-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
Jenkins 2.7.3
Git-Plugin: 3.0.0
GitHub Organization Folder Plugin: 1.5
GitHub plugin: 1.21.1
When trying to use scm.branches in a Jenkinsfile to perform a shallow clone:
checkout([
$class: 'GitSCM',
branches: scm.branches,
doGenerateSubmoduleConfigurations: scm.doGenerateSubmoduleConfigurations,
extensions: scm.extensions + [[$class: 'CloneOption', noTags: false, reference: '', shallow: true]],
submoduleCfg: [],
userRemoteConfigs: scm.userRemoteConfigs
])
I get this error:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:176) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor$6.reject(SandboxInterceptor.java:243) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:363) at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241) at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:24) at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20) at WorkflowScript.run(WorkflowScript:12) at ___cps.transform___(Native Method) at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.get(PropertyishBlock.java:74) at com.cloudbees.groovy.cps.LValueBlock$GetAdapter.receive(LValueBlock.java:30) at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.fixName(PropertyishBlock.java:66) at sun.reflect.GeneratedMethodAccessor751.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72) at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21) at com.cloudbees.groovy.cps.Next.step(Next.java:58) at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154) at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18) at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33) at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108) at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30) at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164) at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:361) at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:80) at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:236) at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:226) at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112) at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
I would expect that I should be able to access scm.branches though I would prefer an easier way to just modify or copy-and-change the scm object.
- duplicates
-
JENKINS-37658 Github-branch-source plugin should support git plugin extensions
-
- Closed
-
- is related to
-
JENKINS-31924 GitSCMSource should offer extensions
-
- Closed
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
[JENKINS-37817] checkout scm should be able to override extensions/settings
Actually, approving seems to lead down a rat-hole of having to approve a boat-load of things, which isn't acceptable.
Okay, you can't access scm.extensions, scm.doGenerateSubmoduleConfigurations, nor scm.userRemoteConfigs. The same org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException error each time.
What's the right way to modify the SCM options, then?
Here is the list of all the methods I had to approve to get this to work:
method hudson.plugins.git.GitSCM getBranches method hudson.plugins.git.GitSCM getUserRemoteConfigs method hudson.plugins.git.GitSCM isDoGenerateSubmoduleConfigurations method hudson.plugins.git.GitSCMBackwardCompatibility getExtensions staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.lang.Iterable staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.lang.Object
As of a recent change, you should be able to specify the desired extensions directly in the GitSCMSource, avoiding the need to patch scm at all.
What does that mean I put into a Jenkinsfile?
I tried scm.extensions.add([$class: 'CloneOption', noTags: false, reference: '', shallow: true]) but that didn't do anything.
scm itself seems to be a GitSCM object, not a GitSCMSource.
And the pipeline syntax snippets generator doesn't have anything for checkout with scm, only manually specifying everything by hand, which defeats the purpose of using the Github Org Folders plugin (which provides scm for you).
This is still an issue. I don't have a way to work around it, short of approving everything in Jenkinsfiles, which isn't a solution.
In addition, I have more use cases... I need to be able to specify I need submodules for a project.
In case it wasn't clear originally, I'm using the Github Org Folder Plugin, which means I don't have a web-ui where I can add these GitSCM.extenions.
I don't know what the GitSCMSource object is or how to get it. I only have the scm object, which is a GitSCM object.
It seems like there should be a way to modify (some) of the GitSCM object from the Jenkinsfile (not the ref or branch or url).
I would expect to be able to do something like this:
scm.add_extension([$class: 'CloneOption', noTags: false, reference: '', shallow: true]); checkout scm;
Though even that is painful. :-/ I'm not even sure how that would appear (or if it would appear) in the pipeline snippet generator.
Evan Borgstrom
added a comment - I also need the ability to checkout submodules and would like to specify clean before checkout.
Evan Borgstrom
added a comment - I also need the ability to checkout submodules and would like to specify clean before checkout. Evan Borgstrom
added a comment - I found https://support.cloudbees.com/hc/en-us/articles/226122247-How-to-Customize-Checkout-for-Pipeline-Multibranch that indicates that JENKINS-37658 is the ticket for tracking the changes to allow extensions for GitHub Multibranch projects.
Evan Borgstrom
added a comment - I found https://support.cloudbees.com/hc/en-us/articles/226122247-How-to-Customize-Checkout-for-Pipeline-Multibranch that indicates that JENKINS-37658 is the ticket for tracking the changes to allow extensions for GitHub Multibranch projects. Any updates on this? I find really confusing that the getBranches permission cannot be approved at never reaches the Script approval list. Have a look at this sample pipeline that replicates the error: https://github.com/pycontribs/powertape/blob/master/Jenkinsfile#L72
And FYI: I'm aware that I can approve it via the script permission page; however, I feel this should just work out of the box.