first run in jenkins always fails with GitlabHttpError: 403: insufficient_scope
damnmso opened this issue · comments
Description of the problem, including code/CLI snippet
we use jenkins for our builds and use semantic-versioning. usually, when someone pushed something into master/main, jenkins creates a new version, tags it to gitlab and builds the distribution. unfortunately, since a few weeks(not sure about that) we have a very wierd behaviour. the first run fails.
Expected Behavior
a regular jenkins build with tags pushed to gitlab and no error
Actual Behavior
we get an error GitlabHttpError: 403: insufficient_scope when jenkins runs the first time on that branch, when i then start it manually, it works. even more wierd: the tag is created!
(.pyenv-python) C:\Users\jenkinsSA\AppData\Local\Jenkins\.jenkins\workspace\usermgmtautomation_master>
git checkout master
Switched to branch 'master'
[Pipeline] bat
(.pyenv-python) C:\Users\jenkinsSA\AppData\Local\Jenkins\.jenkins\workspace\usermgmtautomation_master>
semantic-release version 1>version.txt
The next version is: 0.7.3! \U0001f680
No build command specified, skipping
[08:54:15] ERROR [semantic_release.cli.commands.version] version.py:553
ERROR version.version: 403:
insufficient_scope
+--- Traceback (most recent call last) ----+
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\exceptions.py:336 in wrapped_f |
| |
| 333 @functools.wraps(f) |
| 334 def wrapped_f(*args: Any, |
| 335 try: |
| > 336 return f(*args, ** |
| 337 except GitlabHttpError |
| 338 raise error(e.erro |
| 339 |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\mixins.py:300 in create |
| |
| 297 |
| 298 # Handle specific URL for |
| 299 path = kwargs.pop("path", |
| > 300 server_data = self.gitlab. |
| 301 if TYPE_CHECKING: |
| 302 assert not isinstance( |
| 303 assert self._obj_cls i |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\client.py:1021 in http_post |
| |
| 1018 query_data = query_data o |
| 1019 post_data = post_data or |
| 1020 |
| > 1021 result = self.http_reques |
| 1022 "post", |
| 1023 path, |
| 1024 query_data=query_data |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\client.py:794 in http_request |
| |
| 791 response_body |
| 792 ) |
| 793 |
| > 794 raise gitlab.exceptio |
| 795 response_code=res |
| 796 error_message=err |
| 797 response_body=res |
+------------------------------------------+
GitlabHttpError: 403: insufficient_scope
The above exception was the direct cause of
the following exception:
+--- Traceback (most recent call last) ----+
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\hvcs\gitlab.py:131 in |
| create_or_update_release |
| |
| 128 self, tag: str, release_no |
| 129 ) -> str: |
| 130 try: |
| > 131 return self.create_rel |
| 132 tag=tag, release_n |
| 133 ) |
| 134 except gitlab.GitlabCreate |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\helpers.py:52 in _wrapper |
| |
| 49 ) |
| 50 |
| 51 # Call function |
| > 52 result = func(*args, * |
| 53 |
| 54 # Log result |
| 55 logger.debug("%s -> %s |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\hvcs\gitlab.py:97 in |
| create_release |
| |
| 94 client.auth() |
| 95 log.info("Creating release |
| 96 # ref: https://docs.gitlab/ |
| > 97 client.projects.get(self.o |
| 98 { |
| 99 "name": "Release " |
| 100 "tag_name": tag, |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\exceptions.py:338 in wrapped_f |
| |
| 335 try: |
| 336 return f(*args, ** |
| 337 except GitlabHttpError |
| > 338 raise error(e.erro |
| 339 |
| 340 return cast(__F, wrapped_f |
| 341 |
+------------------------------------------+
GitlabCreateError: 403: insufficient_scope
During handling of the above exception,
another exception occurred:
+--- Traceback (most recent call last) ----+
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\exceptions.py:336 in wrapped_f |
| |
| 333 @functools.wraps(f) |
| 334 def wrapped_f(*args: Any, |
| 335 try: |
| > 336 return f(*args, ** |
