I am the owner of github organization and I have access to all repositories. Some of them are private and others are public. I am trying to set up Jenkins to trigger builds when a pull request is made to any repository of the organization. The problem is that i have an external system which is notified via github webhooks whenever a pull request is made. I have to integrate Jenkins with this system which is a requirement. This system can also trigger notifications to Jenkins via api requests. (https://python-jenkins.readthedocs.org/en/latest/examples.html)
I could see that all solutions to automatic Jenkins build triggers are related to github plugin of Jenkins. (https://wiki.jenkins-ci.org/display/JENKINS/GitHub+Plugin). I can't currently use it because i have an additional indirection with a new system in between github and Jenkins.
Currently when my system receives notification from github, it issues api request to build job with repository name and branch. Now, the jenkins job executes a shell script that does a git clone of the repository and run tests. I couldn't find a way to do a git clone of private repository of a organization.
Requirements
Jenkins build Console output is public and hence login related information should not be present inside the output.
Jenkins is built for entire organization and hence I don't want to add the ssh key to my github account.
What is the best/cleaner way to accomplish it?
You would normally handle this sort of thing by creating a read-only deploy key. A deploy key is an ssh (public) key associated with a single repository, rather than with your entire github account. By default a deploy key is read-only (unless you check the "allow write access" checkbox when adding the key).
That link also has some other suggestions for managing access to github repositories from automated processes.
来源:https://stackoverflow.com/questions/32030922/how-to-clone-a-private-repository-of-github-organization-in-a-jenkins-job