Pipelines with Jenkinsfile runs in a sandbox and thus you need to approve certain functions. Manage Jenkins -> In-process Script Approval
mandag 13. juni 2016 12.32.14 UTC+2 skrev Jerry Steele følgende: > > Thanks for getting me started on this. If you don't mind helping me > troubleshoot, I'll carry on: > > I think the parameterized version is the one I need, as I would like the > build tool to run with the $gitBranch argument of the new branch that has > just been created. However, when I attempt to run this job, I get the > following error: > > First time build. Skipping changelog. [Pipeline] End of Pipeline > org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts > not permitted to use method groovy.lang.Binding hasVariable java.lang.String > at > org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:160) > at > org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:119) > at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149) at > org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146) at > com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:15) > at WorkflowScript.run(WorkflowScript:4) at ___cps.transform___(Native > Method) at > com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:55) > at > com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:106) > at > com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:79) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) at > com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72) > at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21) > at com.cloudbees.groovy.cps.Next.step(Next.java:58) at > com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154) at > org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19) > at > org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33) > at > org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30) > at > org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108) > at > org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30) > at > org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164) > at > org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:276) > at > org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$000(CpsThreadGroup.java:78) > at > org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:185) > at > org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:183) > at > org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) at > hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112) > at > jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) Finished: FAILURE > > This seems to suggest that the if statement is not possible for security > reasons. Is the branch name exposed as an environment variable that I can > grab in the Jenkinsfile? Or alternatively, can I change the security > settings to allow the script to run? > > Thanks! > > > On Friday, 10 June 2016 20:31:18 UTC+1, Craig Rodrigues wrote: >> >> Hi, >> >> You can try something like this to get started: >> >> >> def gitUrl = "https://github.com/twisted/twisted.git"; >> def gitBranch = "trunk" >> >> node { >> stage "Check out from Git" >> git branch: "$gitBranch", url: "$gitUrl" >> >> stage "Build code" >> sh "sudo -Hs build_tool arg1 $gitUrl subproject_a $gitBranch" >> } >> >> >> >> I would recommend going further. Make your Pipeline job parameterized. >> Add a parameter GIT_BRANCH, >> and set the default value of that to the branch you want to build in that >> specific job. >> >> >> def gitUrl = "https://github.com/twisted/twisted.git"; >> def gitBranch >> >> if (getBinding().hasVariable("GIT_BRANCH")) { >> gitBranch = GIT_BRANCH >> } >> >> node { >> stage "Check out from Git" >> git branch: "$gitBranch", url: "$gitUrl" >> >> stage "Build code" >> sh "sudo -Hs build_tool arg1 $gitUrl subproject_a $gitBranch" >> } >> >> >> >> You can add more build parameters as you need. >> >> -- >> Craig >> >> On Fri, Jun 10, 2016 at 8:40 AM, Jerry Steele <tickto...@gmail.com> >> wrote: >> >>> Hello, >>> >>> I'm looking into getting Jenkins to build feature branches for our >>> github projects, but I'm not entirely sure where to start. Pipeline looks >>> like it might fit the bill, but I'm having trouble getting my head round >>> the Jenkinsfile. I've found the online docs and the "Groovy" generator but >>> am not really sure how to tie it all together. If anyone has a bit oftime >>> to help me, that would be great :) >>> >>> We currently use our own build tool to test code as deployed to github, >>> then build the artifacts into a debian package which is uploaded to Amazon >>> S3 and deployed by hand later. >>> >>> We currently have separate jobs for each of the major branches of our >>> project: >>> >>> subproject_a-qa >>> subproject_a-staging >>> subproject_a-production >>> >>> subproject_b-qa >>> subproject_b-staging >>> subproject_b-production >>> >>> subproject_c-qa >>> subproject_c-staging >>> subproject_c-production >>> >>> The jobs are very simple - they poll github, looking at a specific >>> branch, then if that has changed, they will execute a shell script which >>> looks like this (generic): >>> >>> sudo -Hs build_tool arg1 $GIT_URL <subproject_a> <environment(qa/staging >>> /prod)> >>> >>> So, what I'd need is something that builds the following jobs when a >>> feature branch is pushed to look something like: >>> >>> sudo -Hs build_tool arg1 $GIT_URL <subproject_a> <feature_branch_name> >>> sudo -Hs build_tool arg1 $GIT_URL <subproject_b> <feature_branch_name> >>> sudo -Hs build_tool arg1 $GIT_URL <subproject_c> <feature_branch_name> >>> >>> Or else, know how to build those. >>> >>> Is this possible with Pipeline? Or am I looking at the wrong tool here? >>> I've started a multibranch test project, but am basically stuck at the >>> Jenkinsfile stage, and most tutorials appear to refer to using mvn, which >>> I'm not familiar with. the build tool is written in Python and is testing >>> building for Ruby on Rails :) >>> >>> Any help very much appreciated. Any more info needed, please let me >>> know... >>> >>> Thanks >>> >>> Jerry >>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/649bffd5-727d-49a5-991b-67ee068dcb4a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
