GIT_URL and GIT_COMMIT are not replaced in claims

[gczuczy]

Jenkins and plugins versions report

Environment

enkins: 2.440.2
OS: Linux - 5.15.133+
Java: 17.0.10 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
Parameterized-Remote-Trigger:3.2.0
ace-editor:1.1
active-directory:2.35
analysis-model-api:12.3.3
ansicolor:1.0.4
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
apache-httpcomponents-client-5-api:5.3.1-1.0
artifactory:4.0.6
asm-api:9.7-33.v4d23ef79fcc8
audit-trail:361.v82cde86c784e
authentication-tokens:1.53.v1c90fd9191a_b_
aws-credentials:231.v08a_59f17d742
aws-java-sdk-ec2:1.12.696-451.v0651a_da_9ca_ec
aws-java-sdk-minimal:1.12.696-451.v0651a_da_9ca_ec
badge:1.9.1
basic-branch-build-strategies:81.v05e333931c7d
blackduck-detect:9.0.0
blueocean:1.27.12
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.12
blueocean-commons:1.27.12
blueocean-config:1.27.12
blueocean-core-js:1.27.12
blueocean-dashboard:1.27.12
blueocean-display-url:2.4.2
blueocean-events:1.27.12
blueocean-git-pipeline:1.27.12
blueocean-github-pipeline:1.27.12
blueocean-i18n:1.27.12
blueocean-jwt:1.27.12
blueocean-personalization:1.27.12
blueocean-pipeline-api-impl:1.27.12
blueocean-pipeline-editor:1.27.12
blueocean-pipeline-scm-api:1.27.12
blueocean-rest:1.27.12
blueocean-rest-impl:1.27.12
blueocean-web:1.27.12
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.3-1
bouncycastle-api:2.30.1.77-225.v26ea_c9455fd9
branch-api:2.1163.va_f1064e4a_a_f3
build-timestamp:1.0.3
caffeine-api:3.1.8-133.v17b_1ff2e0599
checkmarx:2024.2.3
checks-api:2.2.0
cloud-stats:336.v788e4055508b_
cloudbees-bitbucket-branch-source:883.v041fa_695e9c2
cloudbees-folder:6.901.vb_4c7a_da_75da_3
cobertura:1.17
code-coverage-api:4.99.0
command-launcher:107.v773860566e2e
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.11.0-109.vfe16c66636eb_
config-file-provider:973.vb_a_80ecb_9a_4d0
configuration-as-code:1775.v810dc950b_514
copyartifact:722.v0662a_9b_e22a_c
coverage:1.14.0
credentials:1337.v60b_d7b_c7b_c9f
credentials-binding:657.v2b_19db_7d6e6d
dashboard-view:2.508.va_74654f026d1
data-tables-api:2.0.5-1
dependency-check-jenkins-plugin:5.5.0
dependency-track:4.3.1
disk-usage:1.2
display-url-api:2.200.vb_9327d658781
docker-commons:439.va_3cb_0a_6a_fb_29
docker-workflow:572.v950f58993843
durable-task:555.v6802fe0f0b_82
echarts-api:5.5.0-1
email-ext:1806.v856a_01a_fa_39a_
embeddable-build-status:487.va_0ef04c898a_2
envinject:2.908.v66a_774b_31d93
envinject-api:1.199.v3ce31253ed13
extended-read-permission:53.v6499940139e5
external-monitor-job:215.v2e88e894db_f8
favorite:2.208.v91d65b_7792a_c
font-awesome-api:6.5.2-1
forensics-api:2.4.0
generic-webhook-trigger:2.2.0
git:5.2.1
git-client:4.7.0
git-server:114.v068a_c7cc2574
git-tag-message:1.7.1
github:1.38.0
github-api:1.318-461.v7a_c09c9fa_d63
github-autostatus:3.6.2
github-branch-source:1787.v8b_8cd49a_f8f1
github-label-filter:1.0.0
github-oauth:597.ve0c3480fcb_d0
github-pr-comment-build:103.vc8919acf2a6b
global-slack-notifier:1.5
golang:1.4
google-metadata-plugin:0.5
google-oauth-plugin:1.330.vf5e86021cb_ec
google-storage-plugin:1.360.v6ca_38618b_41f
gradle:2.11
greenballs:1.15.1
groovy-postbuild:228.vcdb_cf7265066
gson-api:2.10.1-15.v0d99f670e0a_7
h2-api:11.1.4.199-12.v9f4244395f7a_
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-30.v7e777411b_148
hashicorp-vault-plugin:367.v8a_1ee1cccf3a
htmlpublisher:1.33
http_request:1.18
influxdb:3.6.1
instance-identity:185.v303dc7c645f9
ionicons-api:70.v2959a_b_74e3cf
ivy:2.5
jackson2-api:2.17.0-379.v02de8ec9f64c
jacoco:3.3.6
jakarta-activation-api:2.1.3-1
jakarta-mail-api:2.1.3-1
javadoc:243.vb_b_503b_b_45537
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.9-1
jdk-tool:73.vddf737284550
jenkins-design-language:1.27.12
jersey2-api:2.42-147.va_28a_44603b_d5
jira:3.13
jjwt-api:0.11.5-112.ve82dfb_224b_a_d
job-dsl:1.87
joda-time-api:2.12.7-29.v5a_b_e3a_82269a_
jquery-detached:1.2.1
jquery3-api:3.7.1-2
jsch:0.2.16-86.v42e010d9484b_
json-api:20240303-41.v94e11e6de726
json-path-api:2.9.0-58.v62e3e85b_a_655
junit:1265.v65b_14fa_f12f0
kubernetes:4203.v1dd44f5b_1cf9
kubernetes-client-api:6.10.0-240.v57880ce8b_0b_2
kubernetes-credentials:0.11
ldap:725.v3cb_b_711b_1a_ef
lockable-resources:1255.vf48745da_35d0
mailer:472.vf7c289a_4b_420
mask-passwords:173.v6a_077a_291eb_5
matrix-auth:3.2.2
matrix-project:822.824.v14451b_c0fd42
maven-plugin:3.23
mercurial:1260.vdfb_723cdcc81
metrics:4.2.21-449.v6960d7c54c69
mina-sshd-api-common:2.12.1-101.v85b_e08b_780dd
mina-sshd-api-core:2.12.1-101.v85b_e08b_780dd
momentjs:1.1.1
multibranch-build-strategy-extension:51.v88f14e2a_4075
naginator:1.449.ve19751d70eb_0
nodejs:1.6.1
oauth-credentials:0.646.v02b_66dc03d2e
oidc-provider:62.vd67c19f76766
okhttp-api:4.11.0-172.vda_da_1feeb_c6e
openstack-cloud:2.65
pam-auth:1.10
parameterized-scheduler:262.v00f3d90585cc
parameterized-trigger:787.v665fcf2a_830b_
percentage-du-node-column:0.1.0
performance:957.v658a_7065b_92a_
pipeline-build-step:540.vb_e8849e1a_b_d8
pipeline-github:2.8-159.09e4403bc62f
pipeline-githubnotify-step:49.vf37bf92d2bc8
pipeline-graph-analysis:216.vfd8b_ece330ca_
pipeline-groovy-lib:704.vc58b_8890a_384
pipeline-input-step:495.ve9c153f6067b_
pipeline-maven:1396.veb_f07b_2fc1d8
pipeline-maven-api:1396.veb_f07b_2fc1d8
pipeline-milestone-step:119.vdfdc43fc3b_9a_
pipeline-model-api:2.2198.v41dd8ef6dd56
pipeline-model-definition:2.2198.v41dd8ef6dd56
pipeline-model-extensions:2.2198.v41dd8ef6dd56
pipeline-rest-api:2.34
pipeline-stage-step:312.v8cd10304c27a_
pipeline-stage-tags-metadata:2.2198.v41dd8ef6dd56
pipeline-stage-view:2.34
pipeline-utility-steps:2.16.2
plain-credentials:179.vc5cb_98f6db_38
plugin-util-api:4.1.0
popper-api:1.16.1-3
popper2-api:2.11.6-4
prism-api:1.29.0-13
pubsub-light:1.18
rebuild:332.va_1ee476d8f6d
resource-disposer:0.23
robot:3.5.1
role-strategy:717.v6a_69a_fe98974
run-condition:1.7
saferestart:0.7
saml:4.464.vea_cb_75d7f5e0
scm-api:690.vfc8b_54395023
script-security:1335.vf07d9ce377a_e
sidebar-link:2.4.1
simple-theme-plugin:176.v39740c03a_a_f5
slack:684.v833089650554
snakeyaml-api:2.2-111.vc6598e30cc65
sonar:2.17.2
sse-gateway:1.26
ssh-agent:367.vf9076cd4ee21
ssh-credentials:337.v395d2403ccd4
ssh-slaves:2.948.vb_8050d697fec
sshd:3.322.v159e91f6a_550
startup-trigger-plugin:2.9.4
strict-crumb-issuer:2.1.1
structs:337.v1b_04ea_4df7c8
timestamper:1.26
token-macro:400.v35420b_922dcb_
trilead-api:2.142.v748523a_76693
variant:60.v7290fc0eb_b_cd
view-job-filters:369.ve0513a_a_f5524
warnings-ng:11.3.0
webhook-step:342.v620877effe14
windows-slaves:1.8.1
workflow-aggregator:596.v8c21c963d92d
workflow-api:1291.v51fd2a_625da_7
workflow-basic-steps:1058.vcb_fc1e3a_21a_9
workflow-cps:3894.vd0f0248b_a_fc4
workflow-cps-global-lib:612.v55f2f80781ef
workflow-cps-global-lib-http:2.48.0
workflow-durable-task-step:1336.v768003e07199
workflow-job:1400.v7fd111b_ec82f
workflow-multibranch:773.vc4fe1378f1d5
workflow-scm-step:427.v4ca_6512e7df1
workflow-step-api:657.v03b_e8115821b_
workflow-support:896.v175a_a_9c5b_78f
ws-cleanup:0.45

What Operating System are you using (both controller, and any agents involved in the problem)?

Linux

Reproduction steps

1. Add a build-scoped claim template, which is referencing ${GIT_URL} and another for ${GIT_COMMIT}
2. observe claim in the generated token, it will not be substituted:

Expected Results

Having the URL of the repository and the commit sha in the claims

Actual Results

11:13:05  + echo ****
11:13:05  + jwt -show -
11:13:05  Header:
11:13:05  {
11:13:05      "alg": "RS256",
11:13:05      "kid": "x-test-id"
11:13:05  }
11:13:05  Claims:
11:13:05  {
11:13:05      "aud": "test",
11:13:05      "build_number": 24,
11:13:05      "changebranch": "test-pr",
11:13:05      "changeid": "1",
11:13:05      "exp": 1714385584,
11:13:05      "git_commit": "${GIT_COMMIT}",
11:13:05      "git_url": "${GIT_URL}",
11:13:05      "github_repo": "${GITHUB_REPO}",
11:13:05      "iat": 1714381984,

Anything else?

Documentation said that his is supposed to be working, however apparently it's not working.

Are you interested in contributing a fix?

No response

[jglick]

Documentation said that his is supposed to be working

What specifically said this was supposed to be working? I am not aware of anything that would automatically set such environment variables on a build.