[JENKINS-73474] Fix GitHubAppCredentials owner inference

[jeromepochat]

GitHub App installed in multiple organizations get:

java.lang.IllegalArgumentException: Found multiple installations for GitHub app ID ... but none match credential owner "". Set the right owner in the credential advanced options to one of: ..., ...
	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.generateAppInstallationToken(GitHubAppCredentials.java:244)
	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getToken(GitHubAppCredentials.java:295)
	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getPassword(GitHubAppCredentials.java:324)
	at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.CliGitAPIImpl.createPasswordFile(CliGitAPIImpl.java:2547)
	at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2143)
	at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2079)
	at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2070)
	at PluginClassLoader for git-client//org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getRemoteSymbolicReferences(CliGitAPIImpl.java:3842)
	at PluginClassLoader for git//jenkins.plugins.git.AbstractGitSCMSource.retrieveActions(AbstractGitSCMSource.java:1176)
	at PluginClassLoader for scm-api//jenkins.scm.api.SCMSource.fetchActions(SCMSource.java:847)
	at PluginClassLoader for branch-api//jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:611)
	at PluginClassLoader for cloudbees-folder//com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:269)
	at PluginClassLoader for cloudbees-folder//com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:167)
	at PluginClassLoader for branch-api//jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1057)
	at hudson.model.ResourceController.execute(ResourceController.java:101)
	at hudson.model.Executor.run(Executor.java:447)

Steps to reproduce:

• install GitHub App in more than one organization
• configure GitHub App Credentials with owner left blank to infer value
• configure multi branch pipeline using GitHub branch source
• trigger "scan multibranch pipeline"

The regression was introduced since #796. The owner parameter is not used anymore and the credentials clone is initialized using the owner field read method instead of owner parameter value, resulting with null owner in the cloned credentials. While generating the token, there is no installation matching with empty owner, resulting in exception.

This fix the credentials clone by setting the owner from the parameter instead of clone field null value.

See JENKINS-73474 for more information.

[dwnusbaum]

@jeromepochat What do you think about trying to create a WireMock-based regression test for this logic? It seems undesirable that something like this was not caught by tests.

[thiencisco]

I agreed with @dwnusbaum. Please expedite this process because the latest version of the plugin is tied to the latest version of Jenkins. Many of our pipelines are currently blocked right now.

[jglick]

Looks right. As a regression, I would recommend releasing immediately and spend time on a proper integration test for the whole system as a follow-up.

[jeromepochat]

Looks right. As a regression, I would recommend releasing immediately and spend time on a proper integration test for the whole system as a follow-up.

Agree. I'll create another PR for the integration test ASAP.

BTW, can anyone merge this one please as I don't have the permission? Thanks!

[jeromepochat]

@jeromepochat What do you think about trying to create a WireMock-based regression test for this logic? It seems undesirable that something like this was not caught by tests.

#804