Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33974

Add option to verify "secret" token

XMLWordPrintable

      For security reasons, it's quite important for this plugin to support an option to verify a "secret" token. This option was added some time ago, you basically configure a "secret" in the GitHub webhook end, so you know the requests you are receiving is really from GitHub. The GitHub Pull Request Builder plugin (ghprb) already supports it. It would be great if this plugin add support too.

          [JENKINS-33974] Add option to verify "secret" token

          Leandro Lucarella created issue -
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 169985 ] New: JNJira + In-Review [ 183715 ]
          Ivan Tichý made changes -
          Link New: This issue is related to JENKINS-37956 [ JENKINS-37956 ]

          emanuelez added a comment -

          It looks like this is the root cause of JENKINS-36121 so I think it's pretty urgent. It makes the Github Organization Folder plugin spam the Github API easily reaching the 5000 calls per hour limit.

          emanuelez added a comment - It looks like this is the root cause of JENKINS-36121 so I think it's pretty urgent. It makes the Github Organization Folder plugin spam the Github API easily reaching the 5000 calls per hour limit.
          Kirill Merkushev made changes -
          Link New: This issue relates to JENKINS-37956 [ JENKINS-37956 ]
          Kirill Merkushev made changes -
          Link Original: This issue relates to JENKINS-37956 [ JENKINS-37956 ]

          Kanstantsin Shautsou added a comment -

          CloudBees plugin uses separate connector, so there is no relation. Please report branchsource/orgfolder issues to CloudBees.

          For secret verification some repository should created trigger and then send ping event. When global configuration configured there is no any repositories that could be used for testing. You can call re-register all hooks and then check mange jenkins page that will have report in case of failed hooks creation. But maybe it doesn't check with ping event that hook succesfully configured...

          Kanstantsin Shautsou added a comment - CloudBees plugin uses separate connector, so there is no relation. Please report branchsource/orgfolder issues to CloudBees. For secret verification some repository should created trigger and then send ping event. When global configuration configured there is no any repositories that could be used for testing. You can call re-register all hooks and then check mange jenkins page that will have report in case of failed hooks creation. But maybe it doesn't check with ping event that hook succesfully configured...
          Jesse Glick made changes -
          Remote Link New: This issue links to "github-plugin #134 (Web Link)" [ 24884 ]
          Jesse Glick made changes -
          Released As New: https://github.com/jenkinsci/github-plugin/releases/tag/v1.21.0
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Jesse Glick made changes -
          Link New: This issue relates to JENKINS-62097 [ JENKINS-62097 ]

            lanwen Kirill Merkushev
            lucasocio Leandro Lucarella
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: