I have a question regarding Github Application Credentials.
Whenever I search for how it can be used, it seems to be limited to Organization Folders and multibranch pipelines.
I would like to use it in a declarative pipeline script that is used interactively - so no automatic code scanning etc.
I think you can use the withCredentials step provided by the Credentials Binding Plugin to bind your GitHub Application Credentials to variables, and then use these variables in your pipeline script.
Here is an untested example of how you could maybe do this:
pipeline {
agent any
stages {
stage('Example') {
steps {
withCredentials([string(credentialsId: 'my-github-app-credentials', variable: 'GITHUB_TOKEN')]) {
// Use the GITHUB_TOKEN variable in your steps
sh 'git clone https://x-access-token:${GITHUB_TOKEN}@github.com/your-repo.git'
}
}
}
}
}
In this example, you should replace my-github-app-credentials with the ID of your GitHub Application Credentials in Jenkins, and https://x-access-token:${GITHUB_TOKEN}@github.com/your-repo.git with the repository you want to clone.
The withCredentials step securely provides the credentials to the steps inside its block and masks any output of the credentials in logs.
This probably works. But I think by doing this you are restricted by the GitHub rate limit of an access token and not the higher limits of the Github application