Team/repo associations cleanup: You may have lost some permissions today
21 views
Skip to first unread message
Daniel Beck
Nov 28, 2017, 8:59:32 AM11/28/17
to Jenkins Developers
Hi everyone,
In preparation for the larger Everyone permissions cleanup[1] I wrote a script determining collaborators/contributors for every plugin. Reviewing its output, I found ~40 repos that had broken team/repo associations, i.e. per-repo teams that grant access to repositories other than the named one. I expect most of these associations are due to GitHub behavior that added all of a user's teams to a repo they fork or create (one of many reasons why we fork with the bot!). I cleaned most of those up (those repos with 90+ teams associated with them -- no joke -- will need GitHub support involvement).
So, if you lost access to any of these repos today, this is the reason. Please respond to this thread, or ping me on IRC, to get your access restored, if you are a (co)maintainer of any of these:
build-with-parameters-plugin
cloudbees-disk-usage-simple-plugin
ec2-fleet-plugin
exclude-matrix-parent
github-additional-traits-plugin
graphite-plugin
html5-notifier-plugin
icescrum-plugin
image-gallery-plugin
jacoco-plugin
jna
jsch-plugin
jslint-jenkins-plugin
keep-slave-offline-plugin
leiningen-plugin
logging-plugin
Matrix-sorter-plugin
maven-license-plugin
openstack-cloud-plugin
pipeline-build-step-plugin
pipeline-model-definition-plugin
plexus-utils
pubsub-light-module
r-plugin
redmine-plugin
sahagin-plugin
saml-plugin
seleniumhtmlreport-plugin
signal-killer
sse-gateway-plugin
telerik-appbuilder-plugin
updatejob-plugin
upstream-downstream-view-plugin
These three repos have so many team associations that they break the GitHub UI (90-130 teams each), so I'm in contact with GitHub support to fix them:
emmacoveragecolumn-plugin
matrix-reloaded-plugin
selenium-tests
In general, don't reuse the autogenerated teams to set up some sort of manual team/permissions management in GitHub. Create new teams for this that are unambiguously not a autogenerated 'whatever-plugin Developers' team.
Daniel
1: https://groups.google.com/d/msg/jenkinsci-dev/ksKAsmsmVng/lG2lNEaJBQAJ
In preparation for the larger Everyone permissions cleanup[1] I wrote a script determining collaborators/contributors for every plugin. Reviewing its output, I found ~40 repos that had broken team/repo associations, i.e. per-repo teams that grant access to repositories other than the named one. I expect most of these associations are due to GitHub behavior that added all of a user's teams to a repo they fork or create (one of many reasons why we fork with the bot!). I cleaned most of those up (those repos with 90+ teams associated with them -- no joke -- will need GitHub support involvement).
So, if you lost access to any of these repos today, this is the reason. Please respond to this thread, or ping me on IRC, to get your access restored, if you are a (co)maintainer of any of these:
build-with-parameters-plugin
cloudbees-disk-usage-simple-plugin
ec2-fleet-plugin
exclude-matrix-parent
github-additional-traits-plugin
graphite-plugin
html5-notifier-plugin
icescrum-plugin
image-gallery-plugin
jacoco-plugin
jna
jsch-plugin
jslint-jenkins-plugin
keep-slave-offline-plugin
leiningen-plugin
logging-plugin
Matrix-sorter-plugin
maven-license-plugin
openstack-cloud-plugin
pipeline-build-step-plugin
pipeline-model-definition-plugin
plexus-utils
pubsub-light-module
r-plugin
redmine-plugin
sahagin-plugin
saml-plugin
seleniumhtmlreport-plugin
signal-killer
sse-gateway-plugin
telerik-appbuilder-plugin
updatejob-plugin
upstream-downstream-view-plugin
These three repos have so many team associations that they break the GitHub UI (90-130 teams each), so I'm in contact with GitHub support to fix them:
emmacoveragecolumn-plugin
matrix-reloaded-plugin
selenium-tests
In general, don't reuse the autogenerated teams to set up some sort of manual team/permissions management in GitHub. Create new teams for this that are unambiguously not a autogenerated 'whatever-plugin Developers' team.
Daniel
1: https://groups.google.com/d/msg/jenkinsci-dev/ksKAsmsmVng/lG2lNEaJBQAJ
Mark Waite
Nov 28, 2017, 11:08:44 AM11/28/17
to jenkin...@googlegroups.com
I seem to have lost the ability to control settings on the git-plugin repository. Could you add me to a group that has admin permissions for https://github.com/jenkinsci/git-plugin ?
Mark Waite
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7B81C933-C072-431B-96FE-07C1585102BB%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Daniel Beck
Nov 28, 2017, 11:17:41 AM11/28/17
to jenkin...@googlegroups.com
> On 28. Nov 2017, at 17:08, Mark Waite <mark.ea...@gmail.com> wrote:
>
> I seem to have lost the ability to control settings on the git-plugin repository. Could you add me to a group that has admin permissions for https://github.com/jenkinsci/git-plugin ?
I listed potentially impacted repos and users in https://issues.jenkins-ci.org/browse/INFRA-1421
Oliver Gondža
Nov 28, 2017, 2:26:22 PM11/28/17
to jenkin...@googlegroups.com, Lucie Votypkova
On 2017-11-28 14:59, Daniel Beck wrote:
> So, if you lost access to any of these repos today, this is the reason. Please respond to this thread, or ping me on IRC, to get your access restored, if you are a (co)maintainer of any of these:
Some of these are maintained by us, please grant access to olivergondza
> So, if you lost access to any of these repos today, this is the reason. Please respond to this thread, or ping me on IRC, to get your access restored, if you are a (co)maintainer of any of these:
for:
- exclude-matrix-parent
- openstack-cloud-plugin
And to lvotypko for:
- keep-slave-offline-plugin
- Matrix-sorter-plugin
- upstream-downstream-view-plugin
Thanks
--
oliver
Daniel Beck
Nov 28, 2017, 2:51:02 PM11/28/17
to jenkin...@googlegroups.com, Lucie Votypkova
Oliver,
I don't understand what you're asking for.
> On 28. Nov 2017, at 20:26, Oliver Gondža <ogo...@gmail.com> wrote:
>
> Some of these are maintained by us, please grant access to olivergondza for:
>
> - exclude-matrix-parent
You already have write via Everyone, unchanged from yesterday.
> - openstack-cloud-plugin
You already have admin via per-repo team, unchanged from yesterday.
> And to lvotypko for:
>
> - keep-slave-offline-plugin
She already has write via Everyone, unchanged from yesterday.
> - Matrix-sorter-plugin
I cleaned this one up manually earlier today when removing an unrelated repo's team. She always had write access except perhaps for a minute earlier today.
> - upstream-downstream-view-plugin
This is the only one in which I actually removed access (by removing the 'computer-queue-plugin Developers' team from the repo). I granted it again via bot.
If you're asking for something different, please clarify, ideally in an INFRA issue. Most of this seems unrelated to what I did today.
Thanks!
Daniel
I don't understand what you're asking for.
> On 28. Nov 2017, at 20:26, Oliver Gondža <ogo...@gmail.com> wrote:
>
> Some of these are maintained by us, please grant access to olivergondza for:
>
> - exclude-matrix-parent
> - openstack-cloud-plugin
You already have admin via per-repo team, unchanged from yesterday.
> And to lvotypko for:
>
> - keep-slave-offline-plugin
> - Matrix-sorter-plugin
I cleaned this one up manually earlier today when removing an unrelated repo's team. She always had write access except perhaps for a minute earlier today.
> - upstream-downstream-view-plugin
This is the only one in which I actually removed access (by removing the 'computer-queue-plugin Developers' team from the repo). I granted it again via bot.
If you're asking for something different, please clarify, ideally in an INFRA issue. Most of this seems unrelated to what I did today.
Thanks!
Daniel
Daniel Beck
Dec 1, 2017, 1:55:56 AM12/1/17
to jenkin...@googlegroups.com
> On 28. Nov 2017, at 14:59, Daniel Beck <m...@beckweb.net> wrote:
>
> These three repos have so many team associations that they break the GitHub UI (90-130 teams each), so I'm in contact with GitHub support to fix them:
> emmacoveragecolumn-plugin
> matrix-reloaded-plugin
> selenium-tests
Added these repos and potentially impacted users to INFRA-1421.
Joseph P
Dec 3, 2017, 2:21:55 PM12/3/17
to Jenkins Developers
Don't know why I was on so many repos, that I have never touched when looking that INFRA-1421 😕
In any case, I lost my accurev-plugin admin rights a couple of months ago, could I have it back? 😊
In any case, I lost my accurev-plugin admin rights a couple of months ago, could I have it back? 😊
Daniel Beck
Dec 3, 2017, 3:46:49 PM12/3/17
to jenkin...@googlegroups.com
> On 3. Dec 2017, at 20:21, Joseph P <jose...@gmail.com> wrote:
>
> Don't know why I was on so many repos, that I have never touched when looking that INFRA-1421 😕
> In any case, I lost my accurev-plugin admin rights a couple of months ago, could I have it back? 😊
Further requests should probably filed as INFRA issues, 'github' component. I know I asked for responses to this thread, but issues have the advantage of going straight into my inbox, while not polluting anyone else's ;-)
Reply all
Reply to author
Forward
0 new messages