Skip to content

Use CredentialsProvider.findCredentialByIdInItem #1498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jglick merged 2 commits into from
Jan 12, 2026
+27 −38
Merged

Use CredentialsProvider.findCredentialByIdInItem #1498

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dcc6d1d
Use `CredentialsProvider.findCredentialByIdInItem`
jglick Jan 7, 2026
23c7a8d
Dep released
jglick Jan 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,16 @@
<dependency>
<groupId>io.jenkins.tools.bom</groupId>
<artifactId>bom-${jenkins.baseline}.x</artifactId>
<version>5543.vfd758c7c868d</version>
<version>5804.v80587a_38d937</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- TODO until in BOM -->
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>credentials</artifactId>
<version>1480.v2246fd131e83</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
35 changes: 12 additions & 23 deletions src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,6 @@
import static java.util.logging.Level.FINE;
import static java.util.logging.Level.WARNING;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsNameProvider;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
Expand Down Expand Up @@ -131,12 +129,11 @@
public static ListBoxModel listScanCredentials(@CheckForNull Item context, String apiUri) {
return new StandardListBoxModel()
.includeEmptyValue()
.includeMatchingAs(
context instanceof Queue.Task ? ((Queue.Task) context).getDefaultAuthentication() : ACL.SYSTEM,
.includeAs(
context instanceof Queue.Task t ? t.getDefaultAuthentication2() : ACL.SYSTEM2,
context,
StandardUsernameCredentials.class,
githubDomainRequirements(apiUri),
githubScanCredentialsMatcher());
StandardUsernamePasswordCredentials.class,
githubDomainRequirements(apiUri));
}

/**
Expand Down Expand Up @@ -298,16 +295,12 @@
if (Util.fixEmpty(scanCredentialsId) == null) {
return null;
}
StandardCredentials c = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentialsInItem(
StandardUsernameCredentials.class,
context,
context instanceof Queue.Task
? ((Queue.Task) context).getDefaultAuthentication2()
: ACL.SYSTEM2,
githubDomainRequirements(apiUri)),
CredentialsMatchers.allOf(
CredentialsMatchers.withId(scanCredentialsId), githubScanCredentialsMatcher()));
var c = CredentialsProvider.findCredentialByIdInItem(
scanCredentialsId,
StandardUsernamePasswordCredentials.class,
context,
context instanceof Queue.Task t ? t.getDefaultAuthentication2() : ACL.SYSTEM2,
githubDomainRequirements(apiUri));
if (c instanceof GitHubAppCredentials && repoOwner != null) {
// Note: We considered adding an overload so that all existing callers in this plugin could
// specify an exact repository and granular permission, but decided against it. This method
Expand All @@ -334,6 +327,7 @@
* @return the {@link StandardCredentials} or {@code null}
* @deprecated use {@link #listCheckoutCredentials(Item, String)}
*/
@Deprecated
@NonNull
public static ListBoxModel listCheckoutCredentials(@CheckForNull SCMSourceOwner context, String apiUri) {
return listCheckoutCredentials((Item) context, apiUri);
Expand All @@ -354,7 +348,7 @@
result.add("- same as scan credentials -", GitHubSCMSource.DescriptorImpl.SAME);
result.add("- anonymous -", GitHubSCMSource.DescriptorImpl.ANONYMOUS);
return result.includeMatchingAs(
context instanceof Queue.Task ? ((Queue.Task) context).getDefaultAuthentication() : ACL.SYSTEM,
context instanceof Queue.Task t ? t.getDefaultAuthentication2() : ACL.SYSTEM2,

Check warning on line 351 in src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line 

Line 351 is not covered by tests
context,
StandardUsernameCredentials.class,
githubDomainRequirements(apiUri),
Expand Down Expand Up @@ -521,11 +515,6 @@
}
}

private static CredentialsMatcher githubScanCredentialsMatcher() {
// TODO OAuth credentials
return CredentialsMatchers.anyOf(CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class));
}

static List<DomainRequirement> githubDomainRequirements(String apiUri) {
return URIRequirementBuilder.fromUri(StringUtils.defaultIfEmpty(apiUri, GitHubServerConfig.GITHUB_URL))
.build();
Expand Down
22 changes: 8 additions & 14 deletions src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
Expand Down Expand Up @@ -219,19 +218,14 @@
if (credentialsId == null) {
return HTTPS;
} else {
StandardCredentials credentials = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentialsInItem(
StandardCredentials.class,
context,
context instanceof Queue.Task
? ((Queue.Task) context).getDefaultAuthentication2()
: ACL.SYSTEM2,
URIRequirementBuilder.create()
.withHostname(RepositoryUriResolver.hostnameFromApiUri(apiUri))
.build()),
CredentialsMatchers.allOf(
CredentialsMatchers.withId(credentialsId),
CredentialsMatchers.instanceOf(StandardCredentials.class)));
var credentials = CredentialsProvider.findCredentialByIdInItem(
credentialsId,
StandardCredentials.class,
context,
context instanceof Queue.Task t ? t.getDefaultAuthentication2() : ACL.SYSTEM2,
URIRequirementBuilder.create()
.withHostname(RepositoryUriResolver.hostnameFromApiUri(apiUri))
.build());

Check warning on line 228 in src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMBuilder.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered lines 

Lines 221-228 are not covered by tests
if (credentials instanceof SSHUserPrivateKey) {
return SSH;
} else {
Expand Down
Loading