Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jenkins Multibranch Pipeline fails because it runs in Groovy Sandbox

My Jenkins CI/CD build configuration was working and nothing changed until my last pull request and I need to get this working again.

The Multibranch Pipeline is configured to run a jenkinsfile from BitBucket SCM but this is now failing with the following error;

groovy.lang.MissingPropertyException: No such property: pipeline for class: groovy.lang.Binding
    at groovy.lang.Binding.getVariable(Binding.java:63)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:130)

Script Security Plugin is installed and the In-process Script Approval has nothing listed to approve.

Permissive Script Security Plugin is installed and jenkins.xml is modified to include the -Dpermissive-script-security.enabled=true flag for running the .war.

These were implemented and working previously based on How can I disable security checks for Jenkins pipeline builds

As a test I created a Pipeline job which allows the Groovy Sandbox to be enabled and disabled. This was configured with the following cut down version of my pipeline script;

#!groovy

pipeline {

    agent any

    environment {
        VERSION = "${env.MAJOR_VERSION}.${env.MINOR_VERSION}"
        BUILD_LABEL = "MyProject ${env.VERSION} Build #${env.BUILD_NUMBER}"
        BUILD_SOURCESDIRECTORY = "${WORKSPACE}\\src"
    }

    options {
        copyArtifactPermission('MyProject-Deploy')
        buildDiscarder(logRotator(numToKeepStr: '5', artifactNumToKeepStr: '5'))
    }

    parameters {
        string (
            defaultValue: '3',
            description: 'MyProject Major Version',
            name : 'MAJOR_VERSION')
        string (
            defaultValue: '7',
            description: 'MyProject Minor Version',
            name : 'MINOR_VERSION')
    }

    stages {

        stage('Checkout Source') {
            steps {             
                echo('checkout scm')                
            }
        }
    }
}

If I enabled Use Groovy Sandbox and run the job I get the same error;

Running in Durability level: MAX_SURVIVABILITY
[Pipeline] End of Pipeline
groovy.lang.MissingPropertyException: No such property: pipeline for class: groovy.lang.Binding
    at groovy.lang.Binding.getVariable(Binding.java:63)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:130)

If I disable Use Groovy Sandbox the pipeline script completes successfully;

Running in Durability level: MAX_SURVIVABILITY
[Pipeline] node
Running on Jenkins in C:\Jenkins-Workspace\Pipeline-Test
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Checkout Source)
[Pipeline] echo
checkout scm
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
  • How do I ensure I have a clean Jenkins configuration?
  • Should I attempt to downgrade Jenkins from v2.121.3?
like image 554
Dave Anderson Avatar asked Sep 05 '18 05:09

Dave Anderson


People also ask

How do I enable the Multibranch pipeline in Jenkins?

Head over to your Jenkins instance and create a new item. Enter a name for the job, and select the “Multibranch Pipeline” option at the end of the screen. Then, click on the OK button. In the next screen, go to the “Branch sources” tab, click on the “Add source” button, and choose “Git” from the dropdown menu.

Why would a job in Jenkins Multibranch pipeline gets disabled?

If there is no Jenkinsfile at the root of the repository or if the name is misspelled or is with different letters casing, like JenkinsFile, the job will be disabled.

What is use Groovy sandbox in Jenkins?

The option “Use Groovy Sandbox,” shown below, is available in the Pipeline tab, and it allows the scripts to be run by any user without requiring administrator privileges. In this case, the script is run only by using the internal accessible APIs (which allow you to develop your script by using Groovy).

What is the reason for Groovy sandbox?

To reduce manual interventions by Administrators, most scripts will run in a Groovy Sandbox by default, including all Jenkins Pipelines. The sandbox only allows a subset of Groovy's methods deemed sufficiently safe for "untrusted" access to be executed without prior approval.


2 Answers

It's fixed in version 1.46 of the script-security plugin.

like image 41
tarantoga Avatar answered Sep 26 '22 02:09

tarantoga


Try downgrading the Script Security plugin from v1.45 to v1.44 and restarting Jenkins.

Just ran into this myself after updating plugins, although I'm not using the Permissive Script Security plugin.

like image 52
David Lord Avatar answered Sep 24 '22 02:09

David Lord