-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 2.32
Pipeline: Shared Groovy Libraries 2.7
GitHub Branch Source Plugin 2.0.4
-
-
workflow-cps-global-lib 2.14 https://github.com/jenkinsci/mercurial-plugin/releases/tag/mercurial-2.7
In my GitHub Org job (using GitHub Enterprise), I added a pipeline lib source that is in GitHub. If the scan credential is scoped to the job (created in the job, vs created in the global credential store), there are two problems:
1) The config page under branch shows an error instead of "Currently maps to revision: $SHA".
2) If using a job-scoped credential, the "git fetch" in the job execution does not contain a line saying "Setting GIT_ASKPASS ..."
If I switch to the identical credential stored in the global scope, both the config page and the git fetch (GIT_ASKPASS) works.
I can give more details or try to isolate the problem if needed (standalone, minimal sets of plugins).
![dots-team Config [Jenkins] 2017-08-16 12-54-50.jpg](/secure/attachment/39304/dots-team%20Config%20%5BJenkins%5D%202017-08-16%2012-54-50.jpg)
- relates to
-
-
- Closed
-
- links to
[JENKINS-43802] Shared Library using folder-scoped credential fails to authenticate
Justin Vallon
added a comment - So, you believe this should work? I'll try to reproduce from a clean config, if that is the case.
Justin Vallon
added a comment - So, you believe this should work? I'll try to reproduce from a clean config, if that is the case. If you mean defining credentials in the organization folder’s configuration screen, then yes it ought to work.
Wilm Schomburg
added a comment - I have the same problem. It's possible to select ssh folder-scoped credentials in the job configuration for the Shared Library, but they didn't work. It only works with global credentials for me. I tested the ssh key and it's correct.
Wilm Schomburg
added a comment - I have the same problem. It's possible to select ssh folder-scoped credentials in the job configuration for the Shared Library, but they didn't work. It only works with global credentials for me. I tested the ssh key and it's correct. 
Sonny Garcia
added a comment - I can confirm the same behavior that wilm is seeing. I created two separate credentials for github access (same content), one inside the global Jenkins store and the other scoped to a folder. When attempting to configure access to a shared library inside the aforementioned folder, the global credential works and the folder credential does not.
I've included an attachment with the error message that shows up in the UI in the latter case. 
Here's my current environment:
- Jenkins – 2.60.2
- Pipeline: Shared Groovy Libraries – 2.8
- Credentials Plugin – 2.1.14
- GitHub Branch Source Plugin – 2.2.3
Sonny Garcia
added a comment - I can confirm the same behavior that wilm is seeing. I created two separate credentials for github access (same content), one inside the global Jenkins store and the other scoped to a folder. When attempting to configure access to a shared library inside the aforementioned folder, the global credential works and the folder credential does not.
I've included an attachment with the error message that shows up in the UI in the latter case.
Here's my current environment:
Jenkins – 2.60.2
Pipeline: Shared Groovy Libraries – 2.8
Credentials Plugin – 2.1.14
GitHub Branch Source Plugin – 2.2.3
I suspect the problem is that SCMSource.owner is not being set in this context. If so, would probably require API changes coördinated across multiple plugins to fix. TBD.
Thomas Bächler
added a comment - I can confirm this issue, since I am not experiencing it since JENKINS-45844
Thomas Bächler
added a comment - I can confirm this issue, since I am not experiencing it since JENKINS-45844 has been resolved. The workaround of using the Legacy SCM option still works. This is a one year old issue and it's blocking us ,when will it be resolved ?
Martin Hegarty
added a comment - Also waiting on this issue to be resolved. While using the 'Legacy SCM' option works for us, it in turn exposes us to JENKINS-44075 meaning that we can not specify the shared library version to check out in our Jenkinsfile.
Martin Hegarty
added a comment - Also waiting on this issue to be resolved. While using the 'Legacy SCM' option works for us, it in turn exposes us to JENKINS-44075 meaning that we can not specify the shared library version to check out in our Jenkinsfile. Also waiting on this issue to be resolved. The 'Legacy SCM' doesn't work for us, because it doesn't able us to use 'system' scoped credentials. The goal for us is to able people using exposed shared library without having the access to the repository itself.
Reproduced. The attached JENKINS-43802.diff solves the issue in the reported case and so confirms my hypothesis of 2017-08-21, but it is not thread-safe, and will not work for non-multibranch projects. The thread safety could be addressed with some hacks, but the extension to plain projects seems possible only with some API changes and their use in various SCM plugins.
Also regular GIT checkouts using "Modern SCM > GIT" are affected by this! Are there any plans on fixing this bug in the near future?
markewaite is there a reason you just marked this issue (and another one similar to it) FIXED BUT UNRELEASED when there is in fact a release with the fix?
Sorry about that mistake. I failed to read the comment which says that it was released in git plugin 3.11.0. Returning to CLOSED since it is resolved.
matthiasbalke, can you confirm that the issue is fixed for "Modern SCM > GIT"?
I get a quite similar issue for linked Pipeline Libraries where branch references can authenticate, but tag references are unable to.
Benjamin Asbach
added a comment - - edited matthiasbalke , can you confirm that the issue is fixed for "Modern SCM > GIT"?
I get a quite similar issue for linked Pipeline Libraries where branch references can authenticate, but tag references are unable to. We got the same problem as asbachb describes.
While using "Modern SCM > GIT", trying to fetch tag references fails like this:
... 12:51:26 Fetching origin... 12:51:26 Fetching upstream changes from origin 12:51:26 > git --version # timeout=10 12:51:26 > git --version # 'git version 2.11.0' 12:51:26 > git config --get remote.origin.url # timeout=10 12:51:26 > git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/* # timeout=10 12:51:26 ERROR: Checkout failed 12:51:26 hudson.plugins.git.GitException: Command "git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/*" returned status code 128: 12:51:26 stdout: 12:51:26 stderr: remote: HTTP Basic: Access denied ...
In case we use a branch it works. In case we use a tag, it doesn't.
When specifying the credential in the global scope instead of folder scope, we can also checkout the tag as intended.
Currently we're using: workflow-cps-global-lib-plugin 2.17
degelma please do not reopen issues in general. You can file a fresh issue in git-plugin with a Link to this one and complete, self-contained, minimal steps to reproduce from scratch.
Offhand sounds like a configuration error, though I am not sure. May depend on the particular retrieval method in use.