Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43802

Shared Library using folder-scoped credential fails to authenticate

    XMLWordPrintable

Details

    Description

      In my GitHub Org job (using GitHub Enterprise), I added a pipeline lib source that is in GitHub.  If the scan credential is scoped to the job (created in the job, vs created in the global credential store), there are two problems:

      1) The config page under branch shows an error instead of "Currently maps to revision: $SHA".

      2) If using a job-scoped credential, the "git fetch" in the job execution does not contain a line saying "Setting GIT_ASKPASS ..."

      If I switch to the identical credential stored in the global scope, both the config page and the git fetch (GIT_ASKPASS) works.

      I can give more details or try to isolate the problem if needed (standalone, minimal sets of plugins).

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-64803 Shared Library using folder-scoped credential fails to authenticate when using tags

          • Major - Major loss of function.
          • Closed
          links to

          Web Link CloudBees Internal CD-645

          Web Link git #708

          Web Link github-branch-source #221

          Web Link mercurial #127

          Web Link scm-api #65

          Web Link subversion #232

          Web Link workflow-cps-global-lib #68

          Activity

            Descending order - Click to sort in ascending order
            degelma Marian Degel added a comment -

            jglick: Thanks for the info, I'll do that.

            degelma Marian Degel added a comment - jglick : Thanks for the info, I'll do that.
            jglick Jesse Glick added a comment -

            degelma please do not reopen issues in general. You can file a fresh issue in git-plugin with a Link to this one and complete, self-contained, minimal steps to reproduce from scratch.

            jglick Jesse Glick added a comment - degelma please do not reopen issues in general. You can file a fresh issue in git-plugin with a Link to this one and complete, self-contained, minimal steps to reproduce from scratch.
            degelma Marian Degel added a comment - - edited

            We got the same problem as asbachb describes.

            While using "Modern SCM > GIT", trying to fetch tag references fails like this:

            ...
12:51:26  Fetching origin...
12:51:26  Fetching upstream changes from origin
12:51:26   > git --version # timeout=10
12:51:26   > git --version # 'git version 2.11.0'
12:51:26   > git config --get remote.origin.url # timeout=10
12:51:26   > git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/* # timeout=10
12:51:26  ERROR: Checkout failed
12:51:26  hudson.plugins.git.GitException: Command "git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/*" returned status code 128:
12:51:26  stdout: 
12:51:26  stderr: remote: HTTP Basic: Access denied
...

            In case we use a branch it works. In case we use a tag, it doesn't.

            When specifying the credential in the global scope instead of folder scope, we can also checkout the tag as intended.

            Currently we're using: workflow-cps-global-lib-plugin 2.17

            degelma Marian Degel added a comment - - edited We got the same problem as asbachb  describes. While using "Modern SCM > GIT", trying to fetch tag references fails like this: ... 12:51:26 Fetching origin... 12:51:26 Fetching upstream changes from origin 12:51:26 > git --version # timeout=10 12:51:26 > git --version # 'git version 2.11.0' 12:51:26 > git config --get remote.origin.url # timeout=10 12:51:26 > git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/* # timeout=10 12:51:26 ERROR: Checkout failed 12:51:26 hudson.plugins.git.GitException: Command "git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/*" returned status code 128: 12:51:26 stdout: 12:51:26 stderr: remote: HTTP Basic: Access denied ... In case we use a branch it works. In case we use a tag, it doesn't. When specifying the credential in the global scope instead of folder scope, we can also checkout the tag as intended. Currently we're using: workflow-cps-global-lib-plugin 2.17
            asbachb Benjamin Asbach added a comment - - edited

            matthiasbalke, can you confirm that the issue is fixed for "Modern SCM > GIT"?

            I get a quite similar issue for linked Pipeline Libraries where branch references can authenticate, but tag references are unable to.

            asbachb Benjamin Asbach added a comment - - edited matthiasbalke , can you confirm that the issue is fixed for "Modern SCM > GIT"? I get a quite similar issue for linked Pipeline Libraries where branch references can authenticate, but tag references are unable to.
            markewaite Mark Waite added a comment -

            Sorry about that mistake. I failed to read the comment which says that it was released in git plugin 3.11.0. Returning to CLOSED since it is resolved.

            markewaite Mark Waite added a comment - Sorry about that mistake. I failed to read the comment which says that it was released in git plugin 3.11.0. Returning to CLOSED since it is resolved.
            View 14 older comments

            People

              Unassigned Unassigned
              vallon Justin Vallon
              Votes:
              24 Vote for this issue
              Watchers:
              30 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: