GitHub App installations on jenkinsci

[Ullrich Hafner]

I'm currently using Codacy (https://www.codacy.com/) to validate PRs on my Jenkins repositories to check for CheckStyle and PMD warnings. Up to now I can activate this app on a per repository basis. 

But they now switch the integration and are now available as a GitHub App. So when I want to enable the App for my repository I get the following dialog:

In this dialog I cannot enable the access for an individual repository, I just can create a `request`. Is someone of our GitHub admins receiving such requests? Or where are these requests routed to?

I also wanted to enable the Settings App (https://probot.github.io/apps/settings/) to set the labels of all of my repositories to the same set of labels. Here I have the same problem: I can activate them for my repositories in my account (i.e. uhafner/*) but not for a repository in jenkinsci. 

Is it possible to grant individual users a permission to enable apps in their repositories? Or is this something that needs to be done for the whole org?

[Oleg Nenashev]

Hi Ulli,

Is it possible to grant individual users a permission to enable apps in their repositories? Or is this something that needs to be done for the whole org?

Once an app is approved for an organization, any plugin maintainer with Admin permissions will be able to add their plugin repositories to an App This is how we manage the most of the apps  nowadays, including Dependabot or Release Drafter.

Any new GitHub App requires review, because they tend to require a lot of permissions nowadays. E.g. Here is what Codacy asks for.

• No access to code
• Read access to members and metadata
• Read and write access to checks, commit statuses, issues, organization hooks, pull requests, and repository hooks

If there is no concerns, I can review the app in the next few days

Is someone of our GitHub admins receiving such requests? Or where are these requests routed to?

Yes, GitHub org admins receive and process such requests.

You can create an INFRA ticket as an alternate way.

Hopefully it helps,

Oleg

[Ullrich Hafner]

Thanks for clarifying!

-- 
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/87de0d08-1845-4782-ac37-c6a3a97d23e6%40googlegroups.com.

[Ullrich Hafner]

Since this is an opt-in for all Jenkins projects maybe it is not so problematic to install it. Then team admins can use it if they like. I use it for almost two years now without any problems. (I think we can remove it later on, if our GitHubs checks integration is available…).

Am 23.03.2020 um 01:27 schrieb Oleg Nenashev <o.v.ne...@gmail.com>:

[Oleg Nenashev]

I am +1 for installation.

The only concern are the org-level hooks, but I think we can live with that in jenkinsci where we have no private repos

On Wednesday, April 1, 2020 at 4:29:18 PM UTC+2, Ullrich Hafner wrote:

Since this is an opt-in for all Jenkins projects maybe it is not so problematic to install it. Then team admins can use it if they like. I use it for almost two years now without any problems. (I think we can remove it later on, if our GitHubs checks integration is available…).

Am 23.03.2020 um 01:27 schrieb Oleg Nenashev <o.v.n...@gmail.com>:

Hi Ulli,

Is it possible to grant individual users a permission to enable apps in their repositories? Or is this something that needs to be done for the whole org?

Once an app is approved for an organization, any plugin maintainer with Admin permissions will be able to add their plugin repositories to an App This is how we manage the most of the apps  nowadays, including Dependabot or Release Drafter.

Any new GitHub App requires review, because they tend to require a lot of permissions nowadays. E.g. Here is what Codacy asks for.

• No access to code
• Read access to members and metadata
• Read and write access to checks, commit statuses, issues, organization hooks, pull requests, and repository hooks

If there is no concerns, I can review the app in the next few days

Is someone of our GitHub admins receiving such requests? Or where are these requests routed to?

Yes, GitHub org admins receive and process such requests.

You can create an INFRA ticket as an alternate way.

Hopefully it helps,

Oleg

 

On Sunday, March 22, 2020 at 4:01:09 PM UTC+1, Ullrich Hafner wrote:

I'm currently using Codacy (https://www.codacy.com/) to validate PRs on my Jenkins repositories to check for CheckStyle and PMD warnings. Up to now I can activate this app on a per repository basis. 

But they now switch the integration and are now available as a GitHub App. So when I want to enable the App for my repository I get the following dialog:

In this dialog I cannot enable the access for an individual repository, I just can create a `request`. Is someone of our GitHub admins receiving such requests? Or where are these requests routed to?

I also wanted to enable the Settings App (https://probot.github.io/apps/settings/) to set the labels of all of my repositories to the same set of labels. Here I have the same problem: I can activate them for my repositories in my account (i.e. uhafner/*) but not for a repository in jenkinsci. 

Is it possible to grant individual users a permission to enable apps in their repositories? Or is this something that needs to be done for the whole org?

