664
star
17

pipeline-model-definition-plugin

Groovy
562
star
18

docker-workflow-plugin

Jenkins plugin which allows building, testing, and using Docker images from Jenkins Pipeline projects.
Java
500
star
19

ghprb-plugin

github pull requests builder plugin for Jenkins
Java
495
star
20

docker-plugin

Jenkins Cloud Plugin that uses Docker
Java
482
star
21

docker-inbound-agent

Docker image for a Jenkins agent which can connect to Jenkins using TCP or Websocket protocols
PowerShell
466
star
22

helm-charts

Jenkins helm charts
Mustache
448
star
23

pipeline-aws-plugin

Jenkins Pipeline Step Plugin for AWS
Java
423
star
24

jenkins.rb

Deprecated, see https://www.jenkins.io/jep/7
Ruby
394
star
25

generic-webhook-trigger-plugin

Can receive any HTTP request, extract any values from JSON or XML and trigger a job with those values available as variables. Works with GitHub, GitLab, Bitbucket, Jira and many more.
Java
377
star
26

email-ext-plugin

Jenkins Email Extension Plugin
Java
338
star
27

dingtalk-plugin

Dingtalk for jenkins
Java
336
star
28

warnings-ng-plugin

Jenkins Warnings Plugin - Next Generation
Java
323
star
29

plugin-installation-manager-tool

Plugin Manager CLI tool for Jenkins
Java
301
star
30

mesos-plugin

Mesos Cloud Jenkins Plugin
Java
290
star
31

github-plugin

Jenkins GitHub plugin
Java
286
star
32

ec2-plugin

Jenkins ec2 plugin
Java
285
star
33

ssh-steps-plugin

Jenkins pipeline steps which provides SSH facilities such as command execution or file transfer for continuous delivery.
Java
273
star
34

ansicolor-plugin

Jenkins ANSI Color Plugin
Java
252
star
35

pipeline-utility-steps-plugin

Small, miscellaneous, cross platform utility steps for Jenkins Pipeline jobs.
Java
237
star
36

docker-agent

Base Docker image for Jenkins Agents
PowerShell
231
star
37

ansible-plugin

Jenkins Ansible plugin
Java
223
star
38

workflow-cps-global-lib-plugin

Java
223
star
39

hashicorp-vault-plugin

Jenkins plugin to populate environment variables from secrets stored in HashiCorp's Vault.
Java
218
star
40

lib-file-leak-detector

Java agent that detects file handle leak
Java
217
star
41

bitbucket-branch-source-plugin

Bitbucket Branch Source Plugin
Java
213
star
42

gerrit-trigger-plugin

Java
212
star
43

remoting

Jenkins Remoting module
Java
212
star
44

workflow-aggregator-plugin

211
star
45

android-emulator-plugin

Android Emulator plugin for Jenkins
Java
207
star
46

docker-slaves-plugin

A Jenkins plugin to run builds inside Docker containers
Java
205
star
47

github-branch-source-plugin

GitHub Branch Source Plugin
Java
205
star
48

pipeline-stage-view-plugin

Visualizes Jenkins pipelines
JavaScript
204
star
49

jenkinsfile-runner-github-actions

Jenkins single-shot pipeline execution in a GitHub Action POC
Shell
199
star
50

amazon-ecs-plugin

Amazon EC2 Container Service Plugin for Jenkins
Java
193
star
51

trilead-ssh2

Patched trilead-ssh2 used in Jenkins
Java
193
star
52

cucumber-reports-plugin

Jenkins plugin to generate cucumber-jvm reports
Java
192
star
53

docker-build-publish-plugin

Java
192
star
54

performance-plugin

Performance Test Running and Reporting for Jenkins CI
Java
190
star
55

jira-plugin

Jenkins jira plugin
Java
169
star
56

gitea-plugin

This plugin provides the Jenkins integration for Gitea.
Java
168
star
57

embeddable-build-status-plugin

Embed build status of Jenkins jobs in web pages
Java
167
star
58

stashnotifier-plugin

A Jenkins Plugin to notify Atlassian Stash|Bitbucket of build results
Java
163
star
59

