Comments (8)
XiongKezhi
commented on June 20, 2024
1
A credentialsId parameter can be added to the publishChecks step. However, I'm still confused why would you do that.
Here is a scenario that I could imagine: you have to use a non-GitHub-App credential when configuring the project (maybe due to some legacy problems), but you still want to publish checks for your builds.
But I wonder why couldn't replace the old credentials with GitHub App credentials directly, shouldn't the GitHub App credentials contain the most permissions of a repo. Or the previous credentials is something not related to GitHub? Can you tell me more about your use case?
from checks-api-plugin.
KalleOlaviNiemitalo
commented on June 20, 2024
@v1v, do you mean you'd register a GitHub App and add a GitHub App credential to Jenkins, but make the job in Jenkins use a different credential for accessing the repository? According to Getting started with the Checks API, "Write permission for the Checks API is only available to GitHub Apps", so I don't think GitHub would let the publishChecks step use the same credentials as with Pipeline GitHub Notify Step.
from checks-api-plugin.
v1v
commented on June 20, 2024
@v1v, do you mean you'd register a GitHub App and add a GitHub App credential to Jenkins, but make the job in Jenkins use a different credential for accessing the repository?
Exactly. Support an explicit GitHub App credentialsId in Jenkins for the step in addition to the existing functionality with the implicit credentials in the Job as it's is now
from checks-api-plugin.
KalleOlaviNiemitalo
commented on June 20, 2024
Alternatively or additionally, a credentialsId parameter could be added to withChecks. That would let steps like junit publish checks with a credential that is not defined in the job. Passing this information through would require changes in dependent plugins, but the API could be designed so as to allow more contextual information to be added in the future (#74 (comment)).
Perhaps a directive in options could work too, if you don't need multiple Checks API credentials during the same run and can hardcode the credential ID or choose it before any steps have run.
from checks-api-plugin.
v1v
commented on June 20, 2024
Thanks for open discussion here, let me clarify the use case.
- CI as a Service, everything related to the Jenkins CI (configuration, workers) is managed by an infra team.
- Jenkins Job creation with JobDSL/JJB is managed by the engineering team.
- Shared library to centralise common features between pipelines is managed by the engineering team.
- A few dozens of GitHub repositories aka, Multibranch Pipelines.
All the GitHub interactions have been delegated through a GitHub service account:
- Multibranch Pipeline configurations
- GitHub status checks with https://plugins.jenkins.io/pipeline-githubnotify-step/
- GitHub comments created with https://plugins.jenkins.io/pipeline-github/. It does not support GitHub APP credentials.
I could simply apply a GitHub APP credentials to all the MBPs with a JobDSL/JJB but I'd rather prefer to take this transition in small steps, for such, I'd like to move away from the https://plugins.jenkins.io/pipeline-githubnotify-step/ and use this plugin to notify the status with GitHub checks without a major change in the existing configuration.
This will allow me to provide a nice user experience without any major changes and move slowly to a the ideal world for using the GitHub App credentials instead.
from checks-api-plugin.
timja
commented on June 20, 2024
You can still disable the build status notification with this plugin.
What's the reason you don't want to change the pipeline auth to using the GitHub app?
What major changes do you forsee?
from checks-api-plugin.
v1v
commented on June 20, 2024
What's the reason you don't want to change the pipeline auth to using the GitHub app?
I could do it, but I'm not the system owner and I rather prefer to keep any changes easy to rollback in needed. Maybe I'm too thoughtful...
In any case, thanks and please feel free to close this issue if this request was a corner case use case :)
from checks-api-plugin.
chris-kiick-sp
commented on June 20, 2024
I have a use case for this feature. A repo with a submodule, defined as [email protected]:org/repo.git cannot use the github app credentials, as those require http protocol. Basically anything that requires using ssh will fail with github app creds. It would be helpful to specify separate credentials for the checks which use http and the repo and submodule clone which need ssh.
I have tried messing with "insteadOf" in the .gitconfig to translate between protocols, but couldn't get it to work.
from checks-api-plugin.
Related Issues (20)
- Primary error message is not shown in error header, instead says `error in 'error' step` HOT 5
- Do not report handled exceptions HOT 3
- Build log Output truncated. - print tail of log instead of head HOT 2
- Allow using specific credentials for Checks HOT 5
- How do I create a custom rerun check in Pipeline HOT 1
- 1.7.5: download plugin checks-api to file: status code: 403, reason phrase: Forbidden HOT 2
- Phantom release 1.7.5 of checks-api HOT 1
- Possibility Of Specifying Credentials HOT 3
- Fix flaky test `BuildStatusChecksPublisherITest.shouldPublishStageDetails`
- [Question] Hanging checks with "withChecks()" HOT 5
- Include optional checks publisher to warnError HOT 1
- [doc] How to get started? HOT 5
- How to publish checks from sub-jobs HOT 1
- Dependency Dashboard
- Tests fail on Java 21 with Mockito errors HOT 2
- Setting Status checks name does not change it from the default Jenkins HOT 4
- Dependencies of flattened POM of latest release do not match `MANIFEST.MF`
- Return information about the check
- checks not working for Bitbucket scm HOT 1
- Steps with labels are not logged as errors HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from checks-api-plugin.