Currently control files are generated in a subdirectory of the workspace. This is causing various issues because some build steps are not expecting these extra files which are internal to Jenkins.

      These could be generated instead in a temporary directory or in a specific subfolder of the slave root instead.

          [JENKINS-27152] Store sh control files outside of workspace

          Vincent Latombe created issue -
          Vincent Latombe made changes -
          Summary Original: Store bourneshell control file outside of workspace New: Store bourneshell control files outside of workspace
          Vincent Latombe made changes -
          Link New: This issue is related to JENKINS-26105 [ JENKINS-26105 ]
          Vincent Latombe made changes -
          Remote Link New: This issue links to "[jenkins-users] Workflow Plugin - Performing a Release (Web Link)" [ 12127 ]

          A C added a comment -

          This is a very significant flaw with this plugin. The temporary-directory solution in the workspace is still far less than ideal, this really should use a system-provided temporary directory.

          A C added a comment - This is a very significant flaw with this plugin. The temporary-directory solution in the workspace is still far less than ideal, this really should use a system-provided temporary directory.

          Jesse Glick added a comment -

          Agreed. A subfolder of the slave root would probably be safest.

          A little trickier than merely changing the directory location, though, since the volumes parameter here must be adjusted to include that location, meaning some kind of API from durable-task by which docker-workflow could find that temporary directory.

          Jesse Glick added a comment - Agreed. A subfolder of the slave root would probably be safest. A little trickier than merely changing the directory location, though, since the volumes parameter here must be adjusted to include that location, meaning some kind of API from durable-task by which docker-workflow could find that temporary directory.
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-26133 [ JENKINS-26133 ]
          Jesse Glick made changes -
          Link New: This issue is duplicated by JENKINS-30240 [ JENKINS-30240 ]

          Jesse Glick added a comment -

          It was also found that CLI Git checkouts using SSH private keys create temporary files which must be put in a standardized location. Seems there needs to be some shadow directory created on demand for any workspace where temporary files may be placed which are only intended to be accessed by build steps running in that workspace.

          credentials-binding should also be updated to use such a location for its temporary files.

          The lack of this API was just never noticed until Image.inside came along, because plugins simply assumed that build steps using a workspace could also access arbitrary files created on the same computer by the slave agent.

          Jesse Glick added a comment - It was also found that CLI Git checkouts using SSH private keys create temporary files which must be put in a standardized location. Seems there needs to be some shadow directory created on demand for any workspace where temporary files may be placed which are only intended to be accessed by build steps running in that workspace. credentials-binding should also be updated to use such a location for its temporary files . The lack of this API was just never noticed until Image.inside came along, because plugins simply assumed that build steps using a workspace could also access arbitrary files created on the same computer by the slave agent.
          Jesse Glick made changes -
          Labels Original: robustness workflow New: api docker robustness workflow

            jglick Jesse Glick
            vlatombe Vincent Latombe
            Votes:
            7 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: