Helm job-dsl pipelineJob UnapprovedUsageException: script not yet approved for use at

Hello! What add to scriptApproval for fixed this error?

Error when run job-name:

org.jenkinsci.plugins.scriptsecurity.scripts.UnapprovedUsageException: script not yet approved for use at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.using(ScriptApproval.java:489) at org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition.create(CpsFlowDefinition.java:124) at org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition.create(CpsFlowDefinition.java:70) at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:311) at hudson.model.ResourceController.execute(ResourceController.java:101) at hudson.model.Executor.run(Executor.java:442)

Config

---
controller:
  tag: "2.346.2-jdk11"
  imagePullPolicy: "IfNotPresent"
  numExecutors: 0

  additionalPlugins:
    - google-login:1.6
    - job-dsl:1.81
    - allure-jenkins-plugin:2.30.2
    - ws-cleanup:0.42
    - build-timeout:1.21
    - timestamper:1.18
    - google-storage-plugin:1.5.6

  JCasC:
    configScripts:
      jenkins-configuration: |
        jenkins:
          systemMessage: This Jenkins is configured and managed 'as code' by Managed Cloud team.
      freestyle-jobs: |
        jobs:
          - script: >
              pipelineJob('job-name') {
                definition {
                  cps {
                    script('''
                      pipeline {
                        agent any
                        stages {
                          stage('Stage name 1') {
                            steps {
                              shell('echo Hello World!')
                            }
                          }
                          stage('Stage name 2') {
                            steps {
                              shell('echo Hello World!')
                            }
                          }
                        }
                      }
                  ''')   
                  }
                }
              }
          - script: >
              job('job2') {
                logRotator(120, -1, 1, -1)
                authenticationToken('secret')
                wrappers {
                    preBuildCleanup()
                    timestamps()
                    timeout {
                        absolute(10)
                    }
                }
                steps {
                  shell('echo $PWD;ls -l')
                }
              }
      views: |
        jenkins:
          views:
            - all:
                name: "all"
            - list:
                columns:
                - "status"
                - "weather"
                - "jobName"
                - "lastSuccess"
                - "lastFailure"
                - "lastDuration"
                - "buildButton"
                jobNames:
                - "job1"
                name: "stage"
            - list:
                columns:
                - "status"
                - "weather"
                - "jobName"
                - "lastSuccess"
                - "lastFailure"
                - "lastDuration"
                - "buildButton"
                jobNames:
                - "job2"
                name: "test"
          viewsTabBar: "standard"
    securityRealm: |-
      googleOAuth2:
        clientId: "xx-xxx.apps.googleusercontent.com"
        clientSecret: "xxx-xxx"
        domain: ""
    authorizationStrategy: |-
      loggedInUsersCanDoAnything:
        allowAnonymousRead: false

  ingress:
    enabled: true
    ingressClassName: nginx
    apiVersion: networking.k8s.io/v1
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
    hostName: xxx
    tls:
     - secretName: jenkins-tls
       hosts:
         - xxx

Did you tested the jobDSL definitions first? I am not familiar with any step named shell, I cannot find references in the documentation Pipeline Steps Reference so my guess is that does not exist and because of that it fails, testing the jobDSL definition before move it to JCasC make easy to get these errors

I think fixed issue - infrastructure-as-a-code-example/jenkins-values-google-login.yaml at 2e7a8a2c24f0f9aad2238f30699bc6b10540e683 · patsevanton/infrastructure-as-a-code-example · GitHub

1 Like