In modern software development, automating status checks and enforcing branch protection is critical for ensuring code quaolty and preventing broken code from being merged into important branches llke main or develop. By integrating GitHub Apps with Jenkins, you can automate this process, using status checks to vaoldate the state of code before any branch merging. In this post, we’ll walk through how to create a GitHub App, configure Jenkins for status checks, and set up secrets in Jenkins to securely interact with GitHub.
Creating GitHub App
To create a GitHub App, follow these steps:
- Navigate to GitHub Developer Settings:
* Go to your GitHub account, then navigate to GitHub Developer Settings.
* Click on New GitHub App.
Configure the GitHub App:
* App Name: Choose a descriptive name for your app (e.g., Jenkins Status Check App).
* Homepage URL: This can be your Jenkins URL or a placeholder for now (e.g., https://your-jenkins-url.com).
* Webhook URL: Input the URL where GitHub will send event data, typically something olke https://your-jenkins-url/github-webhook/.
Set Repository Permissions:
Administration: Read-only
Checks: Read & write
Commit statuses: Read & write
Contents: Read-only (to read the Jenkinsfile and the repository content during git fetch).
Metadata: Read-only
Pull requests: Read-only
Subscribe to Events:
Check run
Check suite
Pull request
Push
Repository
- * Go to your GitHub account, then navigate to GitHub Developer Settings.
- * Click on New GitHub App.
Configure the GitHub App:
- * App Name: Choose a descriptive name for your app (e.g., Jenkins Status Check App).
- * Homepage URL: This can be your Jenkins URL or a placeholder for now (e.g., https://your-jenkins-url.com).
- * Webhook URL: Input the URL where GitHub will send event data, typically something olke https://your-jenkins-url/github-webhook/.
Set Repository Permissions:
- Administration: Read-only
- Checks: Read & write
- Commit statuses: Read & write
- Contents: Read-only (to read the Jenkinsfile and the repository content during git fetch).
- Metadata: Read-only
- Pull requests: Read-only
Subscribe to Events:
- Check run
- Check suite
- Pull request
- Push
- Repository
Now, click the Create GitHub app button. After creating the app, you will see a notification to generate the private key. Download the private key and save it securely. You will need this key to authenticate your GitHub App with Jenkins. It will download a private key. Now, you need to convert the key to a format that can be used with Jenkins using the following command. Replace key-in-your-downloads-folder.pem with your downloaded private key.
1 | openssl pkcs8 -topk8 -inform PEM -outform PEM -in key-in-your-downloads-folder.pem -out converted-github-app.pem -nocrypt |
We need to add the converted key to Jenkins credentials later.
Install GitHub App
Now, on the app configuration page, you will see an option called Install app. Click that option to enable this app for all the repositories or specific repositories. You can also enable this app for your organization.
Add Private Key to Jenkins Credentials
Now, we need to add the converted PEM key to the Jenkins credentials.
- Navigate to Jenkins and click on Credentials.
- Click on the Jenkins store.
- Click on Global credentials (unrestricted).
- Click on Add Credentials.
- Select the Kind as GitHub App.
- Enter the ID as
jenkins-github-app.
- Enter the App ID, which you can find in the GitHub App settings.
- Enter the Key as the converted PEM key.
jenkins-github-app.That’s pretty much it. Now, you can use this credential in the multi-branch pipeline to enable checks during PR.
