[GSOC 2024 PROJECT IDEA] Manage jenkinsci GitHub permissions as code

Hey everyone,

my name is Alex, and I am a member of the Jenkins hosting team. To manage artifactory permission, diverge between Jira and GitHub issues and activate automatic releases, we’re using a tool called “repository permission updater (RPU)”.

Despite the name contains “repository permission”, it can’t update or manage repository permission at all, and I would like to change that
Currently, every repository membership update is done manually, which can be pretty time-consuming, if you’re managing ~2,6k repositories.

The RPU is a critical component in the jenkinsci infrastructure and we use it daily to manage onboard new plugins and update release permission.

While contributing to this project, you learn how to use Jenkins differently than “just” for building projects and how to orchestrate ~2,6k repositories in a large-scale GitHub organization with more than ~2,8k members.

Project Goal
The project aims to build on top of the existing RPU logic and manage GitHub teams and individual users (for legacy reasons, we strive to use teams only), defined as list in the pre-existing YAML file, every repository within the jenkinsci GitHub organization has.

Initially, we need to copy all teams and users added to every repository of the jenkinsci GitHub organization and add them to the permission files in the RPU.

Hosting new plugins adds an entry automatically to the new YAML file.

Filing a PR towards the RPU and adding people to a team updates the team in the jenkinsci organization. Once the PR is merged, the bot sends an invitation to the user to join or organization’s team, if they’re not part of it.

Similar to CD, the bot runs periodically to ensure the files’ data is in sync with the live data on GitHub.

To sum it up, the project aims to create an “as-code” solution to turn the RPU into an automatic tool to manage GitHub team and user memberships in the jenkinsci GitHub organization.

Required Skills

• git
• Maven
• Java
• Groovy 2.x, to get a rid of the Groovy files and move to Java only.
• SnakeYAML

Skills to learn:

• github-api, the api which powers the RPU and what will be used to achive the project described.

Non-Goals
The project does not aim to rewrite the existing artifactory logic or how CD (automatic releases) is handled, there’s no need to deeply understand the Jira logic either, given the project will not touch these areas.

Don’t hesitate to reach out to me in case of questions

Best,
Alex

Let me open a PR to add this to the project ideas page soon. BTW, @NotMyFault would you be interested in becoming a potential mentor for this project?

Yes, don’t hesitate to request me for a review for the draft proposal.

This sounds interesting looking forward to contribute to this project , currently studying the code base of RPU and trying to figure out how different components work together. I know basic Java , going to read about SnakeYAML and Groovy . Hope will be able to provide some meaningful contributions.