-
Bug
-
Resolution: Duplicate
-
Minor
-
GitHub API Plugin 1.112.0
GitHub Branch Source Plugin 2.8.0
GitHub Plugin 1.30.0
Docker image jenkins/jenkins:lts
DIGEST:sha256:83df661d1a2ad921323868ca48f432b175b039bb9e16be0209c0253f3186f25e
In the “New Item“ view, the description for the plugin is as follows:
Scans a GitHub organization (or user account) for all repositories […]
However, private repositories belonging to GitHub user accounts are not found if GitHub App credentials are used. The scan only works using personal access tokens or password authentication.
- duplicates
-
JENKINS-62220 GitHub App to support credentials with multiple organizations
-
- Resolved
-
[JENKINS-62594] Scanning private repos of GitHub user accounts with GitHub App credentials fails
Yes, I have installed the GitHub App on my personal account, using the install guide:
https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc
I have given it read access to all repositories:
User Account > Settings > Applications > Installed GitHub Apps > (App) > Configure
✓ Read access to code
✓ Read access to commit statuses, metadata, and pull requests
◉ All repositories
After the installation, the App is visible in the private repository.
Repository > Settings > Integrations > Installed GitHub Apps > (App) > Configure
There were no further steps necessary for this. Authentication in Jenkins also works – it is just that the scan reports 0 processed repositories:
[Tue Jun 09 16:01:58 UTC 2020] Starting organization scan...
[Tue Jun 09 16:01:58 UTC 2020] Updating actions...
Looking up details of $user...
Organization URL: $full_name
[Tue Jun 09 16:01:58 UTC 2020] Consulting GitHub Organization
16:01:58 Connecting to https://api.github.com using xxxxx/******
Looking up repositories of user $user
16:01:59 0 repositories were processed
[Tue Jun 09 16:01:59 UTC 2020] Finished organization scan. Scan took 1 sec
Finished: SUCCESS
If I repeat the same for an organization, all private and public repos belonging to the org are found (and scanned).
Sascha Sadeghian
added a comment - - edited bitwiseman
Yes, I have installed the GitHub App on my personal account, using the install guide:
https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc
I have given it read access to all repositories:
User Account > Settings > Applications > Installed GitHub Apps > (App) > Configure
✓ Read access to code
✓ Read access to commit statuses, metadata, and pull requests
◉ All repositories
After the installation, the App is visible in the private repository.
Repository > Settings > Integrations > Installed GitHub Apps > (App) > Configure
There were no further steps necessary for this. Authentication in Jenkins also works – it is just that the scan reports 0 processed repositories:
[Tue Jun 09 16:01:58 UTC 2020] Starting organization scan...
[Tue Jun 09 16:01:58 UTC 2020] Updating actions...
Looking up details of $user...
Organization URL: $full_name
[Tue Jun 09 16:01:58 UTC 2020] Consulting GitHub Organization
16:01:58 Connecting to https://api.github.com using xxxxx/******
Looking up repositories of user $user
16:01:59 0 repositories were processed
[Tue Jun 09 16:01:59 UTC 2020] Finished organization scan. Scan took 1 sec
Finished: SUCCESS
If I repeat the same for an organization, all private and public repos belonging to the org are found (and scanned). Oh, I see! That helps clarify what is going on. Something is assuming orgs-only.
sadeghian
What happens if you use an oauth token instead of app credentials?
(To do this you create a user name and password credential, but pass the token as the password.
I tried the following combinations:
- Repo visibility: public | private
- Owner: profile | organization
- Authentication: username:password | username:token | GitHub App
The scan only fails for private repos owned by a profile, when authenticating via GitHub App.
Sascha Sadeghian
added a comment - - edited bitwiseman
I tried the following combinations:
Repo visibility: public | private
Owner: profile | organization
Authentication: username:password | username:token | GitHub App
The scan only fails for private repos owned by a profile, when authenticating via GitHub App. sadeghian
Thanks for the information. That will help find the code path that is causing this.
Sergei Waigant
added a comment - We have the exact same situation when using GitHub Enterprise 2.20+
The GitHub App Credentials in Jenkins are not usable for private repositories.
Stack Trace attached which is coming when selecting the GitHub App credentials in a multi branch pipeline job.
private-repo-stacktrace.txt
Sergei Waigant
added a comment - We have the exact same situation when using GitHub Enterprise 2.20+
The GitHub App Credentials in Jenkins are not usable for private repositories.
Stack Trace attached which is coming when selecting the GitHub App credentials in a multi branch pipeline job.
private-repo-stacktrace.txt
I can also confirm the bug. We are using GitHub Enterprise as well.
I used the secret from the GitHub App to manually make connections to GitHub API and it was able to retrieve internal repositories. When using the same secret with the plugin it can only find the public repos.
Tested on the latest version and 2.7.1
Sergei Waigant
added a comment - I was surprised that the private repositories were readable for another installation...
Now I was running into same problem and the root cause was, that the app was installed into two different organisations.
If you want to interact with a private repository, you need to set the "owner" in the GitHub App Credential in Jenkins to the particular organisation...
I think that issue is related to https://issues.jenkins-ci.org/browse/JENKINS-62220
We are on GitHub Branch Source 2.8.3
Sergei Waigant
added a comment - I was surprised that the private repositories were readable for another installation...
Now I was running into same problem and the root cause was, that the app was installed into two different organisations.
If you want to interact with a private repository, you need to set the "owner" in the GitHub App Credential in Jenkins to the particular organisation...
I think that issue is related to https://issues.jenkins-ci.org/browse/JENKINS-62220
We are on GitHub Branch Source 2.8.3 I also so have exact problems that sadeghian is facing, any progress on this?
Dee Kryvenko
added a comment - It seems like https://issues.jenkins.io/browse/JENKINS-62220 is the root cause for this issue.
Also see my comment here for more details https://issues.jenkins.io/browse/JENKINS-34612?focusedCommentId=401331&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-401331
I have filed a separate issue https://issues.jenkins.io/browse/JENKINS-64249 to fix documentation as it is confusing as it is right now.
I am closing this issue as duplicate in favor for 62220 - lets focus discussion there.
Dee Kryvenko
added a comment - It seems like https://issues.jenkins.io/browse/JENKINS-62220 is the root cause for this issue.
Also see my comment here for more details https://issues.jenkins.io/browse/JENKINS-34612?focusedCommentId=401331&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-401331
I have filed a separate issue https://issues.jenkins.io/browse/JENKINS-64249 to fix documentation as it is confusing as it is right now.
I am closing this issue as duplicate in favor for 62220 - lets focus discussion there. 
sadeghian
Could you be more specific about your Jenkins and GitHub repo configuration?
For example, do the private user repositories have the GitHub App installed? If not, then it is reasonable that the user's private repo's won't be found - the App doesn't have permission to see it.