Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Github App authentication #813

Open
jalaziz opened this issue Mar 25, 2021 · 2 comments
Open

Support for Github App authentication #813

jalaziz opened this issue Mar 25, 2021 · 2 comments

Comments

@jalaziz
Copy link

jalaziz commented Mar 25, 2021

Feature Request

The Github Branch Source plugin recently added support for Github App authentication. Github App authentication is great because it solves a couple key problems with bot user auth:

  • Github Apps don't take a user seat and therefore don't cost an org money
  • Github Apps can have fine-grained permissions (they can manage webhooks without needing to be a full admin)
  • Github Apps have higher rate limits than a typical user

While GHPRB technically works with the Github App authentication credentials provided by the Github Branch Source plugin, there are issues with token expiration. Github App tokens only last an hour and because GHPRB caches the Git client, we start to see auth failures after some time.

Looking at the Github Branch Source plugin, a way to work around this would be to upgrade to the latest Git API plugin and use the new AuthorizationProvider support.

Unfortunately, however, the Github App credentials and associated AuthorizationProvider are supplied by the Github Branch Source plugin and not the Git API plugin. This would likely mean depending on another plugin or adding support in such a way that the plugin is optional.

@BartoszStempien-TomTom
Copy link

Hi,

we can confirm the issue. Our solution was to use user's token, which is not great.
Any update on this?
Maybe we can fork the repo and work on this together? I am open to help :)

@lemeurherve
Copy link
Member

lemeurherve commented Nov 24, 2022

@BartoszStempien-TomTom instead of forking it I would suggest you to adopt it, or ask to be added as maintainer on https://github.com/jenkins-infra/repository-permissions-updater 🙂

https://www.jenkins.io/doc/developer/plugin-governance/adopt-a-plugin/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants