Gogs integrates with external identity providers and also features its own basic username/password authentication, which I'm using in my setup. This is not secure over HTTP, so, in a real environment, I would use SSH or HTTPS for Git, either by packaging a Secure Sockets Layer (SSL) certificate in the image, or by using a proxy server in front of Gogs.
In the Users section of the Gogs admin interface, I've created a jenkins user and given it read access to the docker-on-windows Git repository, which I'll use for my sample CI/CD job:
Jenkins will pull the source code repository from Gogs, authenticating as the jenkins user. I've added the username and password to Jenkins as global credentials so that they can be used by any job:
Jenkins doesn't display the password once entered, and it records an audit trail for all the jobs that use the credential, so this is a secure way of authenticating. My Jenkins container is running with a volume that mounts the Docker named pipe from the Windows host so that it can work with the Docker Engine without authenticating.