Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60594

workflow-scm-step plugin does not use global credentials if used inside shared library

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Labels:
      None
    • Environment:
      Jenkins 2.204.1
      Credentials plugin 2.3.0
      Credentials Binding Plugin 1.20
      Pipeline SCM Step plugin 2.9
    • Similar Issues:

      Description

      When executing a GIT checkout with a SSH URL I can provide a credetialID (username with private key file) and the GIT repository is cloned using the credentials provided. So far so good.

      If I now move the checkout directive into a custom tag of a shared library and provide the credentialID from outside, the use of the credentials fails and the GIT repository cannot be accessed.

      GIT checkout from within pipeline script (works):

       

      checkout([$class: 'GitSCM',
      branches: [[name: "MyBranch"]],
      doGenerateSubmoduleConfigurations: false,
      extensions: optionalExtensions,
      submoduleCfg: [],
      userRemoteConfigs: [[url: 'ssh://..'], [credentialsId: 'MyGitCredentials']])
      

      For easier use of the checkout command, I created a custom tag in a shared library that ony takes a subset of the possible arguments.

      import groovy.transform.Field
      
      @Field def zielverzeichnis
      @Field def url
      @Field def branchName = "master"
      @Field def cleanAfterCheckout = false
      @Field def cleanBeforeCheckout = false
      @Field def credentialsId = null
      
      def call (Map p = [:]) {
      	def		scmVars
      	
      	branchName = "master"
      	cleanAfterCheckout = false
      	cleanBeforeCheckout = false
      	credentialsId = null
      	if (p.containsKey('zielverzeichnis')) {
      		zielverzeichnis = p['zielverzeichnis']
      	}
      	if (p.containsKey('url')) {
      		url = p['url']
      	}
      	if (p.containsKey('branchName')) {
      		branchName = p['branchName']
      	}
      	if (p.containsKey('cleanAfterCheckout')) {
      		cleanAfterCheckout = p['cleanAfterCheckout']
      	}
      	if (p.containsKey('cleanBeforeCheckout')) {
      		cleanBeforeCheckout = p['cleanBeforeCheckout']
      	}
      	if (p.containsKey('credentialsId')) {
      		credentialsId = p['credentialsId']
      	}
      
      	optionalExtensions = []
      	if (cleanBeforeCheckout) {
      		optionalExtensions.add([$class: 'CleanBeforeCheckout'])
      	}
      	if (cleanAfterCheckout) {
      		optionalExtensions.add([$class: 'CleanCheckout'])
      	}
      	userRemoteConfigs = []
      	if (null != credentialsId) {
      		userRemoteConfigs.add([credentialsId: "${credentialsId}"])
      	}
      	userRemoteConfigs.add([url: "${url}"])
      	
      	dir(zielverzeichnis) {
      		scmVars = checkout([$class: 'GitSCM', 
      			branches: [[name: "${branchName}"]], 
      			doGenerateSubmoduleConfigurations: false, 
      			extensions: optionalExtensions, 
      			submoduleCfg: [], 
      			userRemoteConfigs: userRemoteConfigs])
      	}
      	
      	return (scmVars)
      }
      
      

      If this custom tag is used in a pipeline script as follows

      checkoutGIT(
      zielverzeichnis: "${env.GIT_CLONE_DIR}/${env.JOB_BASE_NAME}/Container.git",
      url: "ssh://lvkdedevt01.dsv-gruppe.de/work/git-repositories/Container.git",
      branchName: "${BRANCH_REF}",
      credentialsId: "Git_lvkdedevt01"
      )
      
      

      The credentials defined in "Git_lvkdedevt01' seems not to be used. From the output of the pipline's log I see

      Running in /root/git-clones/Pipeline-Test/Container.git
      [Pipeline] {
      [Pipeline] checkout
      using credential Git_lvkdedevt01
      No credentials specified
       > /usr/bin/git rev-parse --is-inside-work-tree # timeout=10
      Fetching changes from the remote Git repository
       > /usr/bin/git config remote.origin1.url ssh://lvkdedevt01.dsv-
      

      First there is a log that the credentials 'Git_lvkdedevt01' are used, on next line the log displays that no credentials are used.

        Attachments

          Activity

          ulrichl8969 Ulrich Lohrmann created issue -
          ulrichl8969 Ulrich Lohrmann made changes -
          Field Original Value New Value
          Resolution Not A Defect [ 7 ]
          Status Open [ 1 ] Closed [ 6 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ulrichl8969 Ulrich Lohrmann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: