Jenkins Multibranch Pipeline fails because it runs in Groovy Sandbox - jenkins-pipeline

My Jenkins CI/CD build configuration was working and nothing changed until my last pull request and I need to get this working again.
The Multibranch Pipeline is configured to run a jenkinsfile from BitBucket SCM but this is now failing with the following error;
groovy.lang.MissingPropertyException: No such property: pipeline for class: groovy.lang.Binding
at groovy.lang.Binding.getVariable(Binding.java:63)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:130)
Script Security Plugin is installed and the In-process Script Approval has nothing listed to approve.
Permissive Script Security Plugin is installed and jenkins.xml is modified to include the -Dpermissive-script-security.enabled=true flag for running the .war.
These were implemented and working previously based on How can I disable security checks for Jenkins pipeline builds
As a test I created a Pipeline job which allows the Groovy Sandbox to be enabled and disabled. This was configured with the following cut down version of my pipeline script;
#!groovy
pipeline {
agent any
environment {
VERSION = "${env.MAJOR_VERSION}.${env.MINOR_VERSION}"
BUILD_LABEL = "MyProject ${env.VERSION} Build #${env.BUILD_NUMBER}"
BUILD_SOURCESDIRECTORY = "${WORKSPACE}\\src"
}
options {
copyArtifactPermission('MyProject-Deploy')
buildDiscarder(logRotator(numToKeepStr: '5', artifactNumToKeepStr: '5'))
}
parameters {
string (
defaultValue: '3',
description: 'MyProject Major Version',
name : 'MAJOR_VERSION')
string (
defaultValue: '7',
description: 'MyProject Minor Version',
name : 'MINOR_VERSION')
}
stages {
stage('Checkout Source') {
steps {
echo('checkout scm')
}
}
}
}
If I enabled Use Groovy Sandbox and run the job I get the same error;
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] End of Pipeline
groovy.lang.MissingPropertyException: No such property: pipeline for class: groovy.lang.Binding
at groovy.lang.Binding.getVariable(Binding.java:63)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:130)
If I disable Use Groovy Sandbox the pipeline script completes successfully;
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Running on Jenkins in C:\Jenkins-Workspace\Pipeline-Test
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Checkout Source)
[Pipeline] echo
checkout scm
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
How do I ensure I have a clean Jenkins configuration?
Should I attempt to downgrade Jenkins from v2.121.3?

Try downgrading the Script Security plugin from v1.45 to v1.44 and restarting Jenkins.
Just ran into this myself after updating plugins, although I'm not using the Permissive Script Security plugin.

It's fixed in version 1.46 of the script-security plugin.

Related

mvn clean package mvn: command not found

sudo: mvn: command not found
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
i've tried everything.
i'm running jenkins with username swapnil in terminal
environment variable is file
like if i do echo $PATH i get >>>/mnt/servers/apache-maven-3.8.6/bin
and i am able to build manually on terminal(mvn clean package)
in jenkins global tool configuration i have configured maven
maven Name: apache-maven-3.8.6
MAVEN_HOME = /mnt/servers/apache-maven-3.8.6
i'm getting really frustrated.... please help me

How to debug the following Jenkins error?

I just recently created a new Jenkins pipeline which is reading from Jenkinsfile script in the repository.
I created a branch and then committed this script to the repo. Now I am trying to build this branch on jenkins but I get the following error and I am not sure what I am doing wrong as I basically copied the Jenkinsfile from an existing repo which I can build successfully. This is my first build for this project but its not working. please advice. when it says 'skipped due to earlier failure' what does it mean and how to identify this failure?
Commit message: "Project Foundation"
Cleaning workspace
> git rev-parse --verify HEAD # timeout=10
Resetting working tree
> git reset --hard # timeout=10
> git clean -fdx # timeout=10
[Pipeline] sh
+ git describe --tags
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Build)
Stage "Build" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Test)
Stage "Test" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Publish Dev)
Stage "Publish Dev" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 128
Finished: FAILURE
Your repository seems to not have tags to be described.
Jenkins reaches to run sh shell script git describe --tags (see the plus sign + in the beginning of the line, which means it was run), but it fails fails with exit code 128, shown in the end of console output:
ERROR: script returned exit code 128
Apparently, git describe seems to exit with that code if there is nothing to describe (tags in your case).
To continue from here you can remove the line, or add ignore the error by adding || true to the command:
sh "git describe --tags || true"

