Manage jenkinsci GitHub permissions as code

Project goal: Automating the management of GitHub permissions for the jenkinsci organization

Skills to study/improve: Java, Groovy, git, Maven, SnakeYAML, Data extraction from GitHub repositories, GitHub user and team management

NOTE: This idea is published as a draft under active discussion, but it is confirmed in principle. It is FINE to apply to it. The scope and the suggested implementation may change significantly before the final version is published. Sections like quickstart guide and newbie-friendly issues may be also missing. As a contributor, you are welcome to request additional information and to join the discussions using channels linked on this page.

Details

Background

To manage artifactory permission, diverge between Jira and GitHub issues, and activate automatic releases, the jenkinsci organization uses a tool called repository permission updater (RPU).

Despite the name containing "repository permission", the RPU can’t update or manage repository permission at all. Currently, all team modifications are done manually by the hosting team.

The RPU is a critical component in the jenkinsci infrastructure and is used daily to onboard new plugins and update release permission.

Quick Start

The project aims to build on top of the existing RPU logic and manage GitHub teams and individual users (for legacy reasons, we strive to use teams only), defined as a list in the pre-existing YAML file, which every repository within the jenkinsci GitHub organization has.

Every YAML file within the RPU is expected to have a team defined with a list of users, where the RPU updates the team membership to match the list of users defined in the YAML file in the jenkinsci organization.

Initially, we need to copy all teams and users added to every repository of the jenkinsci GitHub organization and add them to the permission files in the RPU.

Hosting new plugins adds an entry automatically to the new YAML file.

Skills to Study and Improve

  • Java

  • Groovy

  • git

  • Maven

  • SnakeYAML

  • GitHub API

  • Data extraction from GitHub repositories

  • GitHub user and team management

Project Difficulty Level

Beginner

Project Size

175 hours

Expected outcomes

A functional "as-code" version of the RPU to manage GitHub teams and users (for legacy reasons) within the jenkinsci organization. If a filed pull request has been merged, the corresponding team should be updated to match the list of users defined in the YAML file. If needed, an invitation should be sent to the user to join the team.

Potential Mentors

Project Links

Organization Links

> Go back to other GSoC 2024 project ideas