Jenkins - Git Submodule Credentials Different from Parent Repo

Background

Jenkins is being used to build an artifact from a Git repo that has a Git submodule. The submodule(s) are not in the same repo or even at the same endpoint as the parent project. The problem is that parent repo checks out fine because the credential, ssh key A, is associated with the main/parent repo but, not surprisingly, fails on the submodule because the credential, ssh key B, is not associated with the repo from Jenkins' point of view.

It's surprising that Jenkins does not have better out-of-the-box support for Git submodules; time to contribute.

Questions

  1. Is there a way to store multiple credentials for a single Git repo?
  2. If the answer is no, why does Jenkins, under Advanced sub-modules behaviours provide the option to Use credentials from default remote of parent repository as shown below?
  3. What other approach is there for dealing with Jenkins and Git submodules with different credentials?

enter image description here

System Info

Running Jenkins on Docker Machine (Locally)

Running Jenkins on CentOS (Production)

Jenkins Version: 2.60.2 (both)

Git Plugin Version: 3.6.4 (both)


Yes this is easily done. You can create pub/private key pair and set it up as a github deploy key (if you are using git hub if not, then as a key set in whatever you do use). You can add that as a Jenkins credential (provided you have the credentials plugin installed).

Username: [email protected]
Private Key:  the private key for that key set
Passphrase:  whatever passphrase you used
ID: aws-jenkins-github-deploykey (just an example name)
Description: some useful text

The ID maps to the credentialsId below

checkout changelog: true, poll: false, scm: [$class: 'GitSCM',
     branches: [[name: "branch name, commit sha, or tag/tagname" ]],
     userRemoteConfigs: [[
     credentialsId: 'aws-jenkins-github-deploykey',
     url: '[email protected]:myorg/myrepo.git']]]

When this Pipeline code runs, it checks out the repo at the branch, commit, etc to the working directory. You can also specify the directory.

So you can use this to checkout a bunch of repos and use specific branches for them.