how to fix - stageResult set to FAILURE but still get success in jenkins

I'm trying to create a very simple pipeline,
it has one stage and one step.
it uses the job 'build' I created as freestyle (which works) but I added an error (the parameter project name has a wrong value - 'test3' instead of 'test')
when I ran it, it stay green and send "success" although it failed - if I enter the log I'll see this:
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in C:\Program Files (x86)\Jenkins\workspace\pipeline testing
[Pipeline] {
[Pipeline] stage
[Pipeline] { (1)
[Pipeline] catchError
[Pipeline] {
[Pipeline] build (Building build)
Scheduling project: build
Starting building: build #62
[Pipeline] }
ERROR: build #62 completed with status FAILURE (propagate: false to ignore)
[Pipeline] // catchError
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
I tried using the new plugin:
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE')
which as I understand is suppose to send "FAILURE" for stage and "SUCCESS" for the build as a whole.
the stageResult doesn't work for me.
I tried adding "propagate: true" for the "build job:"
but it didn't help either.
this is the pipeline itself:
pipeline {
agent any
stages
{
stage('1')
{
steps
{
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE')
{
build job: 'build',parameters: [string(name: 'Project_Name', value: 'test3'),
string(name: 'Environment_Name', value: 'Dev_Env_1')]
}
}
}
}
}
This is a really "on the point" feature for what I need but it refuses to work.
Instead of getting a failure and continuing with the project I get success each time.
It does continue (if I have more stages) but the issue is that I need it to be red and tell me the stage failed instead of green with success.
I did updated my jenkins version to 2.192
pipeline groovy is 2.74
and "pipeline: basic steps" plugin to 2.18
EDIT: the solution in the end was to update all the rest of the plugins
Besides having following versions of plugins, seems (as discussed on chat) there were other plugins as well which had to be updated.
Pipeline Basic Steps: 2.18
Pipeline: Groovy version 2.74
Pipeline: Basic Steps version 2.18
After updating all the plugins in Plugins section's (http://<JENKINS_HOME>/pluginManager/) Updates tab, issue got resolved.

Why is the mvn command not found in this declarative jenkins pipeline script?

I got this example from https://jenkins.io/doc/book/pipeline/syntax/#tools
Pipeline Script:
pipeline {
agent any
tools {
maven 'apache-maven-3.3.9'
}
stages {
stage('Example') {
steps {
sh 'mvn --version'
}
}
}
}
apache-maven-3.3.9 is defined in my Global Tool Configuration.
The output of the script however is
Started by user *************
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Running on SRV-CI-MADE-UNIX in /home/jenkins/workspace/*************
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Tool Install)
[Pipeline] tool
[Pipeline] envVarsForTool
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Example)
[Pipeline] tool
[Pipeline] envVarsForTool
[Pipeline] withEnv
[Pipeline] {
[Pipeline] sh
+ mvn --version
/home/jenkins/workspace/*************#tmp/durable-d4209a18/script.sh: line 1: mvn: command not found
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
[BFA] Scanning build for known causes...
[BFA] No failure causes found
[BFA] Done. 0s
ERROR: script returned exit code 127
Finished: FAILURE
Why is the mvn command not found?
I know there are apparently other ways to do this, but this is the example from the Jenkins documentation itself...
It is the correct example (I tested it also), but it's working if you have only master node.
I think that you've just configured your Maven tool in Global Tool Configuration for master node, but I see that you executed your job on SRV-CI-MADE-UNIX node, and for this node you need also provide a correct Maven configuration.
So, to fix the issue I suppose that you need to do these steps:
provide the correct agent (instead of agent any) in pipeline configuration (e.g. master or SRV-CI-MADE-UNIX) for which Maven tool is configured;
install Maven on the specified node in the same directory as you configured in Global Tool Configuration or add your specific Maven tool location for this node in Manage Jenkins -> Manage Nodes -> <YOUR_NODE> -> Configure -> Node Properties -> Tool Locations

Jenkins pipeline works in UI but not from SCM

I decided to port all my Jenkins job over to Jenkins-pipeline. I did a simple test with the following Jenkinsfiles in to the UI:
pipeline {
agent any
stages {
stage('Clone Repo') {
steps {
git changelog: false, credentialsId: 'xxxxxxxxxx ', url: 'https://github.com/xxxxx/xxx.git'
}
}
}
}
This works fine. I created a repo in github and checked in this Jenkinsfile. I changes Jenkins to Pipeline script from SCM and it is finding the Jenkinsfile but falling over with the error message below. I know I've missed something basic, but reading all the documentations; I couldn't work it out. Any help is appreciated.
Here's the Jenkins job. There's a jenkinsfile the ndh_poc.
In the Script Path field, specify the location (and name) of your Jenkinsfile. This location is the one that Jenkins checks out/clones the repository containing your Jenkinsfile, which should match that of the repository’s file structure.
In your case if your jenkinsfile name is Jenkinsfile and is present within the directory ndh_poc at the root of your repository then the Script Path should be ndh_poc/Jenkinsfile

Resources