One Mo' Gin

I’m working with GitHub private repositories for the first time. I’m also working with using Jenkins with GitHub for the first time. As such, I’m learning a few things.

The first major hurdle I ran into was setting up checkout of multiple repositories.

Deploy Keys

Deploy keys are one-off keys that you add to a single repository that allow it to be checked out. For public repositories this isn’t necessary (although it does still exist) because anyone can access your repository read-only.

For private repositories you must use deploy keys unless you want full read-write access exposed to Jenkins.

The wrinkle is: How do you use a key for each checkout?

How To Do It

GitHub provides some help with their Multiple SSH Keys document. The only thing we need is a gentle push to make this work with Jenkins’ Git Plugin.

When you generate your keys, name them according to the project they will be used with.

ssh-keygen -t rsa -f ~/.ssh/id_rsa.projectA -C "Key for Project A"

After generating your key, add the public key into GitHub’s deploy keys.

In your Jenkins user’s $HOME, add a .ssh/config file, just like the GitHub instructions above. Then define a Host entry for each repository:

Host github-projectA
    Hostname github.com
    User git
    IdentityFile ~/.ssh/id_rsa.projectA

For each of your projects, copy that block but change projectA to projectB in both the Host and IdentityFile lines. The Host line is defining a special hostname (which really points to github.com via the Hostname line). This differentiation tells ssh to use a different key.

The final step is to modify the repository that we’ll be checking out:

git@github-projectA:iinteractive/prg-labor.git

The github-projectA ties us back to our Host setting above.

Fin!

With these instructions you should be able to safely add one-off deploy keys to enable your Jenkin’s server to checkout all your projects. Go forth and integrate. Continuously!

Update Corrected -C option to ssh-keygen