infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zoran Regvart (JIRA)" <j...@apache.org>
Subject [jira] [Created] (INFRA-17449) Is it possible to gain access to asfgit credential
Date Sat, 15 Dec 2018 13:04:00 GMT
Zoran Regvart created INFRA-17449:
-------------------------------------

             Summary: Is it possible to gain access to asfgit credential
                 Key: INFRA-17449
                 URL: https://issues.apache.org/jira/browse/INFRA-17449
             Project: Infrastructure
          Issue Type: Wish
          Components: Github, Jenkins
            Reporter: Zoran Regvart


>From what I can tell it seems that the Pull Request builder plugin is configured with
the {{asfgit}} account. We'd like to have feature parity in pipeline jobs (Multibranch Pipeline
with GitHub branch source).

Is it possible to create a Username/Password Credential with personal access token as password
so it can be set on the GitHub branch source?

Our end goal is to have pipeline pull request builds, any other suggestions on how to do this
without {{asfgit}} account is much appreciated.

As noted in https://issues.apache.org/jira/browse/INFRA-16473?focusedCommentId=16515957&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16515957
we have already created a GitHub user and a Username/Password credential with personal access
token with {{repo:status}} scope, but since this user is not a collaborator on the GitHub
repository it cannot set the status of the build.

We get:
{quote}
Could not update commit status, please check if your scan credentials
belong to a member of the organization or a collaborator of the
repository and repo:status scope is selected
{quote}

And I as far as I can see even with this user added as a collaborator further OAuth scopes
would need to be added as the GitHub branch source logic is to fetch permissions from the
GitHub repository in order to check if the PR is trusted to build. I.e. we get:

{quote}
{"message":"Must have push access to view collaborator permission.","documentation_url":"https://developer.github.com/v3/repos/collaborators/#review-a-users-permission-level"}
{quote}

There is a thread on builds@ on this topic:

https://mail-archives.apache.org/mod_mbox/www-builds/201812.mbox/%3CCABD_Zr9uS1Ux63FYEyVOz9yi55j0DdOEz7uyFKRO9Lx0%3DdwAfw%40mail.gmail.com%3E



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message