Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53700

Script Approval: Pending script approvals not filled when using declarative pipeline

    Details

    • Similar Issues:

      Description

      When using a declarative pipeline script (that gets imported via Git and contains method signatures that need script approval) and run the job, it fails and the signatures do not appear at the script-approval section.

      When instead rewriting the script to a scripted pipeline the job also fails, but the signatures appear in the script-approval section and after accepting all of then the script runs without errors.

      Steps to reproduce:

      1. First ensure, that you currently have no script approvals
      2. Write a script with methods that need script approvals (I provided example scripts that result in the above described behaviour)
      1. First run the declarative pipeline, then the scripted pipeline

      My example declarative pipeline:

      pipeline {
        agent { label 'master' }
        stages {
      	    stage ('Check Parameters') {
      	        steps {
                          error 'Unknown releaseType selected.'
                      }
      	    }
        }
        post {
              failure {
                  checkFailing()
              }
          }
      }
      
      def failingForAtLeast(build, n) {
          def failed = build.result.isWorseThan(hudson.model.Result.SUCCESS );
          if( n <= 1 ) {
              return failed;
          } else if ( failed && build.previousBuild != null) {
              return failingForAtLeast(build.previousBuild, n-1);
          } else {
              return false;
          }
      }
      
      def checkFailing() {
          if ( failingForAtLeast(manager.build, 1)) {
              echo "Foo"
          }
      }
      
      

      My example scripted pipeline:

      node {
          try {
              stage ('Check Parameters') {
                  error 'Unknown releaseType selected.'
              }
          } catch (exc) {
                  echo 'Something failed, I should sound the klaxons!'
                  checkFailing()
          }
      }
      
      def failingForAtLeast(build, n) {
          def failed = build.result.isWorseThan(hudson.model.Result.SUCCESS );
          if( n <= 1 ) {
              return failed;
          } else if ( failed && build.previousBuild != null) {
              return failingForAtLeast(build.previousBuild, n-1);
          } else {
              return false;
          }
      }
      
      def checkFailing() {
      
          if ( failingForAtLeast(manager.build.previousBuild, 1)) {
              echo "Foo"
          }
      }
      

      After approving the methods with the scripted pipeline, my declarative pipeline also runs without problems, so first writing a scripted pipeline to approve the methods worked for me as a workarround.

        Attachments

          Activity

          Hide
          abayer Andrew Bayer added a comment -

          Yeah, Declarative catches and handles exceptions internally, so the RejectedAccessException may not manage to make it to the surface. As a result, it never makes it to Script Approval.

          I need to think on this a bit - will update later.

          Show
          abayer Andrew Bayer added a comment - Yeah, Declarative catches and handles exceptions internally, so the RejectedAccessException may not manage to make it to the surface. As a result, it never makes it to Script Approval. I need to think on this a bit - will update later.
          Hide
          kinnairdm Kinnaird McQuade added a comment -

          Andrew Bayer - any suggestions? This is causing some issues for us. Thanks.

          Show
          kinnairdm Kinnaird McQuade added a comment - Andrew Bayer - any suggestions? This is causing some issues for us. Thanks.

            People

            • Assignee:
              abayer Andrew Bayer
              Reporter:
              stefanwegener Stefan Wegener
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: