Skip to content

Commit

Permalink
Support exclusive CD mode, disallow CD releases if there are no maint…
Browse files Browse the repository at this point in the history 
…ainers (#3616)

Co-authored-by: Daniel Beck <[email protected]>
  • Loading branch information
@daniel-beck
daniel-beck and daniel-beck authored Nov 28, 2023
1 parent a2087a6 commit c21edbc
Show file tree
Hide file tree
Showing 41 changed files with 177 additions and 144 deletions.
12 changes: 12 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,13 +98,25 @@ cd:
enabled: true
```

For this to work, there needs to be at least one developers listed.
If the list of developers is empty or missing entirely (e.g., after the last maintainer steps down), no new releases can be published through JEP-229 CD.

**IMPORTANT:**
When using JEP-229 CD, [every committer to your repository](https://www.jenkins.io/doc/developer/publishing/source-code-hosting/) can create new releases by merging pull requests.
As a result, the list of maintainer accounts maintained in your plugin's YAML file is no longer the single reference on who can publish new releases.
Be sure to check [which users have commit access](https://www.jenkins.io/doc/developer/publishing/source-code-hosting/) to your repository and remove any that are unexpected before enabling CD, as well as any unexpected [deploy keys](https://docs.github.com/en/developers/overview/managing-deploy-keys).
Additionally, the users listed in this repository still serve as the contacts for security issues and plugin/component governance questions.
For that reason, CD permissions are also only granted to components with at least one maintainer.
In particular, the Jenkins security team will _not_ make an effort to reach out to GitHub committers when maintainers (and security contacts, see below) are unresponsive before [announcing vulnerabilities without a fix](https://www.jenkins.io/security/plugins/#unresolved).

It is also possible to enable JEP-229 CD exclusively, i.e., the listed users will not be able to create new releases, but remain contacts for security issues and plugin/component governance questions.

```yaml
cd:
enabled: true
exclusive: true
```


Managing Security Process
-------------------------
Expand Down
4 changes: 3 additions & 1 deletion permissions/component-core-annotation-processors.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ name: "core-annotation-processors"
github: "jenkinsci/core-annotation-processors"
cd:
enabled: true
exclusive: true
paths:
- "org/jenkins-ci/core-annotation-processors"
developers: []
developers:
- "@core"
3 changes: 3 additions & 0 deletions permissions/component-jellydoc-annotations.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,6 @@ paths:
- "io/jenkins/tools/maven/jellydoc-annotations"
cd:
enabled: true
exclusive: true
developers:
- "@core"
3 changes: 3 additions & 0 deletions permissions/component-jellydoc-maven-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,6 @@ paths:
- "io/jenkins/tools/maven/jellydoc-maven-plugin"
cd:
enabled: true
exclusive: true
developers:
- "@core"
3 changes: 3 additions & 0 deletions permissions/component-license-maven-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,6 @@ paths:
- "io/jenkins/tools/maven/license-maven-plugin"
cd:
enabled: true
exclusive: true
developers:
- "@core"
3 changes: 3 additions & 0 deletions permissions/component-stapler-maven-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@ paths:
- "io/jenkins/tools/maven/stapler-maven-plugin"
cd:
enabled: true
exclusive: true
developers:
- "@core"
4 changes: 3 additions & 1 deletion permissions/component-stapler.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ name: "stapler"
github: "jenkinsci/stapler"
cd:
enabled: true
exclusive: true
paths:
- "org/kohsuke/stapler/stapler*"
developers: []
developers:
- "@core"
3 changes: 3 additions & 0 deletions permissions/component-taglib-xml-writer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,6 @@ paths:
- "io/jenkins/tools/maven/taglib-xml-writer"
cd:
enabled: true
exclusive: true
developers:
- "@core"
5 changes: 2 additions & 3 deletions permissions/plugin-any-buildstep.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/any-buildstep"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-anything-goes-formatter.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/anything-goes-formatter"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-backup-interrupt-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "jenkins/ci/plugins/backup/backup-interrupt-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-build-cause-run-condition.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/build-cause-run-condition"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-build-keeper-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/build-keeper-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-console-tail.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/console-tail"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-copy-project-link.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ paths:
- "hudson/plugins/copyProjectLink/copy-project-link"
- "org/jenkins-ci/plugins/copy-project-link"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-create-fingerprint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/create-fingerprint"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-downstream-buildview.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jvnet/hudson/plugins/downstream-buildview"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-downstream-ext.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/downstream-ext"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-envfile.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/envfile"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-fail-the-build-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/fail-the-build-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-favorite-view.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/favorite-view"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-groovy-remote.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkinsci/plugins/groovy-remote"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-hsts-filter-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/hsts-filter-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-jqs-monitoring.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/jqs-monitoring"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-kpp-management-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "sic/software/kpp-management-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-nant.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/nant"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-openid4java.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/openid4java"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-progress-bar-column-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/progress-bar-column-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-project-stats-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/project-stats-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-sbt.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ paths:
- "org/jenkins-ci/plugins/sbt"
- "org/jvnet/hudson/plugins/sbt"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-scoring-load-balancer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "jp/ikedam/jenkins/plugins/scoring-load-balancer"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-slave-status.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jvnet/hudson/plugins/slave-status"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-statusmonitor.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jvnet/hudson/plugins/statusmonitor"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-svn-revert-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/svn-revert-plugin"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-svncompat14.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jvnet/hudson/plugins/svncompat14"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-template-workflows.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins/plugin/templateWorkflows/template-workflows"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-text-finder-run-condition.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/text-finder-run-condition"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
5 changes: 2 additions & 3 deletions permissions/plugin-windows-exe-runner.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,5 @@ issues:
paths:
- "org/jenkins-ci/plugins/windows-exe-runner"
developers: []
#CD blocked for lack of maintainers
#cd:
# enabled: true
cd:
enabled: true
3 changes: 3 additions & 0 deletions permissions/pom-jellydoc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,6 @@ paths:
- "io/jenkins/tools/maven/jellydoc"
cd:
enabled: true
exclusive: true
developers:
- "@core"
Loading

0 comments on commit c21edbc

Please sign in to comment.