|
| 1 | +# Access to Node.js Infrastructure |
| 2 | + |
| 3 | +Documents which groups have access to which Infra assets. Note that links to |
| 4 | +`@nodejs/` teams are not visible to people who aren't in the Nodejs |
| 5 | +organisation, so those links may not work for you. The [secrets repo][] is also |
| 6 | +secret... |
| 7 | + |
| 8 | +## Machine Access |
| 9 | + |
| 10 | +For a list of machines, see the [inventory.yml][]. Secrets are stored in the |
| 11 | +[secrets repo][], which [@nodejs/build][] (and [org owners][]) have access to. |
| 12 | +Secrets are individually encrypted, so access to the repo does not itself |
| 13 | +give access to any of the secrets within. For more info see the repo's README. |
| 14 | + |
| 15 | +### Test machines |
| 16 | + |
| 17 | +[@nodejs/build][] have root access to the test CI machines (`test-*`). |
| 18 | + |
| 19 | +### Infra machines |
| 20 | + |
| 21 | +A subsection of build members have access to infra machines |
| 22 | +(`infra-*`). The current list is: |
| 23 | + |
| 24 | +- Johan Bergström [@jbergstroem](https://github.com/jbergstroem) |
| 25 | +- João Reis [@joaocgreis](https://github.com/joaocgreis) |
| 26 | +- Michael Dawson [@mhdawson](https://github.com/mhdawson) |
| 27 | +- Rod Vagg [@rvagg](https://github.com/rvagg) |
| 28 | + |
| 29 | +### Release machines |
| 30 | + |
| 31 | +A subsection of build members have access to infra machines |
| 32 | +(`infra-*`). The current list is: |
| 33 | + |
| 34 | +- Johan Bergström [@jbergstroem](https://github.com/jbergstroem) |
| 35 | +- João Reis [@joaocgreis](https://github.com/joaocgreis) |
| 36 | +- Rod Vagg [@rvagg](https://github.com/rvagg) |
| 37 | + |
| 38 | +## Infra Access |
| 39 | + |
| 40 | +There are a number of other infra assets maintained by the Build WG, accesses |
| 41 | +are as follows. |
| 42 | + |
| 43 | +Note that the machines that our Jenkins instances run on are `infra` machines, |
| 44 | +and thus any task that requires access to the machine requires `infra` access. |
| 45 | + |
| 46 | +### [ci.nodejs.org](ci.nodejs.org) |
| 47 | + |
| 48 | +- [@nodejs/collaborators][] have access to run Node core tests. |
| 49 | + |
| 50 | +- Run and configure access for other jobs is controlled by the teams who own them |
| 51 | +(for example, the [post-mortem jobs][] are run by [@nodejs/post-mortem][], and |
| 52 | +configured by [@nodejs/post-mortem-admins][]. For more info see the [Jenkins |
| 53 | +access doc][]. |
| 54 | + |
| 55 | +- [@nodejs/build][] have machine access (the ability to add, remove, and |
| 56 | +configure machines). |
| 57 | + |
| 58 | +- [@nodejs/jenkins-admins][] have admin access. |
| 59 | + |
| 60 | +### [ci-release.nodejs.org](ci-release.nodejs.org) |
| 61 | + |
| 62 | +- [@nodejs/release][] have access to run builds. |
| 63 | + |
| 64 | +- [@nodejs/jenkins-admins][] have admin access. |
| 65 | + |
| 66 | +### [github-bot][] |
| 67 | + |
| 68 | +Those with `github-bot` access have access to the Github Bot's configuration, |
| 69 | +including Github and Jenkins secrets. |
| 70 | + |
| 71 | +The following have access: |
| 72 | + |
| 73 | +- Johan Bergström [@jbergstroem](https://github.com/jbergstroem) |
| 74 | +- João Reis [@joaocgreis](https://github.com/joaocgreis) |
| 75 | +- Rod Vagg [@rvagg](https://github.com/rvagg) |
| 76 | +- Phillip Johnsen [@phillipj](https://github.com/phillipj) |
| 77 | +- Hans Kristian Flaatten [@Starefossen](https://github.com/Starefossen) |
| 78 | + |
| 79 | + |
| 80 | +[@nodejs/build]: https://github.com/orgs/nodejs/teams/build/members |
| 81 | +[@nodejs/collaborators]: https://github.com/orgs/nodejs/teams/collaborators/members |
| 82 | +[@nodejs/jenkins-admins]: https://github.com/orgs/nodejs/teams/jenkins-admins/members |
| 83 | +[@nodejs/post-mortem-admins]: https://github.com/orgs/nodejs/teams/post-mortem-admins/members |
| 84 | +[@nodejs/post-mortem]: https://github.com/orgs/nodejs/teams/post-mortem/members |
| 85 | +[@nodejs/release]: https://github.com/orgs/nodejs/teams/release/members |
| 86 | +[Jenkins access doc]: /doc/process/jenkins_job_configuration_access.md |
| 87 | +[github-bot]: https://github.com/nodejs/github-bot |
| 88 | +[inventory.yml]: /ansible/inventory.yml |
| 89 | +[org owners]: https://github.com/orgs/nodejs/people?utf8=%E2%9C%93&query=%20role%3Aowner |
| 90 | +[post-mortem jobs]: https://ci.nodejs.org/view/post-mortem/ |
| 91 | +[secrets repo]: https://github.com/nodejs/secrets |
0 commit comments