Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Released As:
https://github.com/jenkinsci/github-branch-source-plugin/releases/tag/github-branch-source-2.7.1

To my understanding currently the github-branch-source plugins always requires GitHub user credentials / tokens to authenticate.

I'd suggest to add authenticating Jenkins to GitHub as a GitHub App too.

Why is this better than the current way:

GitHub Apps can be granted very fine grained permissions
GitHub Apps can be added either to a whole org, or just to selected repos
The app uses a key pair to then get temporary credentials, so leaked creds to user are only valid for a short period of time
Higher API limits! (probably the most important one for bigger orgs)

This is specifically NOT about authenticating users against GitHub, but for Authenticating Jenkins itself against GitHub

relates to

JENKINS-60901 GitHub manages hooks even when it has not been configured to do it

JENKINS-60480 github is deprecating basic authentication using password

JENKINS-62220 GitHub App to support credentials with multiple organizations

links to

jenkins.io #2988