CI lock-down until security releases: Feb 27th #1699
Comments
|
Doh! I meant to ping @nodejs/collaborators for my original post. So sorry for the lack of notice on this, CI is being locked down until the security release (https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/). See my comments above about having CI runs done in the meantime by finding someone with access. Posting pre-lockdown perms for my own record so it can be undone easily. |
|
Sorry, I think I missed the notification and started https://ci.nodejs.org/job/node-test-pull-request/20962/ @refack Can you make banner of the CI red again during the lockdown so that the state is more obvious? |
|
We had the same problem as last time, @mcollina couldn't get in without being added as an individual to the security matrix. nodejs/security is in there which should grant access but I think what's happening is that nodejs/security doesn't have any members, but relies on child-teams, but Jenkins isn't reading them. So I've added the sub-teams separately to Jenkins and removed @mcollina as an individual. If this works, we should probably leave this in place so we don't run into this again next time. |
|
lock-down lifted, thanks for your patience, have at it @nodejs/collaborators |
We've just announced some security releases for next week @ https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/, so we're going to lock CI down to give us some secure space to test the code properly. IIRC we left too little time during the November releases and it ended up being frantic so we're taking some extra time for this one. I'll switch it over later today to coincide with Friday morning in Europe, so you have at least 8 hours to get your jobs through before access will be limited.
During lock-down, certain people will still have access, including some Build WG members and members of the Security team (including the TSC and a few more folks). These people will be able to process jobs during lock-down and can manually submit jobs for other collaborator's PRs at their discretion. However, priority will be given to jobs related to the security releases so there may be cancellation of existing jobs if they are unrelated. Feel free to bug a TSC member or someone you know has access if you have a PR that needs running and they can make a decision.
@mcollina, @sam-github and myself are the ones most likely to be running jobs related to the release and will give ourselves permission to cancel anything unrelated if the queue gets in our way.
The text was updated successfully, but these errors were encountered: