Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-76235

500 error when saving organization folder with GitHub App credentials using an inaccessible Owner

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • github-branch-source-plugin
    • None
    • 1834.v857721ea_74c6
      1871.v50ffb_786515e
    • 1911.vc09e01781005

      Users encounter a 500 when attempting to save an organization folder if the used GitHub App credentials owner its not allowed.

       

      This is not a regression about the recent changes on Apps Credentials permissions, the same issue appears (with different, but equivalent exceptions) using a previous version 1834.v857721ea_74c6

      Steps to Reproduce

      1. Configure a GitHub App credential in Jenkins
      2. Create an organization folder using those credentials
      3. Set an ''Specify specific repositories'' and set an invalid owner in the GitHub Credentials
        1. invalid -> the org or user doesn't have the App installed
      4. Navigate to the folder configuration (credentials cannot be validated)
      5. Make any change or simply save

      Expected Results

      The organization folder configuration should save successfully, even if the webhook registration fails due to inaccessible credentials.

       

      Root Cause

      The `afterSave` method attempts to register webhooks as a post-save operation. When credentials cannot be accessed, throws an IllegalArgumentException not an IOException.

      java.lang.IllegalArgumentException: Found multiple installations for GitHub app ID XXX but none match credential owner "bad-owner". Configure the repository access strategy for the credential to use one of these owners: apuig-corp	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.generateAppInstallationToken(GitHubAppCredentials.java:321)	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getToken(GitHubAppCredentials.java:393)	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials$CredentialsTokenProvider.getEncodedAuthorization(GitHubAppCredentials.java:265)	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.prepareConnectorRequest(GitHubClient.java:616)	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:455)	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.fetch(GitHubClient.java:159)	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.checkApiUrlValidity(GitHubClient.java:390)	at PluginClassLoader for github-api//org.kohsuke.github.GitHub.checkApiUrlValidity(GitHub.java:1310)	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.ApiRateLimitChecker.verifyConnection(ApiRateLimitChecker.java:192)	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.Connector$GitHubConnection.verifyConnection(Connector.java:738)	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.Connector.connect(Connector.java:435)	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator.afterSave(GitHubSCMNavigator.java:1693)	at PluginClassLoader for branch-api//jenkins.branch.OrganizationFolder.submit(OrganizationFolder.java:390)	at PluginClassLoader for cloudbees-folder//com.cloudbees.hudson.plugins.folder.AbstractFolder.doConfigSubmit(AbstractFolder.java:1154)	at 

       

        1. Screencast from 2025-10-24 10-29-50.webm
          2.57 MB

            apuig Albert
            apuig Albert
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: