我正在尝试干燥我们的詹金斯管道之一并将一些逻辑移至共享库。我已将该库设置为全局共享库,但我仍然遇到我不明白的安全错误。据我了解,我的全局共享库不应该有这个问题。
我已经按照文档设置了共享库。我有一个单独的存储库。由于我只是想将重复的步骤包装到单个自定义步骤中,因此我的存储库如下所示:
在
vars
中,我有一个 groovy 文件,其中包含以下内容:
// vars/buildResolverMicroService.groovy
def call(String configFile, String artifactName, String versionString, String classifier) {
rtMavenRun (
tool: 'Maven', // Tool name from Jenkins configuration
pom: 'pom.xml',
goals: "clean package -P prod -Dloadme.file=${configFile}",
resolverId: "MAVEN_RESOLVER"
)
fileOperations([
/** Some file operations **/
])
zip(zipFile: "${artifactName}-${versionString}-${classifier}.zip", archive: true, dir: 'build/')
}
然后在我的 Jenkinsfile 中我这样做:
@Library("my-library@master") _
branch = env.BRANCH_NAME
version = '1.0.0'
versionString = branch == 'master' ? version : "${version}-SNAPSHOT"
artifactName = 'my-artifact'
pomFileName = "${artifactName}-${versionString}.pom"
repo = branch == 'master' ? 'Releases' : 'Snapshots'
repositoryLocation = "my/${repo}/in/artifactory"
currentBuild.displayName = branch == 'master' ? versionString : "${versionString}.${env.BUILD_NUMBER}"
artifactoryServerId = 'artifactory-repo1'
pipeline {
agent {
label 'my-agent'
}
stages {
stage ('Setup') {
steps {
rtServer (
id: 'Artifactory'
)
rtMavenResolver (
id: 'MAVEN_RESOLVER',
serverId: 'Artifactory'
)
/** more setup **/
}
}
stage ('Build Service 1') {
steps {
buildResolverMicroService configFile: 'config1.txt', classifier: 'service1'
}
}
stage ('Build Service 2') {
steps {
buildResolverMicroService configFile: 'config2.txt', classifier: 'service2'
}
}
/** Upload to artifactory **/
}
post {
always {
cleanWs()
}
}
}
构建将成功完成
Setup
阶段,但会失败,并出现我的自定义步骤中的以下异常:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.workflow.cps.CpsClosure2 buildResolverMicroService java.util.LinkedHashMap)
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:270)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:159)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:142)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
at WorkflowScript.run(WorkflowScript:100)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.delegateAndExecute(ModelInterpreter.groovy:137)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:661)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:395)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.catchRequiredContextForNode(ModelInterpreter.groovy:393)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.executeSingleStage(ModelInterpreter.groovy:660)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:288)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.toolsBlock(ModelInterpreter.groovy:544)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.toolsBlock(ModelInterpreter.groovy:543)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:276)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:443)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:442)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:275)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:481)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withCredentialsBlock(ModelInterpreter.groovy:480)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:274)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(ModelInterpreter.groovy:586)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(ModelInterpreter.groovy:585)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:272)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.stageInput(ModelInterpreter.groovy:356)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.stageInput(ModelInterpreter.groovy:355)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:261)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inWrappers(ModelInterpreter.groovy:613)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inWrappers(ModelInterpreter.groovy:612)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:259)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:443)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(ModelInterpreter.groovy:442)
at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.evaluateStage(ModelInterpreter.groovy:254)
at ___cps.transform___(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:86)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:113)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:83)
at sun.reflect.GeneratedMethodAccessor251.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.CollectionLiteralBlock$ContinuationImpl.dispatch(CollectionLiteralBlock.java:55)
at com.cloudbees.groovy.cps.impl.CollectionLiteralBlock$ContinuationImpl.item(CollectionLiteralBlock.java:45)
at sun.reflect.GeneratedMethodAccessor495.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
at com.cloudbees.groovy.cps.Next.step(Next.java:83)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129)
at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:185)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:400)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:96)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:312)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:276)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
有人对我做错了什么有任何想法吗?
这是一个老问题,但也许答案对某人仍然有用。
问题是你像这样声明了你的函数:
def call(String configFile, String artifactName, String versionString, String classifier) {
你这样称呼它:
buildResolverMicroService configFile: 'config1.txt', classifier: 'service1'
如果您使用恰好四个字符串值(按照您声明的方式)调用函数,那么它会起作用:
buildResolverMicroService 'config1.txt', 'myArtifactName', 'myVersionString', 'service1'
尽管您使用 groovy 的命名参数语法调用函数,但最终会尝试将所有命名参数捆绑到映射中并将其推到您的函数中。
你应该得到一个“没有这样的方法”错误或类似的错误,但是在 Jenkins 中,至少从 2016 年起就存在一个怪癖,即安全系统和标准 Groovy 方法解析顺序发生冲突,并输入了方法名称或调用如果参数类型错误,则会产生
RejectedAccessException
引用 groovy.lang.GroovyObject invokeMethod
。
你想要做的就是定义你的函数,如下所示:
// vars/buildResolverMicroService.groovy
def call(Map params = [:]) {
String configFile = params.containsKey('configFile') ? params.configFile : "defaultConfigFile.txt"
String artifactName = params.containsKey('artifactName') ? params.artifactName : "defaultArtifactName"
String versionString = params.containsKey('versionString') ? params.versionString : "1.0"
String classifier = params.containsKey('classifier') ? params.classifier : "default"
rtMavenRun (
tool: 'Maven', // Tool name from Jenkins configuration
pom: 'pom.xml',
goals: "clean package -P prod -Dloadme.file=${configFile}",
resolverId: "MAVEN_RESOLVER"
)
fileOperations([
/** Some file operations **/
])
zip(zipFile: "${artifactName}-${versionString}-${classifier}.zip", archive: true, dir: 'build/')
}
然后正常调用。