jalaziz
commented
3 years ago Turns out this approach still fails with 401s after some time in some cases.
Going to give updating to use AuthorizationProvider a shot.
Closed jalaziz closed 3 years ago
jalaziz
commented
3 years ago Turns out this approach still fails with 401s after some time in some cases.
Going to give updating to use AuthorizationProvider a shot.
udangel-r7
commented
3 years ago @jalaziz were you successful in using github applications for the pull request builder?
jalaziz
commented
3 years ago @jalaziz were you successful in using github applications for the pull request builder?
Unfortunately not.
I started working on support for GitHub Applications, but it would either require 1) making certain private GitHub Branch Source Plugin APIs public, 2) Porting GitHub App support from the branch source plugin to the GitHub plugin, or 3) Copying all the supporting classes into this plugin.
Other priorities took over and I haven't had time to actually start down one of those paths.
Caching the GitHub client has the unfortunate side effect of caching the credentials too. This prevents GHRP from effectively using Github App credentials as the returned credentials expire after an hour. By returning a new GitHub client on demand, the credentials are fresh for each action and generally last long enough for most, if not, all GHRP tasks.
I'm not sure if this is the best approach, but it seems to work fine.
A seemingly better approach would be to use
AuthorizationProviders available in newer versions of the Github API plugin. However, it seems this would mean that GHRP would need to depend on the Github Branch Source Plugin to use Github App credentials and its associated auth provider.I completely understand if this is an unacceptable change, but it would be nice to support Github App authentication as it avoids needed to create a bot user account and provides fine grained permissions.