Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37817

checkout scm should be able to override extensions/settings

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When trying to use scm.branches in a Jenkinsfile to perform a shallow clone:

      checkout([
              $class: 'GitSCM',
              branches: scm.branches,
              doGenerateSubmoduleConfigurations: scm.doGenerateSubmoduleConfigurations,
              extensions: scm.extensions + [[$class: 'CloneOption', noTags: false, reference: '', shallow: true]],
              submoduleCfg: [],
              userRemoteConfigs: scm.userRemoteConfigs
            ])
      

      I get this error:

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:176)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor$6.reject(SandboxInterceptor.java:243)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:363)
      	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
      	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:24)
      	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
      	at WorkflowScript.run(WorkflowScript:12)
      	at ___cps.transform___(Native Method)
      	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.get(PropertyishBlock.java:74)
      	at com.cloudbees.groovy.cps.LValueBlock$GetAdapter.receive(LValueBlock.java:30)
      	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.fixName(PropertyishBlock.java:66)
      	at sun.reflect.GeneratedMethodAccessor751.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
      	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
      	at com.cloudbees.groovy.cps.Next.step(Next.java:58)
      	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
      	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
      	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
      	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
      	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
      	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
      	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:361)
      	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:80)
      	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:236)
      	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:226)
      	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
      	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      

      I would expect that I should be able to access scm.branches though I would prefer an easier way to just modify or copy-and-change the scm object.

        Attachments

          Issue Links

            Activity

            Hide
            docwhat Christian Höltje added a comment -

            What does that mean I put into a Jenkinsfile?

            I tried scm.extensions.add([$class: 'CloneOption', noTags: false, reference: '', shallow: true]) but that didn't do anything.

            scm itself seems to be a GitSCM object, not a GitSCMSource.

            And the pipeline syntax snippets generator doesn't have anything for checkout with scm, only manually specifying everything by hand, which defeats the purpose of using the Github Org Folders plugin (which provides scm for you).

            Show
            docwhat Christian Höltje added a comment - What does that mean I put into a Jenkinsfile ? I tried scm.extensions.add( [$class: 'CloneOption', noTags: false, reference: '', shallow: true] ) but that didn't do anything. scm itself seems to be a GitSCM object, not a GitSCMSource . And the pipeline syntax snippets generator doesn't have anything for checkout with scm , only manually specifying everything by hand, which defeats the purpose of using the Github Org Folders plugin (which provides scm for you).
            Hide
            docwhat Christian Höltje added a comment -

            This is still an issue. I don't have a way to work around it, short of approving everything in Jenkinsfiles, which isn't a solution.

            In addition, I have more use cases... I need to be able to specify I need submodules for a project.

            In case it wasn't clear originally, I'm using the Github Org Folder Plugin, which means I don't have a web-ui where I can add these GitSCM.extenions.

            I don't know what the GitSCMSource object is or how to get it. I only have the scm object, which is a GitSCM object.

            It seems like there should be a way to modify (some) of the GitSCM object from the Jenkinsfile (not the ref or branch or url).

            I would expect to be able to do something like this:

            scm.add_extension([$class: 'CloneOption', noTags: false, reference: '', shallow: true]);
            checkout scm;
            

            Though even that is painful. :-/ I'm not even sure how that would appear (or if it would appear) in the pipeline snippet generator.

            Show
            docwhat Christian Höltje added a comment - This is still an issue. I don't have a way to work around it, short of approving everything in Jenkinsfiles , which isn't a solution. In addition, I have more use cases... I need to be able to specify I need submodules for a project. In case it wasn't clear originally, I'm using the Github Org Folder Plugin, which means I don't have a web-ui where I can add these GitSCM.extenions . I don't know what the GitSCMSource object is or how to get it. I only have the scm object, which is a GitSCM object. It seems like there should be a way to modify (some) of the GitSCM object from the Jenkinsfile (not the ref or branch or url). I would expect to be able to do something like this: scm.add_extension([$class: 'CloneOption', noTags: false, reference: '', shallow: true]); checkout scm; Though even that is painful. :-/ I'm not even sure how that would appear (or if it would appear) in the pipeline snippet generator.
            Hide
            borgstrom Evan Borgstrom added a comment -

            I also need the ability to checkout submodules and would like to specify clean before checkout.

            Show
            borgstrom Evan Borgstrom added a comment - I also need the ability to checkout submodules and would like to specify clean before checkout.
            Hide
            borgstrom Evan Borgstrom added a comment -

            I found https://support.cloudbees.com/hc/en-us/articles/226122247-How-to-Customize-Checkout-for-Pipeline-Multibranch that indicates that JENKINS-37658 is the ticket for tracking the changes to allow extensions for GitHub Multibranch projects.

            Show
            borgstrom Evan Borgstrom added a comment - I found https://support.cloudbees.com/hc/en-us/articles/226122247-How-to-Customize-Checkout-for-Pipeline-Multibranch that indicates that JENKINS-37658 is the ticket for tracking the changes to allow extensions for GitHub Multibranch projects.
            Hide
            ssbarnea Sorin Sbarnea added a comment -

            Any updates on this? I find really confusing that the getBranches permission cannot be approved at never reaches the Script approval  list. Have a look at this sample pipeline that replicates the error: https://github.com/pycontribs/powertape/blob/master/Jenkinsfile#L72

            Show
            ssbarnea Sorin Sbarnea added a comment - Any updates on this? I find really confusing that the getBranches permission cannot be approved at never reaches the Script approval  list. Have a look at this sample pipeline that replicates the error:  https://github.com/pycontribs/powertape/blob/master/Jenkinsfile#L72

              People

              Assignee:
              jglick Jesse Glick
              Reporter:
              docwhat Christian Höltje
              Votes:
              4 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: