Skip to main content
Version: Release 24.3

External Script Tasks

External Script task points to a Jython or Groovy script that is executed on the Release server. It is an automated task that completes when the script is successfully executed. This task detects the language of the script by the file name extension.

The External Script task type only supports basic HTTP authentication. You must provide an HTTP/HTTPS URL that points to a script file. The task type does not support other protocols.

For an example showing how you can use the External Script task type, see Create a release from a Git repository.

For detailed information about the contents of the task, see Task Drawer for Tasks.

External Script Task Details

The input properties of the External Script task are as follows:

OptionDescription
URL*Enter the HTTP/HTTPS URL that points to a script file
Username*Enter the username to authenticate to the URL
Password*Enter the password to authenticate to the URL
Script LanguageLanguage of the script. Select one of the options from the drop-down list:
  • AUTODETECT
  • JYTHON
  • GROOVY

You can toggle on the Ignore variable interpolation toggle button to ignore variables from being used in the script. See the Variable Interpolation section below for more information on variable interpolation.

In the Overview tab of the External Script task, you can add tags to your External Script task in the Task Tags field for filtering.

In the release flow editor, External Script tasks are marked with a gray border.

Security and External Script tasks

When an External Script task becomes active, the script is executed in a sandbox environment on the Release server. The script has very restricted permissions. By default, access to the file system, network, and non API related classes is not allowed.

To remove these restrictions, add a script.policy file to the XL_RELEASE_SERVER_HOME/conf directory. This is a standard Java Security Policy file that contains the permissions that a script should have.

To enable the use of additional Java packages or classes in the script, use the following Release specific RuntimePermission:

permission  com.xebialabs.xlrelease.script.security.RuntimePermission "accessClass.com.company.domain.*";
permission com.xebialabs.xlrelease.script.security.RuntimePermission "accessClass.com.company.utils.HelperClass";

You must restart the Release server after creating or changing the XL_RELEASE_SERVER_HOME/conf/script.policy file.

Variable Interpolation

You can insert release, folder, or global variables directly into the script using the standard ${variable_name} syntax. However, users should exercise caution when interpolating variables because of the potential for insecurities and code injections, and it is not a recommended practice. This capability will be removed in a future update.

Variable interpolation replaces the ${variable_name} text in the script with the variable value "as is", without any escaping. This means that it will definitely fail if your variable value contains double quotes or new lines and if your Jython code looks like this:

x = "${myvariable}"

You can still work around this issue using triple quotes, but only in the case that your variable itself does not contain triple quotes, for example:

x = """${myvariable}"""

If you wish to use this feature, it is strongly recommended to avoid such characters as quotes, parentheses, and so on in the body of your variable.