jenkinsci
[JENKINS-64307] Jenkins github-plugin null safe
running Jenkins PR coverage plugin and observing the log output below coming from github-plugin. Issue I am seeing is my Github PAT token is getting disabled. however this action output concerns me where github-plugin is executing a null safe and trying to create a new token. no idea why/how this is happening, but its taking down our entire PR/Gitflow.
root problem is github-pr-coverage-status plugin is failing with the below credential message. ref https://github.com/jenkinsci/github-pr-coverage-status-plugin
```
Nov 24, 2020 7:13:37 PM FINE org.jenkinsci.plugins.github.internal.GitHubLoginFunction applyNullSafe
Create new GH client with creds id JenkinsGithubToken
Nov 24, 2020 7:13:38 PM WARNING org.jenkinsci.plugins.github.internal.GitHubLoginFunction applyNullSafe
Failed to login with creds JenkinsGithubToken java.io.FileNotFoundException: https://github.
Versions:
Jenkins CentOS Docker 2.267
Github Plugin 1.32.0
Github-pr-coverage-status-plugin 2.1.1
github enterprise 2.22.3
Originally reported by 
burowt, imported from: Jenkins github-plugin null safe
- assignee:
lanwen
- status: Open
- priority: Major
- component(s): github-plugin
- label(s): plugin
- resolution: Unresolved
- votes: 0
- watchers: 1
- imported: 2025-12-08
Raw content of original issue
running Jenkins PR coverage plugin and observing the log output below coming from github-plugin. Issue I am seeing is my Github PAT token is getting disabled. however this action output concerns me where github-plugin is executing a null safe and trying to create a new token. no idea why/how this is happening, but its taking down our entire PR/Gitflow.
root problem is github-pr-coverage-status plugin is failing with the below credential message. ref https://github.com/jenkinsci/github-pr-coverage-status-plugin
``` Nov 24, 2020 7:13:37 PM FINE org.jenkinsci.plugins.github.internal.GitHubLoginFunction applyNullSafe Create new GH client with creds id JenkinsGithubToken Nov 24, 2020 7:13:38 PM WARNING org.jenkinsci.plugins.github.internal.GitHubLoginFunction applyNullSafe Failed to login with creds JenkinsGithubToken java.io.FileNotFoundException: https://github.<redacted>.com/api/v3/user at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$OkHttpURLConnection.getInputStream(ObsoleteUrlFactory.java:488) at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$DelegatingHttpsURLConnection.getInputStream(ObsoleteUrlFactory.java:1201) at org.kohsuke.github.GitHubHttpUrlConnectionClient$HttpURLConnectionResponseInfo.bodyStream(GitHubHttpUrlConnectionClient.java:197) at org.kohsuke.github.GitHubResponse$ResponseInfo.getBodyAsString(GitHubResponse.java:326) at org.kohsuke.github.GitHubResponse.parseBody(GitHubResponse.java:91) at org.kohsuke.github.GitHubClient.lambda$fetch$0(GitHubClient.java:145) at org.kohsuke.github.GitHubClient.createResponse(GitHubClient.java:461) at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:412)```
Versions:
Jenkins CentOS Docker 2.267
Github Plugin 1.32.0
Github-pr-coverage-status-plugin 2.1.1
github enterprise 2.22.3
- environment:
Production
burowt:
- Original comment link
Raw content of original comment:
Digging further - theres a third plugin involved here. github branch source plugin 2.9.1 - github Organization Folder - scan job for auto discovering PR builds. more log context
``` Nov 24, 2020 6:56:07 PM INFO org.jenkinsci.plugins.github.webhook.WebhookManager$1 run GitHub webhooks activated for job github.ContentHub.pr-builds/dm-s3-keygen-client-lib with [GitHubRepositoryName[host=github.<REDACTED>.com,username=ContentHub,repository=dm-s3-keygen-client-lib]] (events: [PULL_REQUEST, PUSH, ISSUE_COMMENT]) Nov 24, 2020 6:56:07 PM WARNING org.jenkinsci.plugins.github.internal.GitHubLoginFunction applyNullSafe Failed to login with creds JenkinsGithubToken java.io.FileNotFoundException: https://github.digitalglobe.com/api/v3/user at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$OkHttpURLConnection.getInputStream(ObsoleteUrlFactory.java:488) at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$DelegatingHttpsURLConnection.getInputStream(ObsoleteUrlFactory.java:1201) at org.kohsuke.github.GitHubHttpUrlConnectionClient$HttpURLConnectionResponseInfo.bodyStream(GitHubHttpUrlConnectionClient.java:197) at org.kohsuke.github.GitHubResponse$ResponseInfo.getBodyAsString(GitHubResponse.java:326) at org.kohsuke.github.GitHubResponse.parseBody(GitHubResponse.java:91) at org.kohsuke.github.GitHubClient.lambda$fetch$0(GitHubClient.java:145) at org.kohsuke.github.GitHubClient.createResponse(GitHubClient.java:461) at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:412)```
Owner = Contenthub which equals the Orgainzation name in Github
from the Plugin help description "Specify the name of the GitHub Organization or GitHub User Account."
in the log output Username = Contenthub - thats not correct. so i think the issue is in this config - if you are using an org level integration(not sure how) or User level Pat that matters, but not documented??
however I have a user and PAT defined in the field above Owner - so im confused here
Digging further - theres a third plugin involved here. github branch source plugin 2.9.1 - github Organization Folder - scan job for auto discovering PR builds. more log context
```
Nov 24, 2020 6:56:07 PM INFO org.jenkinsci.plugins.github.webhook.WebhookManager$1 run
GitHub webhooks activated for job github.ContentHub.pr-builds/dm-s3-keygen-client-lib with [GitHubRepositoryName[host=github.
Nov 24, 2020 6:56:07 PM WARNING org.jenkinsci.plugins.github.internal.GitHubLoginFunction applyNullSafe
Failed to login with creds JenkinsGithubToken java.io.FileNotFoundException: https://github.digitalglobe.com/api/v3/user at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$OkHttpURLConnection.getInputStream(ObsoleteUrlFactory.java:488) at org.kohsuke.github.extras.okhttp3.ObsoleteUrlFactory$DelegatingHttpsURLConnection.getInputStream(ObsoleteUrlFactory.java:1201) at org.kohsuke.github.GitHubHttpUrlConnectionClient$HttpURLConnectionResponseInfo.bodyStream(GitHubHttpUrlConnectionClient.java:197) at org.kohsuke.github.GitHubResponse$ResponseInfo.getBodyAsString(GitHubResponse.java:326) at org.kohsuke.github.GitHubResponse.parseBody(GitHubResponse.java:91) at org.kohsuke.github.GitHubClient.lambda$fetch$0(GitHubClient.java:145) at org.kohsuke.github.GitHubClient.createResponse(GitHubClient.java:461) at org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:412)```
Owner = Contenthub which equals the Orgainzation name in Github
from the Plugin help description
"Specify the name of the GitHub Organization or GitHub User Account."
in the log output Username = Contenthub - thats not correct. so i think the issue is in this config - if you are using an org level integration(not sure how) or User level Pat that matters, but not documented??
however I have a user and PAT defined in the field above Owner - so im confused here
burowt:
- Original comment link
Raw content of original comment:
I found the offending credential ID - no closer to knowing where it came from or why it was no where to be found in the console but it was located in the following file
github-plugin-configuration.xml: <credentialsId>JenkinsGithubToken</credentialsId>
I found the offending credential ID - no closer to knowing where it came from or why it was no where to be found in the console but it was located in the following file
github-plugin-configuration.xml:
burowt:
- Original comment link
Raw content of original comment:
ok narrowed this down even further -
under manage Jenkins - GitHub Server - Credentials -
the only credentials that are select able is "secret text" types - for gh authentication even with a PATs token a username is required. Plugin should be using Username/Password Credential ID types.
Of course tho - I am specifying specific credentials in both the PR plugin and the Organization Job, not sure why this whole process is defaulting back to the server credential for the github server config.
ok narrowed this down even further -
under manage Jenkins - GitHub Server - Credentials -
the only credentials that are select able is "secret text" types - for gh authentication even with a PATs token a username is required. Plugin should be using Username/Password Credential ID types.
Of course tho - I am specifying specific credentials in both the PR plugin and the Organization Job, not sure why this whole process is defaulting back to the server credential for the github server config.
burowt:
- Original comment link
Raw content of original comment:
So I think ive figured out what was going on -
There 3 plugins involved and the server was defaulting back to a base config that should not have been in play. That base config had an old token in it.
Github-plugin – base config (PAT Secret Text)
Github-branchsource-plugin – intermediat credential (Username/PAT secret TEXT)
Github-pr-coverage-plugin – dedicated credential (PAT secret text)
– but the problem ultimately cropped up in the PR plugin. Which should not have any relation to the base github-plugin credential.
in the end - im not sure if this is a bug - or just a set of disconnected plugin behaviors.
So I think ive figured out what was going on -
There 3 plugins involved and the server was defaulting back to a base config that should not have been in play. That base config had an old token in it.
Github-plugin – base config (PAT Secret Text)
Github-branchsource-plugin – intermediat credential (Username/PAT secret TEXT)
Github-pr-coverage-plugin – dedicated credential (PAT secret text)
– but the problem ultimately cropped up in the PR plugin. Which should not have any relation to the base github-plugin credential.
in the end - im not sure if this is a bug - or just a set of disconnected plugin behaviors.
burowt:
- Original comment link
Raw content of original comment:
and after all that - got rid of the one error - and the original error with the Pr plugin is back.
and after all that - got rid of the one error - and the original error with the Pr plugin is back.