Jenkins pipeline-as-code: not a git repository

Hello,

I’m trying to set up an IaC pipeline that deploys some resources using terraform. I am storing this pipeline in a top-level Jenkins file in our IaC repository. Our repository is stored on a self-hosted bitbucket server. I have created a multibranch pipeline with “Single repsitory & branch” as the branch source, and specified the correct repository URL and credentials there. However, when executing trying to create the pipeline from git (i.e. executing in Jenkins), the following error always occurs:

Started by user jgeens
Checking out git http://git.company.com/scm/projects/iac.git into /var/jenkins_home/workspace/test-multibranch_master@script/33bfda6085f3de58d76b3167bcee64b93e453f851a2e975119451d175e925a98 to read Jenkinsfile
The recommended git tool is: NONE
using credential stash-system-user
 > git rev-parse --resolve-git-dir /var/jenkins_home/workspace/test-multibranch_master@script/33bfda6085f3de58d76b3167bcee64b93e453f851a2e975119451d175e925a98/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url http://git.company.com/scm/projects/iac.git # timeout=10
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from http://git.company.com/scm/projects/iac.git 
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:1003)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1245)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1309)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129)
	at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:159)
	at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:143)
	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:312)
	at hudson.model.ResourceController.execute(ResourceController.java:101)
	at hudson.model.Executor.run(Executor.java:442)
Caused by: hudson.plugins.git.GitException: Command "git config remote.origin.url http://git.company.com/scm/projects/iac.git" returned status code 128:
stdout: 
stderr: fatal: not in a git directory

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2734)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2660)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2656)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommand(CliGitAPIImpl.java:1981)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommand(CliGitAPIImpl.java:1993)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.setRemoteUrl(CliGitAPIImpl.java:1601)
	at hudson.plugins.git.GitAPI.setRemoteUrl(GitAPI.java:161)
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:991)
	... 8 more
ERROR: Error fetching remote repo 'origin'
ERROR: Maximum checkout retry attempts reached, aborting
Finished: FAILURE

I have also tried a normal pipeline with pipeline definition “pipeline script from scm”, freestyle project, … but everything always returns this error.

I am on Jenkins 2.387.1 using Git plugin 5.0.0 and git client plugin 4.1.0.

Any help would be dearly appreciated!

Command line git resolved a security vulnerability by increasing the strictness they apply to the ownership of files and directories. If git files or directories are owned by a user other than the user running the command line git process, then recent releases of command line git fail with the not in a git directory message.

Check the file and directory ownerships on the controller and on the agents. They must be owned by the user that is running command line git.

The behavior is not something that Jenkins controls. Refer to JENKINS-70540 for more details

Hi Mark,

Thanks for your reply, this looks indeed like the issue I am encountering. I’m wondering how this can be solved though - the issue you listed seems specifically for when the git repository already exists locally and as such has a wrong directory owner. However, in my setup the agents run on kubernetes, and the repository hasn’t been cloned before. If I understand correctly the user executing the git tool should be the one cloning the repo and thus being the owner of the directory, especially since this all happens simultaneously. Do you think downgrading our git version would be a viable solution? Or is there something I’m looking over?

Your help is very much appreciated!
Kind regards,
Jesse

indicates that the failing operation may be on the controller, not on the agent. The Jenkinsfile for a Pipeline must be fetched to the controller because that is where it is run.

Yes, you could downgrade the version of command line git by modifying the agent image, but that is a downgrade that you will need to do every time there is a new agent image. I think it is unwise to downgrade command line git because you won’t receive any new command line git features and you will have removed a security fix that was implemented by command line git.

The best solution is to find and fix the permissions problem that exists, where ever it exists. Check the controller file system. Check the agent file system. Assure that directories are owned by the correct user in both cases.

I ran into this issue, I was able resolve the issue with following steps,

cd /var/jenkins_home
git config --global --add safe.directory ‘*’

hi @sebinnsebastian
Can you please help me where to execute this command?