[JENKINS-57351] Support for making Jenkins a "GitHub App" - Jenkins Jira

Type: New Feature
Resolution: Fixed
Priority: Major
Component/s: github-branch-source-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/github-branch-source-plugin/releases/tag/github-branch-source-2.7.1

To my understanding currently the github-branch-source plugins always requires GitHub user credentials / tokens to authenticate.

I'd suggest to add authenticating Jenkins to GitHub as a GitHub App too.

Why is this better than the current way:

GitHub Apps can be granted very fine grained permissions
GitHub Apps can be added either to a whole org, or just to selected repos
The app uses a key pair to then get temporary credentials, so leaked creds to user are only valid for a short period of time
Higher API limits! (probably the most important one for bigger orgs)

This is specifically NOT about authenticating users against GitHub, but for Authenticating Jenkins itself against GitHub

References: https://developer.github.com/apps/differences-between-apps/

relates to

JENKINS-60901 GitHub manages hooks even when it has not been configured to do it

Open

JENKINS-60480 github is deprecating basic authentication using password

Closed

JENKINS-62220 GitHub App to support credentials with multiple organizations

Resolved

links to

jenkins.io #2988

Assignee:: Tim Jacomb

Reporter:: Andreas Sieferlinger

Votes:: 13 Vote for this issue

Watchers:: 24 Start watching this issue

Created:: 2019-05-07 08:21

Updated:: 2020-05-12 21:03

Resolved:: 2020-03-20 12:42