Cannot find GH repo provider if correct credentials are not set as first "Server" in global config #198
Comments
|
Interesting... During configuration it tries to register hooks, that requires working connection. Search is accumulated in I think you have good idea to iterate over existing and that can limit security to only matching tokens. cc @atanasenko |
|
Wow, thanks for the quick reply. Let me know if you need any more logs, although you already seems to have found the problem. In our case we handle multiple projects and would like to have separate users handling these repositories. |
|
The problem that even if you have token you can't really check that it has right scopes or it not blocked by application approval :( Plus github-api doesn't expose headers hub4j/github-api#303 @stephenc so your ghsource is also affected and limited if you are really using it. |
|
One could check for repo.hasAdminAccess() and if it's there, but the actual action fails, then that token doesn't have correct scopes. |
|
Another option would be to let the user choose from those credentials in the job. Then the user has to make sure that he chooses one with the correct rights/permissions. |
|
@jpfeuffer both things could be tried |
|
Hmm unfortunately the same error appears (but with your changed message, so the update of the plugin definitely worked): When looking at the stack trace, could it be that the filtering has to happen earlier, somewhere here maybe? |
|
You are correct |
|
Hmm.. still does not work? Same exception. But it still works when a correct credential is first in the configuration. To narrow it down a bit, I get this Logger error: Seems like checking for admin rights of a specific user in a repo is really not so easy with the github API. Maybe hasAdminRights is for getting the default permissions of the repo? |
|
Does it have managehooks checkbox enabled? |
|
Yes the checkbox was enabled in both API credentials. |
|
Do you have manageHooks checkbox for all repos? |
|
Yes. We have one "hook managing" credential with admin access for each of the two projects hosted on GitHub. |
|
github-plugin wasn't designed to have multiple logins for one server cc @lanwen and plugin do 2 different calls to check whether gtihubserverconfiguration from global config allows to manage hooks. I will try one more thing and reply. |
|
I see, unfortunately that makes it hard when used with public repositories on the same official GitHub server (all specified with api.github.com). |
|
Needed to patch github-api lib to expose token scopes - github api itself provides enough information about each user rights. |
|
looks ugly, but better than nothing |
|
I also found that it possible report issue as Action that will be displayed on Job page, i can patch Trigger code, but hook registration goes to queue that has no item context and ability to catch and report it. |
|
Added reporting to UI + found bug with trigger mode check. |
|
From what i see repoprovider didn't work for PR trigger. @jpfeuffer could you try new build? |
|
Your new Warning UI element shows me this: |
wtf.... |
|
Will add more logging |
|
Added, please try now and post debug error. I guess hooks registration wouldn't work because it offloaded to github-plugin functionality |
|
Here it is: |
|
Seems like you know this error ;) Should I try clearing the cache like here? hub4j/github-api#265 |
|
please disable cache for now |
|
Well, jenkins and github-api stuck on ancient okhttp version. Reporting something to them makes no sense. |
|
Where exactly do I disable it? In the job config under your experimental setting or somewhere in the Jenkins config for the github-plugin? |
|
Global jenkins config. GithubServers, maybe in advanced. Set cache size to 0 (belong to github-plugin). |
|
It works! Testing actual execution now. |
|
perfect, merging and running release. Anything else could be tuned later. |
|
Yes, also the trigger works. Thanks a lot again. |
|
released, should be shortly available in jucies |
|
I set the cache size to 0 ... and I have a token with admin rights that works ... To prove it when I test it from github config page I get the message : Credentials verified for user xyzzy-jenkins, rate limit: 4783 However when I run my job :: java.lang.IllegalStateException: Can't find repo provider for default I'm running GitHub Pull Request Builder 1.36.2 |
|
@MichaelGreco did you find a solution to your issue above? I'm running into the same problem. And I've set the cache to 0. |
|
same. on GitHub plugin 1.29.2 |
|
I had this same issue just now, 1.42.0. Under "experimental" we had it set to ADMIN and I think the user that was attached to the token did have ADMIN at one point and then someone in the org took away admin for that account. I just changed it to PULL and it started working again. |
|
Same - 1.42.0 |
I could reproduce this behaviour multiple times now:
When you have multiple credentials listed under your global Jenkins settings for "GitHub Server",
the plugin seems to only try the first appearing one. This means if this first user does not have enough rights for all the projects/jobs managed with the plugin, the corresponding jobs fail during configuration time with the following log:
I can reproduce this by just switching places in the global settings, hitting apply, going back to the job and try to hit apply again.
The text was updated successfully, but these errors were encountered: