Class GitHubAppCredentials

java.lang.Object
com.cloudbees.plugins.credentials.BaseCredentials
com.cloudbees.plugins.credentials.impl.BaseStandardCredentials
org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials
All Implemented Interfaces:
com.cloudbees.plugins.credentials.common.IdCredentials, com.cloudbees.plugins.credentials.common.PasswordCredentials, com.cloudbees.plugins.credentials.common.StandardCredentials, com.cloudbees.plugins.credentials.common.StandardUsernameCredentials, com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials, com.cloudbees.plugins.credentials.common.UsernameCredentials, com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials, com.cloudbees.plugins.credentials.Credentials, ExtensionPoint, Describable<com.cloudbees.plugins.credentials.Credentials>, Serializable

public class GitHubAppCredentials extends com.cloudbees.plugins.credentials.impl.BaseStandardCredentials implements com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials
See Also:
  • Field Details

    • ALLOW_UNSAFE_REPOSITORY_INFERENCE

      public static boolean ALLOW_UNSAFE_REPOSITORY_INFERENCE
      Controls whether GithubProjectProperty is considered by forRun(hudson.model.Run<?, ?>) for Pipeline builds.

      RepositoryAccessStrategy is intended to prevent users with the ability to edit a Jenkinsfile in a single repository from being able to use GitHub app credentials available to that Pipeline to access other repositories. The existence of the properties step means that job properties may not be trusted for Pipeline repository inference.

  • Constructor Details

    • GitHubAppCredentials

      @DataBoundConstructor public GitHubAppCredentials(com.cloudbees.plugins.credentials.CredentialsScope scope, String id, @CheckForNull String description, @NonNull String appID, @NonNull Secret privateKey)
  • Method Details

    • getApiUri

      public String getApiUri()
    • setApiUri

      @DataBoundSetter public void setApiUri(String apiUri)
    • getAppID

      @NonNull public String getAppID()
    • getPrivateKey

      @NonNull public Secret getPrivateKey()
    • getOwner

      @Deprecated @CheckForNull public String getOwner()
    • setOwner

      public void setOwner(String owner)
    • getRepositoryAccessStrategy

      @NonNull public RepositoryAccessStrategy getRepositoryAccessStrategy()
    • setRepositoryAccessStrategy

      @DataBoundSetter public void setRepositoryAccessStrategy(@NonNull RepositoryAccessStrategy strategy)
    • getDefaultPermissionsStrategy

      @NonNull public DefaultPermissionsStrategy getDefaultPermissionsStrategy()
    • setDefaultPermissionsStrategy

      @DataBoundSetter public void setDefaultPermissionsStrategy(@NonNull DefaultPermissionsStrategy strategy)
    • getPassword

      @NonNull public Secret getPassword()
      Specified by:
      getPassword in interface com.cloudbees.plugins.credentials.common.PasswordCredentials
    • getUsername

      @NonNull public String getUsername()
      Specified by:
      getUsername in interface com.cloudbees.plugins.credentials.common.UsernameCredentials
    • isUsernameSecret

      public boolean isUsernameSecret()
      Specified by:
      isUsernameSecret in interface com.cloudbees.plugins.credentials.common.UsernameCredentials
    • contextualize

      @NonNull public GitHubAppCredentials contextualize(GitHubAppUsageContext context)
    • forRun

      @NonNull public com.cloudbees.plugins.credentials.Credentials forRun(Run<?,?> context)
      Specified by:
      forRun in interface com.cloudbees.plugins.credentials.Credentials
    • writeReplace

      protected Object writeReplace()
      Ensures that the credentials state as serialized via Remoting to an agent calls back to the controller. Benefits:
      • The token is cached locally and used until it is stale.
      • The agent never needs to have access to the plaintext private key.
      • We avoid the considerable amount of class loading associated with the JWT library, Jackson data binding, Bouncy Castle, etc.
      • The agent need not be able to contact GitHub.