| 337 except GitlabHttpError |
| 338 raise error(e.erro |
| 339 |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\mixins.py:368 in update |
| |
| 365 ) |
| 366 |
| 367 http_method = self._get_up |
| > 368 result = http_method(path, |
| 369 if TYPE_CHECKING: |
| 370 assert not isinstance( |
| 371 return result |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\client.py:1075 in http_put |
| |
| 1072 query_data = query_data o |
| 1073 post_data = post_data or |
| 1074 |
| > 1075 result = self.http_reques |
| 1076 "put", |
| 1077 path, |
| 1078 query_data=query_data |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\client.py:794 in http_request |
| |
| 791 response_body |
| 792 ) |
| 793 |
| > 794 raise gitlab.exceptio |
| 795 response_code=res |
| 796 error_message=err |
| 797 response_body=res |
+------------------------------------------+
GitlabHttpError: 403: insufficient_scope
The above exception was the direct cause of
the following exception:
+--- Traceback (most recent call last) ----+
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\cli\commands\version.py:5 |
| 47 in version |
| |
| 544 noop_report(f"would ha |
| 545 else: |
| 546 try: |
| > 547 release_id = hvcs_ |
| 548 tag=new_versio |
| 549 release_notes= |
| 550 prerelease=new |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\helpers.py:52 in _wrapper |
| |
| 49 ) |
| 50 |
| 51 # Call function |
| > 52 result = func(*args, * |
| 53 |
| 54 # Log result |
| 55 logger.debug("%s -> %s |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\hvcs\gitlab.py:141 in |
| create_or_update_release |
| |
| 138 self.owner, |
| 139 self.repo_name, |
| 140 ) |
| > 141 return self.edit_relea |
| 142 |
| 143 def compare_url(self, from_rev |
| 144 return |
| f"[https://{self.hvcs_domain}/{self](https://{self.hvcs_domain}/%7Bself) |
| v}" |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\helpers.py:52 in _wrapper |
| |
| 49 ) |
| 50 |
| 51 # Call function |
| > 52 result = func(*args, * |
| 53 |
| 54 # Log result |
| 55 logger.debug("%s -> %s |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\se |
| mantic_release\hvcs\gitlab.py:118 in |
| edit_release_notes |
| |
| 115 client.auth() |
| 116 log.info("Updating release |
| 117 |
| > 118 client.projects.get(self.o |
| 119 release_id, |
| 120 { |
| 121 "description": rel |
| |
| C:\Users\jenkinsSA\AppData\Local\Jenkins |
| \.jenkins\workspace\usermgmtautomation_m |
| aster\.pyenv-python\Lib\site-packages\gi |
| tlab\exceptions.py:338 in wrapped_f |
| |
| 335 try: |
| 336 return f(*args, ** |
| 337 except GitlabHttpError |
| > 338 raise error(e.erro |
| 339 |
| 340 return cast(__F, wrapped_f |
| 341 |
+------------------------------------------+
GitlabUpdateError: 403: insufficient_scope
Usage: semantic-release version [OPTIONS]
Try 'semantic-release version -h' for help.
Error: 403: insufficient_scope
Specifications
- python-gitlab version: python_gitlab-3.15.0-py3-none-any.whl
- API version you are using (v3/v4):
- Gitlab server version (or gitlab.com): gitlab.com
its getting stranger ... i did not change anything and now it went through without problems. so maybe this is some problem with gitlab.com itself
@damnmso this is most likely not an issue with python-gitlab but how your permissions interact. Maybe you're using CI_JOB_TOKEN
and the bot that triggers the initial pipeline does not have the right scope/permissions, but when you re-trigger manually, it works. In any case, this would be an issue even with curl not just our library. It depends on who triggers job in this case. Other issues include protected variables, e.g. you might be running on a protected branch but the tag pipeline does not have access to that if your tags are not protected etc.
i did not change anything and it works now correctly, again. wondering how long. seems like a gitlab.com problem. as mentioned: it worked quiet a while and we changed nothing in our CI environment. then it failed. now it works again.