6

I'd like to set up a Jenkins to build GitHub projects for a group of people working on different projects in a way that the projects' visibility in Jenkins follows the authorization in GitHub.

I did this before (successfully) using GitHub Auth Plugin and the Committer Strategy, but fail to reproduce the configuration.

What I reached so far:

  1. I am running jenkins/jenkins:jdk11 in docker.
  2. I successfully configured GitHub Authentication, that is users are authenticated via OAuth (currently with scopes "repo, read:org, read:user"), so their github name is displayed as username.

I added some github projects, and the "GitHub Committer Strategy" helped me to configure the visibility last time, but now I run into a problem I don't really understand.

If I leave the configuration of the GitHub Committer Strategy blank (except for a admin user), authenticated users can't see anything. There's a message "Access denied, XXX is missing the Overall/Read permission" (translated).

Options of GitHub Committer Strategy

Error for every authenticated user when leaving the options blank

I still get this error when I check "Use GitHub Repository Permissions". When I add "Grant READ permissions to all Authenticated Users", users can see each other's projects.

I don't even understand how it's supposed to work. How can I configure the plugin such that every authenticated user gets an overview of all his projects?

I am using Jenkins 2.223 and GitHub Authentiction Plugin 0.33.

Bastian J
  • 342
  • 2
  • 8

1 Answers1

6

Jenkins GitHub OAuth Plugin (GitHub Authentication plugin)

Why: Use GitHub user credentials to administer Jenkins instance, using GitHub OAuth Application.

Plug-in details: https://plugins.jenkins.io/github-oauth

Configuration (Github): Step1: https://github.com → Settings → Developer Settings → New OAuth Apps → New OAuth App.

enter image description here

  • Application Name: Jenkins
  • HomePageURL: Your Jenkins landing page URL, for me it is https://jenkis..ninja
  • Application Description: Whatever you like
  • Authorization callback: /securityRealm/finishLogin please make sure your spellings are correct

Add your application

enter image description here

Step 2: Configuration (Jenkins)

enter image description here

  • Enable security checkbox
  • Access Control checkbox
  • Github Authentication plugin
  • Github Web URI: https://github.com or your own Github server instance
  • Client Id: which will you get from Github
  • Client Secret: Secret key that you will get from GitHub while Adding Jenkins as application
  • OAuth Scope(s): read:org,user:email,repo

Then Authorization:

  • Matrix-based Security: checkbox check as checked-in screenshot

For more details please read https://plugins.jenkins.io/github-oauth/

mirekphd
  • 4,799
  • 3
  • 38
  • 59
Dupinder Singh
  • 7,175
  • 6
  • 37
  • 61
  • Do you have any idea how to set up "github committer strategy" because that does not work. – Yamuk May 25 '20 at 16:55
  • @YamaçKurtuluş That's precisely my problem. I configured the github committer strategy a year ago, but can't make it work again. – Bastian J Jun 02 '20 at 20:03
  • So is my problem. That was why I opened a bounty on your question. And this does not solve the problem. It baffles me why people are upvoting this answer. – Yamuk Jun 03 '20 at 15:52
  • @YamaçKurtuluş buddy if no one is able to understand your question, then this is the time to repharase the question. I think we need to see this question with a different angle – Dupinder Singh Jun 03 '20 at 16:09
  • Please don't give admin rights to all Jenkins users (Github project contributors/collaborators). Configuring unpriviledged but still functional accounts using Jenkins matrix is a pain, but doable. – mirekphd Apr 17 '21 at 08:20