Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60594

workflow-scm-step plugin does not use global credentials if used inside shared library

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Minor Minor
    • workflow-scm-step-plugin
    • None
    • Jenkins 2.204.1
      Credentials plugin 2.3.0
      Credentials Binding Plugin 1.20
      Pipeline SCM Step plugin 2.9

      When executing a GIT checkout with a SSH URL I can provide a credetialID (username with private key file) and the GIT repository is cloned using the credentials provided. So far so good.

      If I now move the checkout directive into a custom tag of a shared library and provide the credentialID from outside, the use of the credentials fails and the GIT repository cannot be accessed.

      GIT checkout from within pipeline script (works):

       

      checkout([$class: 'GitSCM',
branches: [[name: "MyBranch"]],
doGenerateSubmoduleConfigurations: false,
extensions: optionalExtensions,
submoduleCfg: [],
userRemoteConfigs: [[url: 'ssh://..'], [credentialsId: 'MyGitCredentials']])

      For easier use of the checkout command, I created a custom tag in a shared library that ony takes a subset of the possible arguments.

      import groovy.transform.Field

@Field def zielverzeichnis
@Field def url
@Field def branchName = "master"
@Field def cleanAfterCheckout = false
@Field def cleanBeforeCheckout = false
@Field def credentialsId = null

def call (Map p = [:]) {
	def		scmVars
	
	branchName = "master"
	cleanAfterCheckout = false
	cleanBeforeCheckout = false
	credentialsId = null
	if (p.containsKey('zielverzeichnis')) {
		zielverzeichnis = p['zielverzeichnis']
	}
	if (p.containsKey('url')) {
		url = p['url']
	}
	if (p.containsKey('branchName')) {
		branchName = p['branchName']
	}
	if (p.containsKey('cleanAfterCheckout')) {
		cleanAfterCheckout = p['cleanAfterCheckout']
	}
	if (p.containsKey('cleanBeforeCheckout')) {
		cleanBeforeCheckout = p['cleanBeforeCheckout']
	}
	if (p.containsKey('credentialsId')) {
		credentialsId = p['credentialsId']
	}

	optionalExtensions = []
	if (cleanBeforeCheckout) {
		optionalExtensions.add([$class: 'CleanBeforeCheckout'])
	}
	if (cleanAfterCheckout) {
		optionalExtensions.add([$class: 'CleanCheckout'])
	}
	userRemoteConfigs = []
	if (null != credentialsId) {
		userRemoteConfigs.add([credentialsId: "${credentialsId}"])
	}
	userRemoteConfigs.add([url: "${url}"])
	
	dir(zielverzeichnis) {
		scmVars = checkout([$class: 'GitSCM', 
			branches: [[name: "${branchName}"]], 
			doGenerateSubmoduleConfigurations: false, 
			extensions: optionalExtensions, 
			submoduleCfg: [], 
			userRemoteConfigs: userRemoteConfigs])
	}
	
	return (scmVars)
}

      If this custom tag is used in a pipeline script as follows

      checkoutGIT(
zielverzeichnis: "${env.GIT_CLONE_DIR}/${env.JOB_BASE_NAME}/Container.git",
url: "ssh://lvkdedevt01.dsv-gruppe.de/work/git-repositories/Container.git",
branchName: "${BRANCH_REF}",
credentialsId: "Git_lvkdedevt01"
)

      The credentials defined in "Git_lvkdedevt01' seems not to be used. From the output of the pipline's log I see

      Running in /root/git-clones/Pipeline-Test/Container.git
[Pipeline] {
[Pipeline] checkout
using credential Git_lvkdedevt01
No credentials specified
 > /usr/bin/git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > /usr/bin/git config remote.origin1.url ssh://lvkdedevt01.dsv-

      First there is a log that the credentials 'Git_lvkdedevt01' are used, on next line the log displays that no credentials are used.

            Unassigned Unassigned
            ulrichl8969 Ulrich Lohrmann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: