[JENKINS-37817] checkout scm should be able to override extensions/settings - Jenkins Jira

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Duplicate
Component/s: github-organization-folder-plugin, pipeline
Labels:
None
Environment:
Jenkins 2.7.3
Git-Plugin: 3.0.0
GitHub Organization Folder Plugin: 1.5
GitHub plugin: 1.21.1

Similar Issues:

Show

Description

When trying to use scm.branches in a Jenkinsfile to perform a shallow clone:

checkout([
        $class: 'GitSCM',
        branches: scm.branches,
        doGenerateSubmoduleConfigurations: scm.doGenerateSubmoduleConfigurations,
        extensions: scm.extensions + [[$class: 'CloneOption', noTags: false, reference: '', shallow: true]],
        submoduleCfg: [],
        userRemoteConfigs: scm.userRemoteConfigs
      ])

I get this error:

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches
	at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:176)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor$6.reject(SandboxInterceptor.java:243)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:363)
	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:24)
	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
	at WorkflowScript.run(WorkflowScript:12)
	at ___cps.transform___(Native Method)
	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.get(PropertyishBlock.java:74)
	at com.cloudbees.groovy.cps.LValueBlock$GetAdapter.receive(LValueBlock.java:30)
	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.fixName(PropertyishBlock.java:66)
	at sun.reflect.GeneratedMethodAccessor751.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
	at com.cloudbees.groovy.cps.Next.step(Next.java:58)
	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:361)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:80)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:236)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:226)
	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

I would expect that I should be able to access scm.branches though I would prefer an easier way to just modify or copy-and-change the scm object.

Attachments

Issue Links

duplicates

JENKINS-37658 Github-branch-source plugin should support git plugin extensions

Closed

is related to

JENKINS-31924 GitSCMSource should offer extensions

Closed

JENKINS-38111 github organization should allow 'clean before checkout' behavior

Resolved

JENKINS-37658 Github-branch-source plugin should support git plugin extensions

Closed

JENKINS-42860 RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches

Closed

Activity

Ascending order - Click to sort in descending order

5 older comments

Hide

Permalink

Christian Höltje added a comment - 2016-09-13 00:37

What does that mean I put into a Jenkinsfile?

I tried scm.extensions.add([$class: 'CloneOption', noTags: false, reference: '', shallow: true]) but that didn't do anything.

scm itself seems to be a GitSCM object, not a GitSCMSource.

And the pipeline syntax snippets generator doesn't have anything for checkout with scm, only manually specifying everything by hand, which defeats the purpose of using the Github Org Folders plugin (which provides scm for you).

Show

Christian Höltje added a comment - 2016-09-13 00:37 What does that mean I put into a Jenkinsfile ? I tried scm.extensions.add( [$class: 'CloneOption', noTags: false, reference: '', shallow: true] ) but that didn't do anything. scm itself seems to be a GitSCM object, not a GitSCMSource . And the pipeline syntax snippets generator doesn't have anything for checkout with scm , only manually specifying everything by hand, which defeats the purpose of using the Github Org Folders plugin (which provides scm for you).

Hide

Permalink

Christian Höltje added a comment - 2016-09-13 19:35

This is still an issue. I don't have a way to work around it, short of approving everything in Jenkinsfiles, which isn't a solution.

In addition, I have more use cases... I need to be able to specify I need submodules for a project.

In case it wasn't clear originally, I'm using the Github Org Folder Plugin, which means I don't have a web-ui where I can add these GitSCM.extenions.

I don't know what the GitSCMSource object is or how to get it. I only have the scm object, which is a GitSCM object.

It seems like there should be a way to modify (some) of the GitSCM object from the Jenkinsfile (not the ref or branch or url).

I would expect to be able to do something like this:

scm.add_extension([$class: 'CloneOption', noTags: false, reference: '', shallow: true]);
checkout scm;

Though even that is painful. :-/ I'm not even sure how that would appear (or if it would appear) in the pipeline snippet generator.

Show

Christian Höltje added a comment - 2016-09-13 19:35 This is still an issue. I don't have a way to work around it, short of approving everything in Jenkinsfiles , which isn't a solution. In addition, I have more use cases... I need to be able to specify I need submodules for a project. In case it wasn't clear originally, I'm using the Github Org Folder Plugin, which means I don't have a web-ui where I can add these GitSCM.extenions . I don't know what the GitSCMSource object is or how to get it. I only have the scm object, which is a GitSCM object. It seems like there should be a way to modify (some) of the GitSCM object from the Jenkinsfile (not the ref or branch or url). I would expect to be able to do something like this: scm.add_extension([$class: 'CloneOption', noTags: false, reference: '', shallow: true]); checkout scm; Though even that is painful. :-/ I'm not even sure how that would appear (or if it would appear) in the pipeline snippet generator.

Hide

Permalink

Evan Borgstrom added a comment - 2016-09-22 20:55

I also need the ability to checkout submodules and would like to specify clean before checkout.

Show

Evan Borgstrom added a comment - 2016-09-22 20:55 I also need the ability to checkout submodules and would like to specify clean before checkout.

Hide

Permalink

Evan Borgstrom added a comment - 2016-09-26 15:54

I found https://support.cloudbees.com/hc/en-us/articles/226122247-How-to-Customize-Checkout-for-Pipeline-Multibranch that indicates that ~~JENKINS-37658~~ is the ticket for tracking the changes to allow extensions for GitHub Multibranch projects.

Show

Evan Borgstrom added a comment - 2016-09-26 15:54 I found https://support.cloudbees.com/hc/en-us/articles/226122247-How-to-Customize-Checkout-for-Pipeline-Multibranch that indicates that JENKINS-37658 is the ticket for tracking the changes to allow extensions for GitHub Multibranch projects.

Hide

Permalink

Sorin Sbarnea added a comment - 2017-03-17 22:40

Any updates on this? I find really confusing that the getBranches permission cannot be approved at never reaches the Script approval list. Have a look at this sample pipeline that replicates the error: https://github.com/pycontribs/powertape/blob/master/Jenkinsfile#L72

Show

Sorin Sbarnea added a comment - 2017-03-17 22:40 Any updates on this? I find really confusing that the getBranches permission cannot be approved at never reaches the Script approval list. Have a look at this sample pipeline that replicates the error: https://github.com/pycontribs/powertape/blob/master/Jenkinsfile#L72

Jenkins

checkout scm should be able to override extensions/settings

Details

Description

Attachments

Issue Links

Activity

People

Dates