[JENKINS-72330] Fix test connection in case a GitHub App has more tha…

…n 1 installation (#748) * Add additional check when testing the connection if the configured GitHub App has more than 1 installation, in which case the owner of the first installation is used to test the connection. Clarify the documentation of the owner field that it is not required unless you wanna restrict to a single organization. * Apply spotless complaints.
jenkinsci · Nov 16, 2023 · 90e17c4 · 90e17c4
1 parent 6bfb8df
commit 90e17c4
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials.java b/src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials.java
@@ -123,7 +123,7 @@ public Secret getPrivateKey() {
     }
 
     /**
-     * Owner of this installation, i.e. a user or organisation, used to differeniate app installations
+     * Owner of this installation, i.e. a user or organisation, used to differentiate app installations
      * when the app is installed to multiple organisations / users.
      *
      * <p>If this is null then call listInstallations and if there's only one in the list then use
@@ -692,6 +692,21 @@ public FormValidation doTestConnection(
             gitHubAppCredential.setOwner(owner);
 
             try {
+                // If no owner is specified, check if the app has multiple installations.
+                if (owner == null || owner.isEmpty()) {
+                    GitHub gitHubApp = TokenProvider.createTokenRefreshGitHub(
+                            appID, privateKey, gitHubAppCredential.actualApiUri());
+                    List<GHAppInstallation> appInstallations =
+                            gitHubApp.getApp().listInstallations().toList();
+                    if (appInstallations.size() > 1) {
+                        // Just pick the owner of the first installation, so we have a valid
+                        // owner to create an access token for testing the connection.
+                        String anyInstallationOwner =
+                                appInstallations.get(0).getAccount().getLogin();
+                        gitHubAppCredential.setOwner(anyInstallationOwner);
+                    }
+                }
+
                 GitHub connect = Connector.connect(apiUri, gitHubAppCredential);
                 try {
                     return FormValidation.ok("Success, Remaining rate limit: "

diff --git a/...resources/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials/help-owner.html b/...resources/org/jenkinsci/plugins/github_branch_source/GitHubAppCredentials/help-owner.html
@@ -1,6 +1,7 @@
 <p>
     The organisation or user that this app is to be used for.
-    Only required if this app is installed to multiple organisations.
+    Only required if this app is installed to multiple organisations and connections
+    should be restricted to a single organisation.
     May be omitted in case credentials are used from GitHub multibranch projects
     (in that case the account is determined from the branch source where the credentials are used).
 </p>