Jenkins and GitHub: Multiple Private Projects
Thursday, September 1, 2011 at 8:22AM I’m working with GitHub private repositories for the first time. I’m also working with using Jenkins with GitHub for the first time. As such, I’m learning a few things.
The first major hurdle I ran into was setting up checkout of multiple repositories.
Deploy Keys
Deploy keys are one-off keys that you add to a single repository that allow it to be checked out. For public repositories this isn’t necessary (although it does still exist) because anyone can access your repository read-only.
For private repositories you must use deploy keys unless you want full read-write access exposed to Jenkins.
The wrinkle is: How do you use a key for each checkout?
How To Do It
GitHub provides some help with their Multiple SSH Keys document. The only thing we need is a gentle push to make this work with Jenkins’ Git Plugin.
When you generate your keys, name them according to the project they will be used with.
ssh-keygen -t rsa -f ~/.ssh/id_rsa.projectA -C "Key for Project A"
After generating your key, add the public key into GitHub’s deploy keys.
In your Jenkins user’s $HOME, add a .ssh/config file, just like the GitHub instructions above. Then define a Host entry for each repository:
Host github-projectA
Hostname github.com
User git
IdentityFile ~/.ssh/id_rsa.projectA
For each of your projects, copy that block but change projectA to projectB in both the Host and IdentityFile lines. The Host line is defining a special hostname (which really points to github.com via the Hostname line). This differentiation tells ssh to use a different key.
The final step is to modify the repository that we’ll be checking out:
git@github-projectA:iinteractive/prg-labor.git
The github-projectA ties us back to our Host setting above.
Fin!
With these instructions you should be able to safely add one-off deploy keys to enable your Jenkin’s server to checkout all your projects. Go forth and integrate. Continuously!
Update Corrected -C option to ssh-keygen
