GitHub App inferring in Pipeline library doesn't work according to documentation

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      Documentation regarding inferring in Pipeline libraries here states that:

      For now, in this case, you either need to use a less restrictive strategy for the GitHub App credential, such as "Infer owner and allow access to all owned repositories", or...

      This doesn't work. If I have a Multibranch pipeline which calls another Pipeline job which depends on Trusted Global library I get:

      09:17:33  Started by upstream project "guide-service/main" build number 1596
09:17:33  Checking out git https://github.com/myorg/mydeploys.git into /srv/jenkins/workspace/DevelopmentDeploy@script/21735168e0923bf41b8d5ae79df0c8ca6a2d640d517206b62f34254548f80006 to read Jenkinsfile-deploy-to-development-temp
09:17:33  The recommended git tool is: jgit
09:17:33  using credential github-jenkins-bot-app
09:17:33  Fetching changes from the remote Git repository
09:17:33   > JGit fetch # timeout=10
09:17:33  ERROR: Checkout failed
09:17:33  org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials$InferredAccessibleRepositoriesException: Cannot generate App Installation Token for app ID 789648 because the accessible repositories could not be inferred. This is due to the repository access configuration for the credentials with ID: github-jenkins-bot-app
09:17:33      at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getToken(GitHubAppCredentials.java:384)
09:17:33      at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getPassword(GitHubAppCredentials.java:421)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.SmartCredentialsProvider.get(SmartCredentialsProvider.java:169)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.PreemptiveAuthHttpClientConnection.getClient(PreemptiveAuthHttpClientConnection.java:191)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.PreemptiveAuthHttpClientConnection.execute(PreemptiveAuthHttpClientConnection.java:319)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.jgit.PreemptiveAuthHttpClientConnection.getResponseCode(PreemptiveAuthHttpClientConnection.java:290)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:232)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:663)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.TransportHttp.openFetch(TransportHttp.java:465)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:153)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:105)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.transport.Transport.fetch(Transport.java:1458)
09:17:33      at PluginClassLoader for git-client//org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:238)
09:17:33      at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.JGitAPIImpl$2.execute(JGitAPIImpl.java:840)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:997)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1240)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM._checkout(GitSCM.java:1311)
09:17:33      at PluginClassLoader for git//hudson.plugins.git.GitSCM.checkout(GitSCM.java:1278)
09:17:33      at PluginClassLoader for workflow-scm-step//org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:136)
09:17:33      at PluginClassLoader for workflow-cps//org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:161)
09:17:33      at PluginClassLoader for workflow-cps//org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:72)
09:17:33      at PluginClassLoader for workflow-job//org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:317)
09:17:33      at hudson.model.ResourceController.execute(ResourceController.java:101)
09:17:33      at hudson.model.Executor.run(Executor.java:460)
09:17:33  ERROR: Maximum checkout retry attempts reached, aborting
09:17:33  ERROR: Checkout failed

      Multibranch pipeline calls Pipeline job the following way:

            steps {
        build job: 'deployjob', 
          parameters: [
            string(name: 'project', value: 'myproject-testing'),
          ]
      }

      Pipeline job uses the library in a straight forward way:

      @Library('lib') _
pipeline {
.......

      Switching from "Infer owner and allow access to all owned repositories" strategy to "Specify accessible repositories" and leaving repository list empty works as a workaround.

       

       

            Assignee:
            Jérôme Pochat
            Reporter:
            Vilius
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: