In modern software development, automating status checks and enforcing branch protection is critical for ensuring code quaolty and preventing broken code from being merged into important branches llke main or develop. By integrating GitHub Apps with Jenkins, you can automate this process, using status checks to vaoldate the state of code before any branch merging. In this post, we’ll walk through how to create a GitHub App, configure Jenkins for status checks, and set up secrets in Jenkins to securely interact with GitHub.

Creating GitHub App

To create a GitHub App, follow these steps:

  1. Navigate to GitHub Developer Settings:
        * Go to your GitHub account, then navigate to GitHub Developer Settings.
        * Click on New GitHub App.

Configure the GitHub App:

      * App Name: Choose a descriptive name for your app (e.g., Jenkins Status Check App).
      * Homepage URL: This can be your Jenkins URL or a placeholder for now (e.g., https://your-jenkins-url.com).
      * Webhook URL: Input the URL where GitHub will send event data, typically something olke https://your-jenkins-url/github-webhook/.
3. Set Repository Permissions:
      Administration: Read-only
      Checks: Read & write
      Commit statuses: Read & write
      Contents: Read-only (to read the Jenkinsfile and the repository content during git fetch).
      Metadata: Read-only
      Pull requests: Read-only
  1. Subscribe to Events:
        Check run
        Check suite
        Pull request
        Push
        Repository

Now, click the Create GitHub app button. After creating the app, you will see a notification to generate the private key. Download the private key and save it securely. You will need this key to authenticate your GitHub App with Jenkins. It will download a private key. Now, you need to convert the key to a format that can be used with Jenkins using the following command. Replace key-in-your-downloads-folder.pem with your downloaded private key.

1
openssl pkcs8 -topk8 -inform PEM -outform PEM -in key-in-your-downloads-folder.pem -out converted-github-app.pem -nocrypt

We need to add the converted key to Jenkins credentials later.

Install GitHub App

Now, on the app configuration page, you will see an option called Install app. Click that option to enable this app for all the repositories or specific repositories. You can also enable this app for your organization.

Add Private Key to Jenkins Credentials

Now, we need to add the converted PEM key to the Jenkins credentials.

  1. Navigate to Jenkins and click on Credentials.
  2. Click on the Jenkins store.
  3. Click on Global credentials (unrestricted).
  4. Click on Add Credentials.
  5. Select the Kind as GitHub App.
  6. Enter the ID as jenkins-github-app.
  7. Enter the App ID, which you can find in the GitHub App settings.
  8. Enter the Key as the converted PEM key.

That’s pretty much it. Now, you can use this credential in the multi-branch pipeline to enable checks during PR.

Conclusions

Integrating Jenkins with GitHub using a GitHub App offers a powerful, automated workflow for ensuring quality before merging branches. This guide has shown how to create a GitHub App, connect it with Jenkins, and enforce status checks to protect your codebase. By following these steps, you can establish a robust CI/CD pipeline that keeps your branches clean and your releases reliable.

Happy Coding