Reputation: 372
Configuring Jenkins with GitHub (Authorization)
I'd like to set up a Jenkins to build GitHub projects for a group of people working on different projects in a way that the projects' visibility in Jenkins follows the authorization in GitHub.
I did this before (successfully) using GitHub Auth Plugin and the Committer Strategy, but fail to reproduce the configuration.
What I reached so far:
- I am running jenkins/jenkins:jdk11 in docker.
- I successfully configured GitHub Authentication, that is users are authenticated via OAuth (currently with scopes "repo, read:org, read:user"), so their github name is displayed as username.
I added some github projects, and the "GitHub Committer Strategy" helped me to configure the visibility last time, but now I run into a problem I don't really understand.
If I leave the configuration of the GitHub Committer Strategy blank (except for a admin user), authenticated users can't see anything. There's a message "Access denied, XXX is missing the Overall/Read permission" (translated).
I still get this error when I check "Use GitHub Repository Permissions". When I add "Grant READ permissions to all Authenticated Users", users can see each other's projects.
I don't even understand how it's supposed to work. How can I configure the plugin such that every authenticated user gets an overview of all his projects?
I am using Jenkins 2.223 and GitHub Authentiction Plugin 0.33.
Upvotes: 8
Views: 13167
Answers (1)
Reputation: 7759
Jenkins GitHub OAuth Plugin (GitHub Authentication plugin)
Why: Use GitHub user credentials to administer Jenkins instance, using GitHub OAuth Application.
Plug-in details: https://plugins.jenkins.io/github-oauth
Configuration (Github): Step1: https://github.com → Settings → Developer Settings → New OAuth Apps → New OAuth App.
- Application Name: Jenkins
- HomePageURL: Your Jenkins landing page URL, for me it is https://jenkis..ninja
- Application Description: Whatever you like
- Authorization callback:
<JENKINS_URL>:<JENKINS_PORT>/securityRealm/finishLoginplease make sure your spellings are correct
Add your application
Step 2: Configuration (Jenkins)
- Enable security checkbox
- Access Control checkbox
- Github Authentication plugin
- Github Web URI: https://github.com or your own Github server instance
- Client Id: which will you get from Github
- Client Secret: Secret key that you will get from GitHub while Adding Jenkins as application
- OAuth Scope(s): read:org,user:email,repo
Then Authorization:
- Matrix-based Security: checkbox check as checked-in screenshot
For more details please read https://plugins.jenkins.io/github-oauth/
Upvotes: 9
Related Questions
- How to use Github Personal Access Token in Jenkins
- 'User is missing the Overall/Read permission' error with Jenkins GitHub OAuth Plugin
- Authentication failed for 'github.com/....' jenkins
- How to use github oAuth token with Git plug-in Jenkins
- how do you access a jenkins api which uses Github OAuth using CURL
- Users from GitHub OATH can't open jenkins job (error 404)
- Jenkins configuration and security issues
- How to use Github oAuth in jenkins 2.7.3+
- How to add credential when configuring github server on Jenkins
- Authentication with Jenkins and Git