[JIRA] (JENKINS-60901) GitHub manages hooks even when it has not been configured to do it

4 views
Skip to first unread message

adam.gabrys@live.com (JIRA)

unread,
Jan 29, 2020, 6:55:02 AM1/29/20
to jenkinsc...@googlegroups.com
Adam Gabryś created an issue
 
Jenkins / Bug JENKINS-60901
GitHub manages hooks even when it has not been configured to do it
Issue Type: Bug Bug
Assignee: Kirill Merkushev
Attachments: github-servers.png, scm-configuration.png
Components: github-plugin
Created: 2020-01-29 11:54
Priority: Major Major
Reporter: Adam Gabryś

Jenkins GitHub plugin requires a user with administration access to manage hooks:

"There is no credentials with admin access to manage hooks on GitHubRepositoryName[host=example.org,username=username,repository=repository]"

Such approach does not match our security guidelines, so we manage all hooks manually (from GitHub UI). Unfortunately, Jenkins still tries to manage webhooks even when we didn't ask to do it. Our servers list is empty:

I searched for any option which will allow disable this behavior but I didn't find anything. This is the configuration of SCM for our projects:

I believe it is a bug because Jenkins shouldn't do stuff, when we don't configure it. If this behavior is expected, then this ticket should be changed to a feature:

Allow disabling managing webhooks when no GitHub server is configured
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

jimklimov@gmail.com (JIRA)

unread,
Feb 28, 2020, 10:58:03 AM2/28/20
to jenkinsc...@googlegroups.com
Jim Klimov commented on Bug JENKINS-60901
 
Re: GitHub manages hooks even when it has not been configured to do it

This annoys me too, so finally got to try making a fix:

In our use-case, there are a lot of stack traces (probably the majority of what the jenkins instance logs) while there is no credential set up AND the "Manage hooks" is unchecked. So it is supposed to not try managing, somewhat intentionally (our Jenkins is inside corporate perimeter, Github can't access it anyway).

Note that according to help message for the "Manage Hooks" checkbox, there may be other places in code where it would check for credentials:

> Will this configuration be used to manage credentials for repositories where it
> has admin rights? If unchecked, this credentials still can be used to
> manipulate commit statuses, but will be ignored to manage hooks.

But the noisy (and in our case pointless) error message is only associated with register/unregister activity.
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

jimklimov@gmail.com (JIRA)

unread,
Feb 28, 2020, 10:58:04 AM2/28/20
to jenkinsc...@googlegroups.com
Jim Klimov edited a comment on Bug JENKINS-60901
This annoys me too, so finally got to try making a fix:

In our use-case, there are a lot of stack traces (probably the majority of what the jenkins instance logs) while there is no credential set up AND the "Manage hooks" is unchecked. So it is supposed to not try managing, somewhat intentionally (our Jenkins is inside corporate perimeter, Github can't access it anyway).

Note that according to help message for the "Manage Hooks" checkbox, there may be other places in code where it would check for credentials:

> Will this configuration be used to manage credentials for repositories where it
> has admin rights? If unchecked, this credentials still can be used to
> manipulate commit statuses, but will be ignored to manage hooks.

But the noisy (and in our case pointless) error message is only associated with register/unregister activity.
Reply all
Reply to author
Forward
0 new messages