Details
-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 2.263.2
cloudbees-folder 6.15
git 4.5.2
workflow-cps-global-lib 2.17
workflow-scm-step 2.11
-
-
4.10.0
Description
Loading a shared library (checkout) from a tag does not use the provided credentials, if they're specified via the folder plugin:
lib = library(
identifier: "my_repo@tag",
retriever: modernSCM(
[$class: 'GitSCMSource',
remote: "https://path/to/my_repo.git",
credentialsId: 'my_user_credentials_in_folder_scope'],
traits: [gitBranchDiscovery(), gitTagDiscovery()]
)
)
When using a branch name as version (identifier: "my_repo@branch_name"), the library is checked out correctly:
Running in Durability level: MAX_SURVIVABILITY [Pipeline] Start of Pipeline [Pipeline] echo Using legacySCM [Pipeline] library Loading library my_repo@master Selected Git installation does not exist. Using Default The recommended git tool is: NONE using credential test > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url https://path/to/my_repo.git # timeout=10 Fetching upstream changes from https://path/to/my_repo.git > git --version # timeout=10 > git --version # 'git version 2.11.0' using GIT_ASKPASS to set credentials > git fetch --tags --progress -- https://path/to/my_repo.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 Checking out Revision 43ecdf79f1e479252fd29d429eba29323364bf46 (refs/remotes/origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f 43ecdf79f1e479252fd29d429eba29323364bf46 # timeout=10 Commit message: "Merge branch 'release/2.2.0'" > git rev-list --no-walk 43ecdf79f1e479252fd29d429eba29323364bf46 # timeout=10 [Pipeline] End of Pipeline Finished: SUCCESS
But when using a tag, the checkout fails with the access being denied:
Running in Durability level: MAX_SURVIVABILITY [Pipeline] Start of Pipeline [Pipeline] echo Using modernSCM [Pipeline] library Loading library my_repo@1.1.0 Attempting to resolve 1.1.0 from remote references... > git --version # timeout=10 > git --version # 'git version 2.11.0' using GIT_ASKPASS to set credentials > git ls-remote -h -t -- https://path/to/my_repo.git # timeout=10 Found match: refs/tags/1.1.0 revision 81fc8536284ca1c5fb526127b2b9e3349722f39c Resolving tag commit... (remote references may be a lightweight tag or an annotated tag) > git rev-parse --is-inside-work-tree # timeout=10 Setting origin to https://path/to/my_repo.git > git config remote.origin.url https://path/to/my_repo.git # timeout=10 Fetching origin... Fetching upstream changes from origin > git --version # timeout=10 > git --version # 'git version 2.11.0' > git config --get remote.origin.url # timeout=10 > git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/* # timeout=10 ERROR: Checkout failed hudson.plugins.git.GitException: Command "git fetch --tags --progress -- origin +refs/heads/*:refs/remotes/origin/*" returned status code 128: stdout: stderr: remote: HTTP Basic: Access denied fatal: Authentication failed for 'https://path/to/my_repo.git/' at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2450) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2051) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:84) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:573) at jenkins.plugins.git.AbstractGitSCMSource.doRetrieve(AbstractGitSCMSource.java:370) at jenkins.plugins.git.AbstractGitSCMSource.doRetrieve(AbstractGitSCMSource.java:330) at jenkins.plugins.git.AbstractGitSCMSource.retrieve(AbstractGitSCMSource.java:956) at jenkins.scm.api.SCMSource.fetch(SCMSource.java:636) at org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever.lambda$retrieve$0(SCMSourceRetriever.java:92) at org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever.retrySCMOperation(SCMSourceRetriever.java:107) at org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever.retrieve(SCMSourceRetriever.java:92) at org.jenkinsci.plugins.workflow.libs.LibraryAdder.retrieve(LibraryAdder.java:157) at org.jenkinsci.plugins.workflow.libs.LibraryStep$Execution.run(LibraryStep.java:205) at org.jenkinsci.plugins.workflow.libs.LibraryStep$Execution.run(LibraryStep.java:154) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47) at hudson.security.ACL.impersonate(ACL.java:367) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
The issue only occurs with folder scoped credentials. When specifying the credential in the global scope instead of folder scope, we can also checkout the tag as intended.
Attachments
Issue Links
- is duplicated by
-
-
- Open
-
- relates to
-
-
- Resolved
-
-
-
- Closed
-
- links to
