Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-76056

GitHub App inferring in Pipeline library doesn't work according to documentation

XMLWordPrintable

      Documentation regarding inferring in Pipeline libraries here states that:

      For now, in this case, you either need to use a less restrictive strategy for the GitHub App credential, such as "Infer owner and allow access to all owned repositories", or...

      This doesn't work. If I have a Multibranch pipeline which calls another Pipeline job which depends on Trusted Global library I get:

      09:17:33  Started by upstream project "guide-service/main" build number 1596
09:17:33  Checking out git https://github.com/myorg/mydeploys.git into /srv/jenkins/workspace/DevelopmentDeploy@script/21735168e0923bf41b8d5ae79df0c8ca6a2d640d517206b62f34254548f80006 to read Jenkinsfile-deploy-to-development-temp
09:17:33  The recommended git tool is: jgit
09:17:33  using credential github-jenkins-bot-app
09:17:33  Fetching changes from the remote Git repository
09:17:33   > JGit fetch # timeout=10
09:17:33  ERROR: Checkout failed
09:17:33  org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials$InferredAccessibleRepositoriesException: Cannot generate App Installation Token for app ID 789648 because the accessible repositories could not be inferred. This is due to the repository access configuration for the credentials with ID: github-jenkins-bot-app
09:17:33      at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getToken(GitHubAppCredentials.java:384)
09:17:33      at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getPassword(GitHubAppCredentials.java:421)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.SmartCredentialsProvider.get(SmartCredentialsProvider.java:169)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.PreemptiveAuthHttpClientConnection.getClient(PreemptiveAuthHttpClientConnection.java:191)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.PreemptiveAuthHttpClientConnection.execute(PreemptiveAuthHttpClientConnection.java:319)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.PreemptiveAuthHttpClientConnection.getResponseCode(PreemptiveAuthHttpClientConnection.java:290)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:232)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:663)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:465)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:153)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:105)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.Transport.fetch(Transport.java:1458)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:238)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.JGitAPIImpl$2.execute(JGitAPIImpl.java:840)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:997)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1240)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM._checkout(GitSCM.java:1311)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM.checkout(GitSCM.java:1278)
09:17:33      at PluginClassLoader for workflow-scm-step//org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:136)
09:17:33      at PluginClassLoader for workflow-cps//org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:161)
09:17:33      at PluginClassLoader for workflow-cps//org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:72)
09:17:33      at PluginClassLoader for workflow-job//org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:317)
09:17:33      at hudson.model.ResourceController.execute(ResourceController.java:101)
09:17:33      at hudson.model.Executor.run(Executor.java:460)
09:17:33  ERROR: Maximum checkout retry attempts reached, aborting
09:17:33  ERROR: Checkout failed

      Multibranch pipeline calls Pipeline job the following way:

            steps {
        build job: 'deployjob', 
          parameters: [
            string(name: 'project', value: 'myproject-testing'),
          ]
      }

      Pipeline job uses the library in a straight forward way:

      @Library('lib') _
pipeline {
.......

      Switching from "Infer owner and allow access to all owned repositories" strategy to "Specify accessible repositories" and leaving repository list empty works as a workaround.

       

       

            jpochat Jérôme Pochat
            vilius Vilius
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: