Checkout single file from SCM (groovy)

[Carles Capdevila Tejada]

Hi there,

I'd like to implement a groovy script which checks out the contents of a single file from the SCM(be it Git,SVN...). I took a look into the insides of the Branch Source plugin to see how it gets only the Jenkinsfile, but still haven't gotten anything from it. I've also seen that, in the SCM API plugin the abstract class SCMFileSystem is able to retrieve a SCMFile, from which you can retrieve the contents. So I began writing a script to try and checkout something from GitHub with classes from the GitHub branch source implementation:

import jenkins.plugins.git.AbstractGitSCMSource;
import jenkins.plugins.git.AbstractGitSCMSource.SCMRevisionImpl;
import org.jenkinsci.plugins.github_branch_source.BranchSCMHead;

def revision = new AbstractGitSCMSource.SCMRevisionImpl(new BranchSCMHead("master"),"861fd864153dff3bd5e761b42be5ad63cc4a95a1");

Unfortunately an exception is thrown saying that "Scripts are not permitted to use new":

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new 
org.jenkinsci.plugins.github_branch_source.BranchSCMHead java.lang.String
...

And I see that "new String()" may be blacklisted just like in this issue.
I'd like to know if checking a single file from SCM is possible and if this is the right approach.

Any help would be appreciated. Thank you for your attention!

[Jesse Glick]

On Thu, Sep 21, 2017 at 11:04 AM, Carles Capdevila Tejada
<capde...@gmail.com> wrote:
> I've also seen that, in the SCM API
> plugin the abstract class SCMFileSystem is able to retrieve a SCMFile, from
> which you can retrieve the contents.

Yes: http://javadoc.jenkins.io/scm-api/jenkins/scm/api/SCMFileSystem.html

> Unfortunately an exception is thrown saying that "Scripts are not permitted
> to use new":

You will not be able to write such a script in Groovy sandbox mode:
https://plugins.jenkins.io/script-security

I am not sure where you are going with this (and why you are posting
to the dev list). Did you mean to write a plugin for some purpose? Or
did you just not know of the existence of

https://jenkins.io/doc/pipeline/steps/workflow-multibranch/#readtrusted-read-trusted-file-from-scm

?

[Baptiste Mathus]

Probably not a dev list question.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2xJSs8asxtz848eLTyNx8B3wiAn6nZPrrErmdCcVWJwA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Carles Capdevila Tejada]

 
I am not sure where you are going with this (and why you are posting
to the dev list). Did you mean to write a plugin for some purpose?

I thought that maybe I'd have to write a plugin with a step to do those specific SCM things. But you're right, I should've written first to the users list given that we're talking about groovy scripts. Should this be moved to the users list?

 

Or
did you just not know of the existence of  

https://jenkins.io/doc/pipeline/steps/workflow-multibranch/#readtrusted-read-trusted-file-from-scm

?

Thank you very much, I didn't know about the readTrusted step and it fits my needs exactly.