Configuring Jenkins with GitHub (Authorization)

Question

I'd like to set up a Jenkins to build GitHub projects for a group of people working on different projects in a way that the projects' visibility in Jenkins follows the authorization in GitHub.

I did this before (successfully) using GitHub Auth Plugin and the Committer Strategy, but fail to reproduce the configuration.

What I reached so far:

1. I am running jenkins/jenkins:jdk11 in docker.
2. I successfully configured GitHub Authentication, that is users are authenticated via OAuth (currently with scopes "repo, read:org, read:user"), so their github name is displayed as username.

I added some github projects, and the "GitHub Committer Strategy" helped me to configure the visibility last time, but now I run into a problem I don't really understand.

If I leave the configuration of the GitHub Committer Strategy blank (except for a admin user), authenticated users can't see anything. There's a message "Access denied, XXX is missing the Overall/Read permission" (translated).

I still get this error when I check "Use GitHub Repository Permissions". When I add "Grant READ permissions to all Authenticated Users", users can see each other's projects.

I don't even understand how it's supposed to work. How can I configure the plugin such that every authenticated user gets an overview of all his projects?

I am using Jenkins 2.223 and GitHub Authentiction Plugin 0.33.

Answer 1

Jenkins GitHub OAuth Plugin (GitHub Authentication plugin)

Why: Use GitHub user credentials to administer Jenkins instance, using GitHub OAuth Application.

Plug-in details: https://plugins.jenkins.io/github-oauth

Configuration (Github): Step1: https://github.com → Settings → Developer Settings → New OAuth Apps → New OAuth App.

• Application Name: Jenkins
• HomePageURL: Your Jenkins landing page URL, for me it is https://jenkis..ninja
• Application Description: Whatever you like
• Authorization callback: /securityRealm/finishLogin please make sure your spellings are correct

Add your application

Step 2: Configuration (Jenkins)

• Enable security checkbox
• Access Control checkbox
• Github Authentication plugin
• Github Web URI: https://github.com or your own Github server instance
• Client Id: which will you get from Github
• Client Secret: Secret key that you will get from GitHub while Adding Jenkins as application
• OAuth Scope(s): read:org,user:email,repo

Then Authorization:

• Matrix-based Security: checkbox check as checked-in screenshot

For more details please read https://plugins.jenkins.io/github-oauth/