-
Bug
-
Resolution: Duplicate
-
Minor
-
GitHub API Plugin 1.112.0
GitHub Branch Source Plugin 2.8.0
GitHub Plugin 1.30.0
Docker image jenkins/jenkins:lts
DIGEST:sha256:83df661d1a2ad921323868ca48f432b175b039bb9e16be0209c0253f3186f25e
In the “New Item“ view, the description for the plugin is as follows:
Scans a GitHub organization (or user account) for all repositories […]
However, private repositories belonging to GitHub user accounts are not found if GitHub App credentials are used. The scan only works using personal access tokens or password authentication.
- duplicates
-
JENKINS-62220 GitHub App to support credentials with multiple organizations
-
- Resolved
-
[JENKINS-62594] Scanning private repos of GitHub user accounts with GitHub App credentials fails
Sascha Sadeghian
created issue -
Sascha Sadeghian
made changes -
| Assignee | New: Sascha Sadeghian [ sadeghian ] |
Sascha Sadeghian
made changes -
| Description |
Original:
In the “New Item“ view, the description for the plugin states the following: ??Scans a GitHub organization (or user account) for all repositories […]?? However, private repositories belonging to GitHub user accounts are not found if GitHub App credentials are used. The scan only works using personal access tokens or password authentication. |
New:
In the “New Item“ view, the description for the plugin is as follows: ??Scans a GitHub organization (or user account) for all repositories […]?? However, private repositories belonging to GitHub user accounts are not found if GitHub App credentials are used. The scan only works using personal access tokens or password authentication. |
Sascha Sadeghian
made changes -
| Assignee | Original: Sascha Sadeghian [ sadeghian ] |
Yes, I have installed the GitHub App on my personal account, using the install guide:
https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc
I have given it read access to all repositories:
User Account > Settings > Applications > Installed GitHub Apps > (App) > Configure
✓ Read access to code
✓ Read access to commit statuses, metadata, and pull requests
◉ All repositories
After the installation, the App is visible in the private repository.
Repository > Settings > Integrations > Installed GitHub Apps > (App) > Configure
There were no further steps necessary for this. Authentication in Jenkins also works – it is just that the scan reports 0 processed repositories:
[Tue Jun 09 16:01:58 UTC 2020] Starting organization scan...
[Tue Jun 09 16:01:58 UTC 2020] Updating actions...
Looking up details of $user...
Organization URL: $full_name
[Tue Jun 09 16:01:58 UTC 2020] Consulting GitHub Organization
16:01:58 Connecting to https://api.github.com using xxxxx/******
Looking up repositories of user $user
16:01:59 0 repositories were processed
[Tue Jun 09 16:01:59 UTC 2020] Finished organization scan. Scan took 1 sec
Finished: SUCCESS
If I repeat the same for an organization, all private and public repos belonging to the org are found (and scanned).
Sascha Sadeghian
added a comment - - edited bitwiseman
Yes, I have installed the GitHub App on my personal account, using the install guide:
https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc
I have given it read access to all repositories:
User Account > Settings > Applications > Installed GitHub Apps > (App) > Configure
✓ Read access to code
✓ Read access to commit statuses, metadata, and pull requests
◉ All repositories
After the installation, the App is visible in the private repository.
Repository > Settings > Integrations > Installed GitHub Apps > (App) > Configure
There were no further steps necessary for this. Authentication in Jenkins also works – it is just that the scan reports 0 processed repositories:
[Tue Jun 09 16:01:58 UTC 2020] Starting organization scan...
[Tue Jun 09 16:01:58 UTC 2020] Updating actions...
Looking up details of $user...
Organization URL: $full_name
[Tue Jun 09 16:01:58 UTC 2020] Consulting GitHub Organization
16:01:58 Connecting to https://api.github.com using xxxxx/******
Looking up repositories of user $user
16:01:59 0 repositories were processed
[Tue Jun 09 16:01:59 UTC 2020] Finished organization scan. Scan took 1 sec
Finished: SUCCESS
If I repeat the same for an organization, all private and public repos belonging to the org are found (and scanned). Oh, I see! That helps clarify what is going on. Something is assuming orgs-only.
sadeghian
What happens if you use an oauth token instead of app credentials?
(To do this you create a user name and password credential, but pass the token as the password.
I tried the following combinations:
- Repo visibility: public | private
- Owner: profile | organization
- Authentication: username:password | username:token | GitHub App
The scan only fails for private repos owned by a profile, when authenticating via GitHub App.
Sascha Sadeghian
added a comment - - edited bitwiseman
I tried the following combinations:
Repo visibility: public | private
Owner: profile | organization
Authentication: username:password | username:token | GitHub App
The scan only fails for private repos owned by a profile, when authenticating via GitHub App. sadeghian
Thanks for the information. That will help find the code path that is causing this.
sadeghian
Could you be more specific about your Jenkins and GitHub repo configuration?
For example, do the private user repositories have the GitHub App installed? If not, then it is reasonable that the user's private repo's won't be found - the App doesn't have permission to see it.