Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: github-branch-source-plugin
Labels:
- issue-exported-to-github
Environment:
GitHub Enterprise 2.22.6
github-branch-source-plugin 2.10.2 and 8093b3d

GitHub app authentication working in one organization, when app is installed to a second organization and a job added to Jenkins the repository scanning for that job throws errors

Error while processing pull request 1
java.io.FileNotFoundException: https://git.example.com/api/v3/repos/SECOND_ORG/EXAMPLE_REPO/collaborators/csanchez/permission
	at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$OkHttpURLConnection.getInputStream(ObsoleteUrlFactory.java:490)
	at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$DelegatingHttpsURLConnection.getInputStream(ObsoleteUrlFactory.java:1204)
	at org.kohsuke.github.GitHubHttpUrlConnectionClient$HttpURLConnectionResponseInfo.bodyStream(GitHubHttpUrlConnectionClient.java:196)
	at org.kohsuke.github.GitHubResponse$ResponseInfo.getBodyAsString(GitHubResponse.java:314)
	at org.kohsuke.github.GitHubResponse.parseBody(GitHubResponse.java:92)
	at org.kohsuke.github.Requester.lambda$fetch$1(Requester.java:76)
	at org.kohsuke.github.GitHubClient.createResponse(GitHubClient.java:455)
	at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:406)
Caused: org.kohsuke.github.GHFileNotFoundException: https://git.example.com/api/v3/repos/SECOND_ORG/EXAMPLE_REPO/collaborators/csanchez/permission {"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/enterprise/2.22/rest/reference/repos#get-repository-permissions-for-a-user"}
	at org.kohsuke.github.GitHubClient.interpretApiError(GitHubClient.java:486)
	at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:414)
	at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:358)
	at org.kohsuke.github.Requester.fetch(Requester.java:76)
	at org.kohsuke.github.GHRepository.getPermission(GHRepository.java:948)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource$1.fetch(GitHubSCMSource.java:987)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSourceRequest.getPermissions(GitHubSCMSourceRequest.java:476)
	at org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission.checkTrusted(ForkPullRequestDiscoveryTrait.java:356)
	at org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission.checkTrusted(ForkPullRequestDiscoveryTrait.java:339)
	at jenkins.scm.api.trait.SCMHeadAuthority.isTrusted(SCMHeadAuthority.java:101)
	at jenkins.scm.api.trait.SCMSourceRequest.isTrusted(SCMSourceRequest.java:213)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource$4.create(GitHubSCMSource.java:1202)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource$4.create(GitHubSCMSource.java:1196)
	at jenkins.scm.api.trait.SCMSourceRequest.process(SCMSourceRequest.java:339)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.retrievePullRequest(GitHubSCMSource.java:1192)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.retrieve(GitHubSCMSource.java:1040)
	at jenkins.scm.api.SCMSource._retrieve(SCMSource.java:373)
	at jenkins.scm.api.SCMSource.fetch(SCMSource.java:283)
	at jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:641)
	at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:278)
	at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:165)
	at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1032)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)

What happens is that Jenkins is either using the token cached for a credential that has no owner set, or the owner is set to a different organization.

In the latter case it is picking the wrong appInstallation here
https://github.com/jenkinsci/github-branch-source-plugin/blob/b4206a9/src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials.java#L210-L218

is caused by

JENKINS-62220 GitHub App to support credentials with multiple organizations

Resolved

is related to

JENKINS-65006 Couldn't authenticate with GitHub app ID when app is installed in 2+ organizations

Open

Assignee:: Unassigned
Reporter:: Carlos Sanchez

Created:: 2021-03-03 17:42
Updated:: 2025-12-02 19:52
Archived:: 2025-12-02 19:52

Details

Description

Attachments

Issue Links

Activity

People

Dates