Add the ability to pass the credentialsId in the publishChecks step #103
Comments
|
@v1v, do you mean you'd register a GitHub App and add a GitHub App credential to Jenkins, but make the job in Jenkins use a different credential for accessing the repository? According to Getting started with the Checks API, "Write permission for the Checks API is only available to GitHub Apps", so I don't think GitHub would let the |
Exactly. Support an explicit GitHub App credentialsId in Jenkins for the step in addition to the existing functionality with the implicit credentials in the Job as it's is now |
|
Alternatively or additionally, a Perhaps a directive in |
|
A Here is a scenario that I could imagine: you have to use a non-GitHub-App credential when configuring the project (maybe due to some legacy problems), but you still want to publish checks for your builds. But I wonder why couldn't replace the old credentials with GitHub App credentials directly, shouldn't the GitHub App credentials contain the most permissions of a repo. Or the previous credentials is something not related to GitHub? Can you tell me more about your use case? |
|
Thanks for open discussion here, let me clarify the use case.
All the GitHub interactions have been delegated through a GitHub service account:
I could simply apply a GitHub APP credentials to all the MBPs with a JobDSL/JJB but I'd rather prefer to take this transition in small steps, for such, I'd like to move away from the https://plugins.jenkins.io/pipeline-githubnotify-step/ and use this plugin to notify the status with GitHub checks without a major change in the existing configuration. This will allow me to provide a nice user experience without any major changes and move slowly to a the ideal world for using the GitHub App credentials instead. |
|
You can still disable the build status notification with this plugin. What's the reason you don't want to change the pipeline auth to using the GitHub app? |
I could do it, but I'm not the system owner and I rather prefer to keep any changes easy to rollback in needed. Maybe I'm too thoughtful... In any case, thanks and please feel free to close this issue if this request was a corner case use case :) |
|
I have a use case for this feature. A repo with a submodule, defined as git@github.com:org/repo.git cannot use the github app credentials, as those require http protocol. Basically anything that requires using ssh will fail with github app creds. It would be helpful to specify separate credentials for the checks which use http and the repo and submodule clone which need ssh. I have tried messing with "insteadOf" in the .gitconfig to translate between protocols, but couldn't get it to work. |
Feature Request
Add the credentialsId argument to the
publishChecksstep (https://github.com/jenkinsci/checks-api-plugin#pipeline-usage). Then, it will be possible to use this feature explicitly in Jenkins jobs without changing the Job definition.Why
IIUC, the only way to use this particular step is only when the GitHub App has been enabled in the Job level since GitHub checks are enabled on a GH App but no service accounts.
Further details
https://plugins.jenkins.io/pipeline-githubnotify-step/ enables to set a credentialsId instead using the one in the Job definition.
The text was updated successfully, but these errors were encountered: