Implement credentials tracking

[tsalzinger]

This allows to see jobs which execute repository / branch scanning as users of credentials, allowing to figure out which jobs actually reference these credentials more easily.

closes #833

Your checklist for this pull request

• Make sure you are requesting to pull a topic/feature/bugfix branch (right side) and not your master branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or in Jenkins JIRA
• Link to relevant pull requests, esp. upstream and downstream changes
• Did you provide a test-case? That demonstrates feature works or fixes the issue.
  No - I honestly don't know on how to provide automated tests for this - I verified the behavior manually but I'd gladly implement some unit / integration tests if I can get some pointers

[KalleOlaviNiemitalo]

I'm surprised that this is needed. Is this how other plugins track the credentials of runs?

[tsalzinger]

To be honest I have no idea.
This is my first time working on the jenkins / a jenksin plugin codebase and all of it is rather overwhelming. I just noticed that we didn't see any usages of our bitbucket credentials so I started to look into it. But even to find CredentialsProvider.track I had to look through the code of the credentials plugin as I couldn't find any documentation about it - the only hint was the UI showing Note: usage tracking requires the cooperation of plugins and consequently may not track every use. which set me down that path.

With my limited knowledge though it kind of makes sense as at the time of the actual job invocation any generic code wouldn't know about the configured credentials anymore as they would have been transfored already into whatever format is actually required to perform the task (eg an environment variable, or a request header, etc.), and even if you would hook exactly into that transformation you most likely wouldn't have access to the actual Run anymore. Of course I might be completely wrong here - so I'm happy about any insight. I am also fine with dropping this specific thing from the PR and opening up a separat ticket / PR if for the actual credentials tracking of job runs.

Please just let me know on how you want to proceed here.

[KalleOlaviNiemitalo]

Other plugins may be using CredentialsProvider.findCredentialById, which usually calls CredentialsProvider.track. However, a search for CredentialsProvider in github-branch-source-plugin shows only CredentialsProvider.lookupCredentials, CredentialsProvider.USE_ITEM, and CredentialsProvider.lookupStores.

[tsalzinger]

So how should we procceed here?
Should I drop the listener for now? I don't think I can dig into this in more detail before end of next week.

[thomas-boehm-tractive]

@KalleOlaviNiemitalo any feedback on this?