This guide will be made text-only, I don't have any intention converting this into a video.
Warning
In order for any of these below methods to work, you MUST run your Jenkins instance on Linux.
You are doing a project with your partners, however, the official guide to Jenkins by HUST only supports public repository. How can I hide my code from other friends, who are trying to take some ideas from my code (they may copy my code LMAO)?
- Create yourself a pair of SSH key
teebow1e@TRUNGTQT-VOS14:~/sshkey-github-soict$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/teebow1e/.ssh/id_ed25519): ./id_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_ed25519
Your public key has been saved in ./id_ed25519.pub
The key fingerprint is:
SHA256:ezCQabkBUYotvl+L7Y0R8CUvK18MO6ik04VBr/uRzy8 teebow1e@TRUNGTQT-VOS14
The key's randomart image is:
+--[ED25519 256]--+
<REDACTED><REDACTED>
+----[SHA256]-----+
- After this, you will have 2 file, a public key
.puband a private key. - Add the public key to your Github account, for more information please refer to my previous gist about adding SSH key to Github.
- The private key will be added into Jenkins
- Change your pipeline script into this
Make sure to double check the SonarQube instance name
Manage Jenkins -> System -> SonarQube servers -> take the Name
Get the Repo clone address here (choose SSH)
// Written by teebow1e@HUST_VNCERT/CC
pipeline {
agent any
environment {
GIT_SSH_KEY = credentials('<CREDENTIALS_ID>') // the ID i told you to remember
SCANNER_HOME = tool 'SonarQube Scanner'
}
stages {
stage('SCM') {
steps {
script {
// Clone the repository using SSH key
sh "rm -rf <repo-name>" // delete the repo folder if it's already existed
// the reason why I do this, is because when you create a pair of key in a machine, and bring them into another machine
// the Jenkins machine will not accept that key, disabling will make Jenkins machine trust this pair of keys
sh "mkdir -p ~/.ssh && touch ~/.ssh/config"
sh 'echo "StrictHostKeyChecking no" > ~/.ssh/config'
// add the key to SSH agent, then clone repo
sh "ssh-agent bash -c 'ssh-add ${GIT_SSH_KEY}; git clone <clone-address>'"
}
}
}
stage('SonarQube Analysis') {
steps {
// delete this line
// your SonarQube instance may have a different name than mine, so check yours and put in the ()
withSonarQubeEnv('SonarQube') {
sh "${env.SCANNER_HOME}/bin/sonar-scanner -Dsonar.java.binaries=. -Dsonar.projectKey=<sonar-prj-key> -Dsonar.login=<sonar-login-secret>"
}
}
}
}
}
Using this way, you will not have to risk exposing your SSH key during pipeline. (also serve as an alternative if the above method is not working)
- Generate a pair of SSH key, add the public one to GitHub, the private will be put inside the Jenkins machine.
Base64 Encoded for easier transportation between machine
At this point, the SSH key is inside the machine, ready to be used!
- Modify the pipeline script
// Written by teebow1e@HUST_VNCERT/CC
pipeline {
agent any // You can specify the agent as per your requirement
environment {
SCANNER_HOME = tool 'SonarQube Scanner' // Assigning SonarQube scanner tool
}
stages {
stage('SCM') {
steps {
script {
sh "ssh-agent bash -c 'ssh-add /var/jenkins_home/.ssh/id_ed25519'" // your SSH key file may differ
// Clone the repository using SSH key
sh "rm -rf <repo-name>" // delete if exists
sh "mkdir -p ~/.ssh && touch ~/.ssh/config"
sh 'echo "StrictHostKeyChecking no" > ~/.ssh/config'
sh "git clone <repo-link>"
}
}
}
stage('SonarQube Analysis') {
steps {
// Running SonarQube analysis
withSonarQubeEnv('SonarQube') {
sh "${env.SCANNER_HOME}/bin/sonar-scanner -Dsonar.java.binaries=. -Dsonar.projectKey=<sonar-prjkey> -Dsonar.login=<sonar-login-secret>"
}
}
}
}
}
- Fix some security issue of passing SSH keys directly into Jenkins (okay for private/local server, not okay if that Jenkins is shared/exposed to Internet)