Cannot use scm object for new checkout steps when switching to personal api tokens

ExportXMLWordPrintable

    • Type: Improvement
    • Resolution: Won't Do
    • Priority: Major
    • Component/s: bitbucket-branch-source-plugin
    • Environment:
      bitbucket cloud
      cloudbees CI: 2.541.3.36069-rolling
      plugin-version: 937.2.5

      We are transitioning our jobs from personal app passwords to personal api tokens.
      We configured our credential using a username+password secret where the username is the service account email and the password  is the scoped personal api token generated.

      This works reliably for most of our multibranch pipeline jobs relying ona a single repository clone.

      However, some require a second checkout step to pull a second repository at a given reference. For the use case at hand this design is not replaceable by git submodules or by defining multiple repos within the multibranch as the reference is resolved only during the pipeline execution.

      We initially set our jobs to use personal app passwords and were successful doing a second checkout step reusing the credentials used by the multibranch configuration. The situation with personal api tokens stopped working, probably due to the username now being the email rather than the Bitbucket account username. This impacts also any job not relying on branch source plugin but by a simple git scm where the same personal app password credentials were used.

      We can work around the issue by having two set of credentials, one where the username is the account email and another where the actual username is defined, but I feel this as a degraded experience over personal app passwords.

       Besides coping with the fact that all jobs using the previous app password have to change the credentials to point to username+PAT credentials, I wonder if it possible to retrieve the expected git credentials to perform a second pull in multibranch pipelines.

      In the following the existing call for the second checkout, that has stopped working with personal api tokens:
       

      def newExtensions = scm.extensions.findAll {
    !(it instanceof hudson.plugins.git.extensions.impl.CloneOption)
}

newExtensions << [
    $class: 'CloneOption',
    shallow: false,
    noTags: false
]


$class: 'GitSCM',
branches: [
    [
        name: theTargetBranch
    ]
],
extensions: newExtensions,
doGenerateSubmoduleConfigurations: scm.doGenerateSubmoduleConfigurations,
userRemoteConfigs: scm.userRemoteConfigs.collect {
    remoteConfigs -> [
        url: theSecondRepo,
        // reuse credentials
        credentialsId: remoteConfigs.credentialsId
    ]
}

            Assignee:
            Nikolas Falco
            Reporter:
            Diego
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: