Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-57351

Support for making Jenkins a "GitHub App"

    XMLWordPrintable

Details

    Description

      To my understanding currently the github-branch-source plugins always requires GitHub user credentials / tokens to authenticate.

      I'd suggest to add authenticating Jenkins to GitHub as a GitHub App too.

      Why is this better than the current way:

      • GitHub Apps can be granted very fine grained permissions
      • GitHub Apps can be added either to a whole org, or just to selected repos
      • The app uses a key pair to then get temporary credentials, so leaked creds to user are only valid for a short period of time
      • Higher API limits! (probably the most important one for bigger orgs)

      This is specifically NOT about authenticating users against GitHub, but for Authenticating Jenkins itself against GitHub

      References: https://developer.github.com/apps/differences-between-apps/

      Attachments

        Issue Links

          Activity

            paulomigalmeida Paulo Almeida added a comment -

            webrat issc29 the PR was merged a couple of days ago. Is there anything I can do for helping this new feature to get implemented? (Both directly or indirectly)

            paulomigalmeida Paulo Almeida added a comment - webrat issc29 the PR was merged a couple of days ago. Is there anything I can do for helping this new feature to get implemented? (Both directly or indirectly)

            This is definitely a most-wanted.

            • as stated, it avoids putting some user credential that can expire
            • it also brings the capability to enrich pull requests with the github check api
            eric_dales Eric D'ALES DE CORBET added a comment - This is definitely a most-wanted. as stated, it avoids putting some user credential that can expire it also brings the capability to enrich pull requests with the github check api

            Not finished yet, but some have in progress work to have Jenkins act as a GitHub app. See https://github.com/github-api/github-api/issues/570#issuecomment-562200472

            ojacques Olivier Jacques added a comment - Not finished yet, but some have in progress work to have Jenkins act as a GitHub app. See https://github.com/github-api/github-api/issues/570#issuecomment-562200472
            oleg_nenashev Oleg Nenashev added a comment -

            https://github.com/jenkinsci/github-api-plugin release is still blocked due to binary compatibility risks which were introduced in the reccent versions of GitHub API. See https://github.com/github-api/github-api/issues/630 for the feature request.

             

            oleg_nenashev Oleg Nenashev added a comment - https://github.com/jenkinsci/github-api-plugin  release is still blocked due to binary compatibility risks which were introduced in the reccent versions of GitHub API. See  https://github.com/github-api/github-api/issues/630  for the feature request.  
            timja Tim Jacomb added a comment -

            I've opened a draft PR for this: https://github.com/jenkinsci/github-branch-source-plugin/pull/269

            It's still blocked on the github-api-plugin release, and probably needs a bit more work on my side, (automated tests are a bit light)

            timja Tim Jacomb added a comment - I've opened a draft PR for this: https://github.com/jenkinsci/github-branch-source-plugin/pull/269 It's still blocked on the github-api-plugin release, and probably needs a bit more work on my side, (automated tests are a bit light)

            People

              timja Tim Jacomb
              webrat Andreas Sieferlinger
              Votes:
              13 Vote for this issue
              Watchers:
              24 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: