github-checks-plugin icon indicating copy to clipboard operation
github-checks-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Couldn't authenticate with GitHub App for Checks without owner defined (single org)

Open greg-swift-yohana opened this issue 1 year ago • 6 comments

Jenkins and plugins versions report

Environment 
Jenkins: 2.414.2
OS: Linux - 5.10.184-175.731.amzn2.x86_64
Java: 11.0.20.1 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ace-editor:1.1
analysis-model-api:11.8.0
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
authentication-tokens:1.53.v1c90fd9191a_b_
autograding:3.3.1
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.2-1
bouncycastle-api:2.29
branch-api:2.1128.v717130d4f816
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.2
cloudbees-bitbucket-branch-source:848.v42c6a_317eda_e
cloudbees-folder:6.848.ve3b_fd7839a_81
code-coverage-api:4.7.0
command-launcher:100.v2f6722292ee8
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-78.v3e7b_ea_d5a_fe1
config-file-provider:959.vcff671a_4518b_
configuration-as-code:1714.v09593e830cfa
credentials:1290.v2e5b_13eb_b_127
credentials-binding:636.v55f1275c7b_27
dark-theme:336.v02165cd8c2ee
data-tables-api:1.13.6-4
disable-github-multibranch-status:1.2
display-url-api:2.200.vb_9327d658781
dtkit-api:3.0.2
durable-task:523.va_a_22cf15d5e0
echarts-api:5.4.0-6
extended-read-permission:53.v6499940139e5
font-awesome-api:6.4.2-1
forensics-api:2.3.0
git:5.2.0
git-client:4.5.0
git-server:99.va_0826a_b_cdfa_d
github:1.37.3
github-api:1.316-451.v15738eef3414
github-branch-source:1741.va_3028eb_9fd21
github-checks:554.vb_ee03a_000f65
gradle:2.8.2
gravatar:2.2
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
hashicorp-vault-pipeline:1.4
hashicorp-vault-plugin:361.v44fea_4fc08d9
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jersey2-api:2.40-1
jfrog:1.5.0
jira:3.11
jjwt-api:0.11.5-77.v646c772fddb_0
job-import-plugin:3.6
jquery-detached:1.2.1
jquery3-api:3.7.1-1
jsch:0.2.8-65.v052c39de79b_2
junit:1240.vf9529b_881428
kubernetes:4029.v5712230ccb_f8
kubernetes-client-api:6.8.1-224.vd388fca_4db_3b_
kubernetes-credentials:0.11
kubernetes-credentials-provider:1.234.vf3013b_35f5b_a
mailer:463.vedf8358e006b_
matrix-project:808.v5a_b_5f56d6966
metrics:4.2.18-442.v02e107157925
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
newrelic-deployment-notifier:1.11
oidc-provider:47.v182a_02f5b_771
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
pipeline-build-step:505.v5f0844d8d126
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-graph-view:201.vf8943f17f402
pipeline-groovy-lib:689.veec561a_dee13
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-multibranch-defaults:2.1
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pitmutation:1.0-18
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.4.0
popper-api:1.16.1-3
prism-api:1.29.0-8
saml:4.429.v9a_781a_61f1da_
scm-api:676.v886669a_199a_a_
script-security:1275.v23895f409fb_d
slack:684.v833089650554
snakeyaml-api:2.2-111.vc6598e30cc65
ssh-agent:333.v878b_53c89511
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
sshd:3.242.va_db_9da_b_26a_c3
structs:325.vcb_307d2a_2782
theme-manager:211.vef2a_42c645a_b_
token-macro:384.vf35b_f26814ec
trilead-api:2.84.v72119de229b_7
variant:60.v7290fc0eb_b_cd
warnings-ng:10.4.0
workflow-aggregator:596.v8c21c963d92d
workflow-api:1283.v99c10937efcb_
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3793.v65dec41c3a_c3
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1289.v4d3e7b_01546b_
workflow-job:1348.v32a_a_f150910e
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:865.v43e78cc44e0d
xunit:3.1.3

What Operating System are you using (both controller, and any agents involved in the problem)?

based on docker.io/jenkins/jenkins:2.414.2-lts-jdk17

Reproduction steps

This is a very fresh setup

  1. Configure GitHub App
  2. Add GitHub Organization Folder
  3. Run the Organization scan
  4. Run build now (or have it auto-kick off, whatever.. just make a job run 😁 )

Expected Results

Was expecting this output:

[GitHub Checks] GitHub check (name: Jenkins, status: in_progress) has been published.
[Pipeline] Start of Pipeline
[Pipeline] End of Pipeline
[GitHub Checks] GitHub check (name: Jenkins, status: completed) has been published.

Actual Results

Got this output

[GitHub Checks] Failed Publishing GitHub checks: org.kohsuke.github.HttpException: {"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/checks/runs#create-a-check-run"}
[Pipeline] Start of Pipeline
[Pipeline] End of Pipeline
[GitHub Checks] Failed Publishing GitHub checks: org.kohsuke.github.HttpException: {"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/checks/runs#create-a-check-run"}

Anything else?

Did a bit of digging around and the only instance i found of similar to this error was JENKINS-65007, which is a dupe of JENKINS-65006.

Seems that when supporting multiple organizations became a thing for a GitHub app that the owner field may now be required?

I do not have my GitHub App installed in more than 1 organization, but I resolved the issue (see the expected results) by setting the owner on the credential.

greg-swift-yohana avatar Oct 12 '23 22:10 greg-swift-yohana

How did you configure the organisation folder? Did you use the GitHub SCM auth or maybe Git auth? I suspect git auth.

It's definitely not required to set that field.

timja avatar Oct 13 '23 08:10 timja

image

greg-swift-yohana avatar Oct 13 '23 14:10 greg-swift-yohana

I've just checked our instance and we don't set the owner:

image

all our plugins are latest and we're jenkins 2.427

Your config looks right

timja avatar Oct 13 '23 14:10 timja

Okay so here is what I found this morning:

1: no owner set on in Org Folder and Credential:

  • Works for Checks and builds
  • Errors on Organization Scan

2: Owner set in Org Folder but not on Credential: Org folder works, but checks won't publish (this ticket) 3: Owner set in Credential but not in Org folder: Works - but shows errors in the config (see new image) image 4: Owner set in both Org Folder and Credential: everything is working edit 1: updated results for scenario 1 edit 2: Forgot scenario 4

greg-swift-yohana avatar Oct 13 '23 14:10 greg-swift-yohana

And yeah, that last scenario is not a github-checks-plugin issue.

greg-swift-yohana avatar Oct 13 '23 14:10 greg-swift-yohana

Took awhile for me to get a chance to test this.

  1. Not surprised but I would say that's invalid config.
  2. I can't reproduce this.
  3. I would say invalid config, you need to set the owner in the folder

On 2. is your app definitely and has the required permissions?

This: https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc

and adding the checks permission as well.

timja avatar Dec 10 '23 17:12 timja