-- 
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to jenkin...@googlegroups.com.

[Mark Waite]

I am +1 as well

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/9003efc9-6891-4fb5-b552-27beeb1baae4%40googlegroups.com.

[Ullrich Hafner]

I there something I can help with? 

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtEcx_JY60SLVpLxBRZS6oaNVo66NrS0RrTs6Su_QTEvZg%40mail.gmail.com.

[Sladyn Nunes]

I wanted to explore using Codacy in my project as well, it really helps with analysis. Any specific reason why is this stalled ? 

[Oleg Nenashev]

No specific reason except everyone being busy with other stuff.

Since nobody voted against, I enabled it in the jenkinsci GitHub organization and added Custom Jenkins Distribution build service to the repo.

Also invited Ulli to the jenkinsci org on Codacy so that I could share permissions there.

Best regards,

Oleg

On Mon, Jun 1, 2020 at 9:04 PM Sladyn Nunes <sladyn...@gmail.com> wrote:

I wanted to explore using Codacy in my project as well, it really helps with analysis. Any specific reason why is this stalled ? 

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/HM6s8KwNTlw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/e1842d07-fec4-4c43-9203-ddf7b36c67c8%40googlegroups.com.

[Ullrich Hafner]

Thanks Oleg. I joined the organization in Codacy now and can add repositories if someone requests it. 

You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLD0rSaEcmKLH%3D1F2uKfGSQOeJw9q48g953kBcXWw6fjng%40mail.gmail.com.

[Ullrich Hafner]

Seems that I do not have the permissions yet, where did you invite me? In GitHub? 

Am 01.06.2020 um 22:21 schrieb Oleg Nenashev <o.v.ne...@gmail.com>:

You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLD0rSaEcmKLH%3D1F2uKfGSQOeJw9q48g953kBcXWw6fjng%40mail.gmail.com.

[Oleg Nenashev]

I added you and right now you have only author permissions. I checked in the we UI, and it looks like there is no way to add more admins in Codacy with a Free plan. I dive deeper once I have some time (on Friday or next week)

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/4B837C00-B500-459E-899A-304ED2E3B8EE%40gmail.com.

[Ullrich Hafner]

Ok, thanks! I also have an ongoing chat with the Codacy team, let’s see what they can offer here… Using Codacy as an App seems to reduce the comfort rather then improving it :-(

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPfivLBxta7wF8-mwxRUeEWnTsXzh%2Bi3%2B3sfp6seY2Xaf3MCdg%40mail.gmail.com.

[Ullrich Hafner]

It took some discussions with the Codacy team but now I understand why it is not working:

In order to let plugins authors decide to use Codacy, the author needs to have the Administer role for a repository but they currently only have the role Maintainer. 

 

So maybe it makes sense to wait for our GitHub Checks integration :-) Then there is no need for Codacy anymore... 

[Tim Jacomb]

The plugin author should have the administer role though?

The maintainer role lets you do very little, what repos do people have access to but they only have maintainer on?

Thanks

Tim

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/9777A3DB-299B-42A9-A896-41DF7E0A3085%40gmail.com.

[Jesse Glick]

On Wed, Jun 10, 2020 at 8:54 AM Tim Jacomb <timja...@gmail.com> wrote:
> The plugin author should have the administer role though?

Sometimes, sometimes not. In general you need to request administer
role via `INFRA` ticket. (I am still waiting on at least one, though
with Artifactory uploads blocked anyway I guess there is no rush.)

[Tim Jacomb]

That can be fixed via IRC bot, just ping in #jenkins-infra or reply here or what’s the ticket?

Administer comes by default and only historical teams / people manually added to the repo won’t have it

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2zbgSsUZmrKvJXBBNsRkLrU%2BtDFtzvvfDshiYZixd%2Bsw%40mail.gmail.com.

[Ullrich Hafner]

You are right Tim. When I look at the manage access page of my plugin I get

So I do have admin rights. Sorry for the confusion. (In the details page I am listed as Maintainer only but this seems to be something differently)

The actual problem seems to be that one needs organization admin rights to control which apps can be installed in an organization in a repository. 

I found a HOWTO: https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/adding-github-app-managers-in-your-organization

So it is possible to give someone the rights to handle the installation of Apps for an organization. 

I tried that in my organization, however I did not manage it to give specific permissions just for one app. Seems that I only can give someone the whole permission for all Apps but not just for a single app.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BidOWnjksEM_9Bxo62vXPvh%3D%2Bok39ckxpR81WtrAfkPisg%40mail.gmail.com.