I did a quick bit of prototyping last weekend and found out that GitHub graphql APIs make it very easy to pull team membership down - getAllTeamsAndMembers.graphql · GitHub - so we can get the existing data, which makes it easy to see who we’d need to invite.
The problem comes, as always, as a naming issue. What format do we want to store this data in? Right now the best place seems to be in GitHub - jenkins-infra/repository-permissions-updater: Artifactory permissions synchronization tool and data set with the rest of the permissions for plugins/core.
Tim’s suggestion (which I really really like) is
name: "acceptance-test-harness" github: "jenkinsci/acceptance-test-harness" paths: - "org/Jenkins-ci/acceptance-test-harness" maintainers: # intentionally renamed from developers to possibly make it easier to adapt between old and new format, may not be needed - jenkins_id: "jglick" github: "jglick" - jenkins_id: "olivergondza" github: "ogondza" - group: cloudbees-developers # or team maybe ---- name: "cloudbees-developers" maintainers: - jenkins_id: "teilo" github: "jtnord" # ....
Which has the advantages of creating a mapping of Jenkins LDAP ids, and GitHub accounts. Maybe even something we can use or map in keycloak/beta.accounts.jenkins.io
The downside is currently how to populate that. I think the mapping would have to be done by hand. I think for now I can get away with having one row for jenkins_id, and one for GitHub, and not merge them yet.
developers: - jenkins_id: "jglick" release: false # don't give them publish permissions, just commit permissions. # Not really needed when things are split up. - gitHub: "jglick" - jenkins_id: "olivergondza" - github: "ogondza" - team: cloudbees-developers
So while I prototype it a bit, I figured I would ask others if they had any ideas for layouts or other feedback.