Support for Github App authentication

[jalaziz]

Feature Request

The Github Branch Source plugin recently added support for Github App authentication. Github App authentication is great because it solves a couple key problems with bot user auth:

• Github Apps don't take a user seat and therefore don't cost an org money
• Github Apps can have fine-grained permissions (they can manage webhooks without needing to be a full admin)
• Github Apps have higher rate limits than a typical user

While GHPRB technically works with the Github App authentication credentials provided by the Github Branch Source plugin, there are issues with token expiration. Github App tokens only last an hour and because GHPRB caches the Git client, we start to see auth failures after some time.

Looking at the Github Branch Source plugin, a way to work around this would be to upgrade to the latest Git API plugin and use the new AuthorizationProvider support.

Unfortunately, however, the Github App credentials and associated AuthorizationProvider are supplied by the Github Branch Source plugin and not the Git API plugin. This would likely mean depending on another plugin or adding support in such a way that the plugin is optional.

[BartoszStempien-TomTom]

Hi,

we can confirm the issue. Our solution was to use user's token, which is not great.
Any update on this?
Maybe we can fork the repo and work on this together? I am open to help :)

[lemeurherve]

@BartoszStempien-TomTom instead of forking it I would suggest you to adopt it, or ask to be added as maintainer on https://github.com/jenkins-infra/repository-permissions-updater 🙂

https://www.jenkins.io/doc/developer/plugin-governance/adopt-a-plugin/