docker-ssh-agent

Docker image for Jenkins agents connected over SSH
PowerShell
162
star
60

workflow-cps-plugin

Java
160
star
61

http-request-plugin

This plugin does a request to an url with some parameters.
Java
154
star
62

kubernetes-pipeline-plugin

Kubernetes Pipeline is Jenkins plugin which extends Jenkins Pipeline to provide native support for using Kubernetes pods, secrets and volumes to perform builds
Java
154
star
63

stapler

Stapler web framework
Java
154
star
64

tfs-plugin

Jenkins tfs plugin
Java
145
star
65

jep

Jenkins Enhancement Proposals
Shell
144
star
66

kubernetes-cd-plugin

A Jenkins plugin to deploy to Kubernetes cluster
Java
140
star
67

jacoco-plugin

Jenkins JaCoCo Plugin
Java
139
star
68

qy-wechat-notification-plugin

企业微信Jenkins构建通知插件
Java
138
star
69

swarm-plugin

Jenkins swarm plugin
Java
135
star
70

dependency-check-plugin

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Java
129
star
71

subversion-plugin

Jenkins subversion plugin
Java
127
star
72

git-parameter-plugin

Jenkins plugin for chosing Revision / Tag before build
Java
121
star
73

role-strategy-plugin

Jenkins Role-Strategy plugin
Java
120
star
74

groovy-sandbox

(Deprecated) Compile-time transformer to run Groovy code in a restrictive sandbox
Java
120
star
75

jenkins-design-language

Styles, assets, and React classes for Jenkins Design Language
TypeScript
116
star
76

acceptance-test-harness

Acceptance tests cases for Jenkins and its plugins based on selenium and docker.
Java
116
star
77

publish-over-ssh-plugin

Java
115
star
78

gitlab-branch-source-plugin

A Jenkins Plugin for GitLab Multibranch Pipeline jobs and Folder Organization
Java
115
star
79

scm-sync-configuration-plugin

Jenkins scm-sync-configuration plugin
Java
115
star
80

pipeline-as-yaml-plugin

Jenkins Pipeline As Yaml Plugin
Java
114
star
81

selenium-plugin

Jenkins selenium plugin
Java
112
star
82

docker-build-step-plugin

Java
111
star
83

jira-trigger-plugin

Triggers a build when a certain condition is matched in JIRA
Groovy
111
star
84

code-coverage-api-plugin

Deprecated Jenkins Code Coverage Plugin
Java
110
star
85

gradle-plugin

Jenkins gradle plugin
Java
109
star
86

cobertura-plugin

Jenkins cobertura plugin
Java
109
star
87

credentials-plugin

Provides Jenkins with extension points to securely store, manage, and bind credentials data to other Jenkins plugins, builds, pipelines, etc.
Java
107
star
88

jira-steps-plugin

Jenkins pipeline steps for integration with JIRA.
Java
105
star
89

artifactory-plugin

Jenkins artifactory plugin
Java
104
star
90

build-flow-plugin

A plugin to manage job orchestration
Groovy
103
star
91

github-oauth-plugin

Jenkins authentication plugin using GitHub OAuth as the source.
Java
102
star
92

throttle-concurrent-builds-plugin

Java
101
star
93

pipeline-graph-view-plugin

Java
99
star
94

promoted-builds-plugin

Jenkins Promoted Builds Plugin
Java
96
star
95

ssh-slaves-plugin

SSH Build Agents Plugin for Jenkins
Java
96
star
96

github-pr-coverage-status-plugin

Nice test coverage icon for your pull requests just from Jenkins
Java
93
star
97

jenkins-test-harness

Unit test framework for Jenkins core and its plugins
Java
92
star
98

localization-zh-cn-plugin

Chinese Localization for Jenkins
HTML
91
star
99

opentelemetry-plugin

Monitor and observe Jenkins with OpenTelemetry.
Java
90
star
100

office-365-connector-plugin

Office 365 Connector plugin sends jobs status notifications to Microsoft Teams or Outlook
Java
89
star