Link GitHub to a Jenkins pipeline by installing the GitHub plugin, setting up a webhook in GitHub, configuring the job with "GitHub hook trigger for GITScm polling", and authenticating with a Personal Access Token
Linking GitHub to a Jenkins pipeline so it automatically runs on every code push is achieved through webhooks—GitHub sends an HTTP POST to Jenkins whenever code is pushed, triggering the pipeline. The integration requires installing the GitHub plugin, authenticating Jenkins to GitHub using a Personal Access Token (PAT), and configuring both the job and the GitHub repository to use the webhook URL JENKINS_URL/github-webhook/. This setup enables real-time, event-driven CI/CD without polling overhead.
Jenkins instance running and accessible from GitHub (public URL or tunneling tool like ngrok for local testing)
GitHub Integration Plugin and Git Plugin installed in Jenkins
GitHub repository where you have admin access (to configure webhooks)
GitHub Personal Access Token (PAT) with appropriate scopes
The PAT securely authenticates Jenkins with GitHub without using your account password. In GitHub, go to Settings → Developer settings → Personal access tokens → Tokens (classic). Click "Generate new token", give it a descriptive name, and set an expiration date. Select at least these scopes: repo (for accessing repository code) and admin:repo_hook (for Jenkins to manage webhooks automatically). Copy the generated token immediately—it won't be shown again.
In Jenkins, go to Manage Jenkins → Credentials → System → Global credentials (unrestricted) → Add Credentials. For a freestyle job using HTTPS, select kind "Username with password", enter your GitHub username, and paste the PAT as the password. For pipeline jobs or automatic hook management, you may also add it as "Secret text" in the global GitHub configuration under Manage Jenkins → Configure System → GitHub → Add GitHub Server → Credentials (select the secret text credential).
In your GitHub repository, go to Settings → Webhooks → Add webhook. For Payload URL, enter your Jenkins URL followed by /github-webhook/ (e.g., http://your-jenkins-server:8080/github-webhook/). If Jenkins is on localhost, use ngrok to expose it: run ./ngrok http 8080 and use the generated ngrok URL. Set Content type to application/json, select "Just the push event" (or customize as needed), and ensure the webhook is active. You can add a secret for security, which must match the shared secret configured in Jenkins global GitHub settings.
Push a commit to the repository—a new build should automatically appear in Jenkins build history.
Check the "GitHub Hook Log" in the job page to see if Jenkins received the webhook.
In GitHub webhook settings, click "Recent Deliveries" to verify the payload was sent and received successfully.
Enable Jenkins logging for
com.cloudbees.jenkins.GitHubWebHookandorg.jenkinsci.plugins.github.webhook.WebhookManagerto see detailed webhook processing logs.
If Jenkins cannot be exposed to the internet for webhooks, you can use Poll SCM as a fallback. In job configuration → Build Triggers, check "Poll SCM" and enter a cron schedule like H/5 * * * * to check for changes every 5 minutes. However, webhooks are strongly preferred for real-time triggering and reduced server load.
Always use Personal Access Tokens instead of passwords. Store tokens in Jenkins credentials, never hardcoded in pipelines. Set appropriate token expiration and rotate regularly. Use HTTPS for all connections and consider adding a webhook secret for additional verification. Ensure your Jenkins server is properly firewalled and accessed via HTTPS in production.