Hello. I'm having an issue creating a Github Organization (GO from now on)
and also not quite understanding how credentials (the plugin) fit into all
this. I think I understand that credentials via the plugin can be siloed
into different groups or folders for access control purposes. I have a few
credentials in jenkins/global (ie at the URL /credentials), and another
scoped to "Jenkins", of which some of the global ones should have
sufficient permissions for the GO plugin, but after creating my new GO
they're not listed (the list only shows "-none-") and I'm shown a "Credentials
are recommended" message.

Saving my newly created GO kicks off the folder computation process which
does nothing because its trying to use anonymous access, and revisiting its
settings page still doesn't show any credentials global or otherwise. Ok,
understandable.

From my GO/settings page I have the option of adding credentials with two
options: folder credentials provider (by the name of my new GO) and Jenkins
credentials provider (by the name of Jenkins). From here I chose to add
credentials using the GO provider by generating a new personal access token
in github with these permissions:

* repo Full control of private repositories*
* repo:status Access commit status*
* repo_deployment Access deployment status*
* public_repo*

* admin:repo_hook Full control of repository hooks*
* write:repo_hook Write repository hooks*
* read:repo_hook Read repository hooks*

* admin:org_hook Full control of organization hooks*

Those may be too wide, but whatever, I think they're enough? I select those
creds, apply the changes, and start folder computation, and now it sees
everything. Awesome. As a test I have just one branch in one repo with a
Jenkinsfile and this is it:

*node {*
* // git url: 'https://github.com/COMPANY/COMPANY-java-core.git'*

* stage('Test (verify)') {*
* withMaven(*
* maven: 'maven3',*
* mavenLocalRepo: '.repository') {*
* sh "mvn clean install"*
* }*
* }*
*}*

With and without that git url has returned different errors, I can go back
and find out what they were if it matters. Regardless, with it how it is
now if I go to a detected branch and look at the log for what it tried to
do using the Jenkins file, I see
this: https://gist.githubusercontent.com/jayceekay/20a9797de5fa76a8b444cefc2cf65674/raw/21b507979df4acff83a5609204505d3e6e4bece2/log

Namely, to clone the repo it does:

Connecting to https://api.github.com using ME/****** (COMPANY github organization token)
Cloning the remote Git repository
Cloning repository https://github.com/COMPANY/COMPANY-java-core.git


But then later I see:

Fetching upstream changes from https://github.com/COMPANY/COMPANY-java-core.git
using GIT_ASKPASS to set credentials COMPANY github organization token
Fetching upstream changes from https://github.com/COMPANY/COMPANY-java-core.git
using GIT_ASKPASS to set credentials COMPANY github organization token
Checking out Revision some_commit_hash (ME/jenkinsfile-test)
1. it seems like its doing the same thing more than once
2. rather than default to the credentials I gave it it's defaulting to
asking for a password

I've read online that from here I can go into individual repositories that
were found and tweak the Github plugin settings (under advanced) and change
the checkout credentials to be different from the scan credentials, which I
can see and change, but cannot actually *save*?

All suggestions welcome!