Started by user Mikaël Barbero Running as Mikaël Barbero [Pipeline] Start of Pipeline [Pipeline] node Agent basic-qlh7b is provisioned from template basic --- apiVersion: "v1" kind: "Pod" metadata: labels: jenkins: "slave" jenkins/label-digest: "61a7508ed1b04e9ada836fcd14d4d8ef5687c7dd" jenkins/label: "basic" name: "basic-qlh7b" namespace: "cbi" spec: containers: - env: - name: "JENKINS_SECRET" value: "********" - name: "JENKINS_TUNNEL" value: "jenkins-discovery.cbi.svc.cluster.local:50000" - name: "JENKINS_AGENT_NAME" value: "basic-qlh7b" - name: "JENKINS_REMOTING_JAVA_OPTS" value: "-showversion -XshowSettings:vm -Xmx256m -Dorg.jenkinsci.remoting.engine.JnlpProtocol3.disabled=true\ \ -Dorg.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID=true" - name: "JAVA_TOOL_OPTIONS" value: "" - name: "_JAVA_OPTIONS" value: "" - name: "OPENJ9_JAVA_OPTIONS" value: "-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningCompactOnIdle -XX:+IdleTuningGcOnIdle" - name: "JENKINS_NAME" value: "basic-qlh7b" - name: "JENKINS_AGENT_WORKDIR" value: "/home/jenkins/agent" - name: "JENKINS_URL" value: "http://jenkins-ui.cbi.svc.cluster.local/cbi/" image: "docker.io/eclipsecbi/jiro-agent-basic:remoting-3160.vd76b_9ddd10cc" imagePullPolicy: "Always" name: "jnlp" resources: limits: cpu: "2000m" memory: "4096Mi" requests: cpu: "1000m" memory: "4096Mi" tty: true volumeMounts: - mountPath: "/home/jenkins/.gradle/daemon" name: "volume-6" readOnly: false - mountPath: "/home/jenkins/.gradle/caches" name: "volume-5" readOnly: false - mountPath: "/home/jenkins/.mavenrc" name: "m2-dir" readOnly: true subPath: ".mavenrc" - mountPath: "/home/jenkins/.m2/repository" name: "volume-3" readOnly: false - mountPath: "/home/jenkins/.m2/settings-security.xml" name: "m2-secret-dir" readOnly: true subPath: "settings-security.xml" - mountPath: "/home/jenkins/.gradle/gradle.properties" name: "gradle-secret-dir" readOnly: true subPath: "gradle.properties" - mountPath: "/home/jenkins/.gradle/workers" name: "volume-8" readOnly: false - mountPath: "/home/jenkins/.m2/toolchains.xml" name: "m2-dir" readOnly: true subPath: "toolchains.xml" - mountPath: "/opt/tools" name: "volume-0" readOnly: false - mountPath: "/home/jenkins" name: "volume-2" readOnly: false - mountPath: "/home/jenkins/.gradle/native" name: "volume-7" readOnly: false - mountPath: "/home/jenkins/.m2/wrapper" name: "volume-4" readOnly: false - mountPath: "/home/jenkins/.m2/settings.xml" name: "m2-secret-dir" readOnly: true subPath: "settings.xml" - mountPath: "/home/jenkins/.ssh" name: "volume-1" readOnly: false subPath: "" - mountPath: "/home/jenkins/.gradle/wrapper" name: "volume-9" readOnly: false - mountPath: "/home/jenkins/agent" name: "workspace-volume" readOnly: false workingDir: "/home/jenkins/agent" nodeSelector: kubernetes.io/os: "linux" restartPolicy: "Never" volumes: - name: "m2-secret-dir" secret: secretName: "m2-secret-dir" - emptyDir: medium: "" name: "volume-8" - emptyDir: medium: "" name: "volume-7" - emptyDir: medium: "" name: "volume-9" - emptyDir: medium: "" name: "workspace-volume" - emptyDir: medium: "" name: "volume-4" - emptyDir: medium: "" name: "volume-3" - emptyDir: medium: "" name: "volume-6" - emptyDir: medium: "" name: "volume-5" - name: "volume-0" persistentVolumeClaim: claimName: "tools-claim-jiro-cbi" readOnly: true - emptyDir: medium: "" name: "volume-2" - configMap: name: "m2-dir" name: "m2-dir" - configMap: name: "known-hosts" name: "volume-1" - name: "gradle-secret-dir" secret: secretName: "gradle-secret-dir" Running on basic-qlh7b in /home/jenkins/agent/workspace/sigstore-demo/demo-blob [Pipeline] { [Pipeline] stage [Pipeline] { (Hello) [Pipeline] script [Pipeline] { [Pipeline] sh + echo 'Hello World' + curl -sSJOL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 + chmod u+x cosign-linux-amd64 [Pipeline] withCredentials Masking supported pattern matches of $_BOT__PASSWORD [Pipeline] { [Pipeline] sh Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure. Affected argument(s) used the following variable(s): [_BOT__PASSWORD] See https://jenkins.io/redirect/groovy-string-interpolation for details. + curl -sS -X POST --url https://auth.eclipse.org/auth/realms/sigstore/protocol/openid-connect/token --header 'Content-Type: application/x-www-form-urlencoded' --data grant_type=password --data client_id=sigstore --data username=cbi-dev --data password=**** + jq -r .access_token [Pipeline] maskPasswords [Pipeline] { [Pipeline] sh + ./cosign-linux-amd64 sign-blob README -y --output-signature README.sig --oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore --identity-token= Using payload from: README Generating ephemeral keys... Retrieving signed certificate... Non-interactive mode detected, using device flow. Error: signing README: getting key from Fulcio: retrieving cert: 400 Bad Request: {"error":"unauthorized_client","error_description":"Client is not allowed to initiate OAuth 2.0 Device Authorization Grant. The flow is disabled for the client."} main.go:74: error during command execution: signing README: getting key from Fulcio: retrieving cert: 400 Bad Request: {"error":"unauthorized_client","error_description":"Client is not allowed to initiate OAuth 2.0 Device Authorization Grant. The flow is disabled for the client."} [Pipeline] } [Pipeline] // maskPasswords [Pipeline] } [Pipeline] // withCredentials [Pipeline] } [Pipeline] // script [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline ERROR: script returned exit code 1 Finished: FAILURE