Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66028

Shared Groovy Libraries Plugin not working with GitHub Personal Access Tokens or GitHub App Credentials

    XMLWordPrintable

Details

    Description

      Greetings-

      Yesterday our Jenkins instance (2.277.4) began failing jobs when the job began checking out our shared Jenkins library repository from GitHub when using Personal Access Tokens (PATs) & GitHub App credentials. The cause was GitHub performing a planned brownout as outlined in:

      https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/#brownouts

      We switched to using SSH keys & SSH urls (git@githib.com:org/repo.git) for the time being and that got jobs working again.

      We know we have set up our App and PAT credentials correctly, as the
      Branch Sources GitHub were configured to use App/PATs, and are successful in authenticating. So I suspect there is a subtle difference in the way the sharded-pipeline lib plugin and the GitHub Branch Source plugins authenticate into GitHub's APIs.
       
      We have a support case open with Git Hub Enterprise, but I suspect that they'll just tell us to log an issue here (What I'm doing now).
       
      I have uploaded a stack trace of what Jenkins spits out in the Failed Job Log Console with some of our URLs and Cred names redacted.
       
      This won't be reproducible today, as Git Hub has turned down the requirement, but will enable again on July 24th, and permanently enable later in August (See the blog for those dates).
       
      Version info:

      • Plugin Version: 2.20
      • Jenkins version: 2.277.4
      • Git CLI Client thats used: 2.26.2 (Built from source)
         
        Thank you for your time.

      Attachments

        Issue Links

          Activity

            aegelhofer Andrew added a comment -

            I see that this was related to another issue about enabling 2FA on the account in question. As mentioned, we do not have this issue on "normal" checkouts ("GitHub Branch Source Plugin"), and I can confirm that the account / credential in question, has 2FA enabled on it.

            So resolution of our issue is not the same as the related Jira.

            aegelhofer Andrew added a comment - I see that this was related to another issue about enabling 2FA on the account in question. As mentioned, we do not have this issue on "normal" checkouts ("GitHub Branch Source Plugin"), and I can confirm that the account / credential in question, has 2FA enabled on it. So resolution of our issue is not the same as the related Jira.
            aegelhofer Andrew added a comment - We have another Brown Out approaching: https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

            People

              Unassigned Unassigned
              aegelhofer Andrew
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: