问题
I'm trying to publish to Docker from my Jenkins Pipeline but most things I try result in an error. My latest try was this:
docker.withDockerRegistry('https://docker-registry.myco.com/lsacco/swagger-rest', 'docker-credential') {
def image = docker.image(APPLICATION_NAME);
image.tag("latest");
image.push()
}
When I run this, Jenkins outputs this error:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.docker.workflow.Docker withDockerRegistry java.lang.String java.lang.String org.jenkinsci.plugins.workflow.cps.CpsClosure2)
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:163)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:78)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:69)
at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:15)
at WorkflowScript.dockerDeploy(WorkflowScript:290)
at WorkflowScript.run(WorkflowScript:76)
at ___cps.transform___(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:55)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:106)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:79)
at sun.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ClosureBlock.eval(ClosureBlock.java:40)
at com.cloudbees.groovy.cps.Next.step(Next.java:58)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:106)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:164)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:277)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$000(CpsThreadGroup.java:77)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:186)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:184)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:47)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I'm running on the latest Jenkins with all the latest plugin updates. Any ideas?
1.642.2 Jenkins
Plugins.txt
ace-editor:1.1
ant:1.2
antisamy-markup-formatter:1.3
async-http-client:1.7.24
aws-credentials:1.12
aws-java-sdk:1.10.45
branch-api:1.3
build-token-root:1.3
cloudbees-folder:5.3
conditional-buildstep:1.3.3
config-file-provider:2.10.0
copy-to-slave:1.4.4
copyartifact:1.37
credentials-binding:1.7
credentials:1.25
cvs:2.12
docker-build-publish:1.1
docker-commons:1.3.1
docker-custom-build-environment:1.6.4
docker-traceability:1.1
docker-workflow:1.4
dockerhub-notification:1.0.2
durable-task:1.8
envinject:1.92.1
external-monitor-job:1.4
git-client:1.19.6
git-server:1.6
git:2.4.2
github-api:1.72.1
github:1.17.1
handlebars:1.1.1
jackson2-api:2.5.4
javadoc:1.3
jenkins-jira-issue-updater:1.18
jira:2.2
job-dsl:1.44
jquery:1.11.2-0
jquery-detached:1.2.1
junit:1.11
ldap:1.11
mailer:1.16
managed-scripts:1.2.1
mapdb-api:1.0.6.0
mask-passwords:2.8
matrix-auth:1.3.2
matrix-project:1.6
maven-plugin:2.12.1
momentjs:1.1.1
multi-branch-project-plugin:0.4.1
node-iterator-api:1.5
nodelabelparameter:1.7.1
pam-auth:1.2
Parameterized-Remote-Trigger:2.2.2
parameterized-trigger:2.30
pipeline-rest-api:1.0
pipeline-stage-view:1.0
plain-credentials:1.1
promoted-builds:2.25
rebuild:1.25
run-condition:1.0
scm-api:1.1
script-security:1.17
skip-certificate-check:1.0
ssh-credentials:1.11
ssh-slaves:1.10
subversion:2.5.7
swarm:2.0
timestamper:1.7.4
token-macro:1.12.1
translation:1.12
vsphere-cloud:2.11
workflow-aggregator:1.15
workflow-api:1.15
workflow-basic-steps:1.15
workflow-cps-global-lib:1.15
workflow-cps:1.15
workflow-durable-task-step:1.15
workflow-job:1.15
workflow-multibranch:1.15
workflow-scm-step:1.15
workflow-step-api:1.15
workflow-support:1.15
回答1:
I was able to get around this by installing docker-io on my slave from this Docker image and using a separate Docker host that could service the calls I needed to make to build, run and push my docker image to my registry.
I ended up using the following script to resolve this:
docker.withServer(DOCKER_MACHINE_HOSTNAME) {
def image = docker.build(DOCKER_TAG, '.')
// Test container then stop and remove it
def container = image.run('--name ' + DOCKER_CONTAINER_NAME)
container.stop()
docker.withRegistry(DOCKER_REGISTRY, QUAY_CREDENTIALS_ID ) {
image.push(DOCKER_APPLICATION_TAG)
}
}
回答2:
Maybe it's related to this issue: https://issues.jenkins-ci.org/browse/JENKINS-30414
As explained in the latest comment, The Script Security plugin can be the problem.
来源:https://stackoverflow.com/questions/36052316/docker-plugin-for-jenkins-error-scripts-not-permitted-to-use-method