How to use Github Personal Access Token in Jenkins

127k views Asked by At

I can ask this question in many ways, like How to configure Jenkins credentials with Github Personal Access Token How to clone Github repo in Jenkins using Github Personal Access Token

So this is the problem


The alternate solution that I am aware of

But My question is how to setup Github connection with Jenkins using Personal Access Token

7

There are 7 answers

6
Dupinder Singh On BEST ANSWER

[UPDATE] The new solution proposed by git is

https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

Which says:

Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations and will require the use of token-based authentication, such as a personal access token (for developers) or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on GitHub.com. You may also continue using SSH keys where you prefer.

What you need to do:

https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/#what-you-need-to-do-today

Basically, change the add URL as

https://<access token>@github.com/<userName>/<repository>.git

Something like this

https://<access token>@github.com/dupinder/NgnixDockerizedDevEnv.git

and set the credentials to none.

Thanks to @Gil Stal


[OLD Technique]

After many discussion on multiple threads from Stackoverflow

I found one thread that is useful.

Refer to this answer: https://stackoverflow.com/a/61104603/5108695


Basically Personal access token can be used as a password, as far as Jenkins is concerned at least. I added new credentials to the credential manager.

Go to Jenkins

  • Go to credentials > System > Global credentials > Add credentials a page will open.
  • In Kind drop-down select Username and password.
  • In User put a non-existing username like jenkins-user or user.
  • Add Personal Access Token in the password field

Now start configuring your project.

  • source code management tab, select new configured credentials from Drop-down near credential Under Repository URL

So this is how we can configure or setup Authentication between Jenkins and Github using Personal Access Token

References:
Git Clone in Jenkins with Personal Access Token idles forever
Change jenkins pipeline to use github instead of gitlab

3
Gil Stal On

The accepted answer wont work anymore because of this: https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations.

You will need to:

  1. Change the URL of the repo to: https://<access token>@github.com/<user-name>/<repo-name>.git (Replace every <...> with the real parameters)

  2. Set the credentials to none.

0
d512 On

As of August 2021 the answer posted by Dupinder Singh is accurate. The only thing I would add is that if you are part of a team, the url format appears to be a bit different. This is what worked for me:

https://<access token>@github.com/<team>/<repo>.git

for example

https://[email protected]/MyKuleTeam/KuleGuyCode.git

Note that if you use a personal access token you don't need to have any github credentials stored in jenkins.

0
Daniel On

Whilst adding the access token to the URL (as per the accepted answer) works, it does not seem particularly good practice, since it means your secret access token is now peppered throughout your Jenkins logs.

Instead, you can:

  • store your personal access token as a credential on Jenkins
  • configure your job to use the stored token

1. Store Your GitHub Token on Jenkins As a Jenkins user with appropriate permissions:

  • Under Manage Jenkins > Manage Credentials, add new credentials to the global domain (or whichever scope is relevant for you): enter image description here
  • Configure the following fields:
    • Kind: "Username with password", even though it is a token. Last I tested it would not be available for selection when configuring the Jenkins job if another kind was configured.
    • Enter your GitHub username.
    • Enter the personal access token in the Password field.
    • Can leave the ID blank, or set to something easier to recognise.
    • A description is helpful too. enter image description here
  • Press Create.

2. Configure Your Job to Use the Token

In the configuration for your job, under Source Code Management > Git, set:

  • Repository URL: Set to the usual URL for your repo (no token required).

  • Credentials: Select the github token created above. enter image description here

  • Alternatively if using a declarative Pipeline, can add a step like:

    git branch: 'main', credentialsId: 'GitHub-token', url: 'https://github.com/your-github-username/your-repo'
    
0
Gili On

There is (yet another) way to do this as of 2020/04 which is supposed to be superior to personal access tokens. The best part is that you can continue using a username/password-style credential, and the plugin will handle authenticating with GitHub in the background.

Benefits include:

  • Larger rate limits - The rate limit for a GitHub app scales with your organization size, whereas a user based token has a limit of 5000 regardless of how many repositories you have.

  • User-independent authentication - Each GitHub app has its own user-independent authentication. No more need for 'bot' users or figuring out who should be the owner of 2FA or OAuth tokens.

  • Improved security and tighter permissions - GitHub Apps offer much finer-grained permissions compared to a service user and its personal access tokens. This lets the Jenkins GitHub app require a much smaller set of privileges to run properly.

  • Access to GitHub Checks API - GitHub Apps can access the the GitHub Checks API to create check runs and check suites from Jenkins jobs and provide detailed feedback on commits as well as code annotation

Links:

0
Bash13 On

For a Personal access token chose the username and password and add the token for both the username and password section on the new credentials to the credential manager.

Go to Jenkins

Go to credentials > System > Global credentials > Add credentials
On the Kind drop-down select Username and password.
On the User section put the token.
Add the token in the password field
Then save
1
mirekphd On

As for credentials for Jenkins Github Plugin, please be aware only Personal access tokens are now accepted by this plugin.

To generate such a token, follow the Github docs (e.g. here). Don't save it, it can be regenerated in Github and updated in Jenkins if lost or when migrating to a different server.

To add the token do Jenkins credentials store, go to <JENKINS_URL:PORT>/credentials/store/system/domain/_/newCredentials and select Kind "Secret text" (not the default "Username and password"), then paste the token as Secret and choose some ID.

Testing: the credential should appear on the list of Credentials at <JENKINS_URL:PORT>/credentials/ and be selectable from the drop-down list at <JENKINS_URL:PORT>/configure/, where pressing the "Test connection" button should display "Credentials verified for user <GITHUB_USER>".


More info: see the Github plugin docs.

Caveats: Git Plugin has its long-standing issues, so if the newly created "Secret text" does not appear in your pipelines, try if this solution helps (with "the user who triggered the build" considered safer than "SYSTEM"): client-and-managed-masters/why-credentials-are-not-listed-in-the-git-scm-section