Managing plugin permissions

This page documents managing permissions for plugin maintainers. There are 2 main permissions available to plugin contributors:

  • GitHub permissions. It includes merging pull requests, push to the repositories, managing GitHub applications, etc. The effective list of permissions depends on the permission levels, see below.

  • Release Permissions which are needed to deploy releases to the Jenkins artifact repository. Snapshots can be deployed by contributors without this permission.

If you want to adopt a plugin, please see Adopt a Plugin instead.

GitHub Permissions

GitHub permissions in Jenkins are managed by GitHub teams. Almost every plugin has a <pluginId> Developers team created specifically for this plugin. This team may have a different permission level depending on time of creation. For all new repositories we tend to grant Admin permissions at the moment, and other plugin teams can get permissions elevated upon a request.

Changing GitHub permissions as a maintainer

Any active maintainer is eligible to add more contributors to the GitHub repository. There are multiple ways to do that:

  1. Via GitHub Web Interface, if you have admin permissions in the <pluginId> Developers team

    • It is possible to also add collaborators to repositories

  2. Via a request in the Infrastructure help desk

  3. Via a request in the developer mailing list

  4. Via the ChatOps command in the #jenkins IRC channel, if you have voice permissions there (see the IRCBot)

Getting GitHub permissions as a non-maintainer

You will need to send a permission transfer request and to specify the permission recipient’s GitHub account and Jenkins LDAP (aka Jenkins Jira) account there. An explicit approval by an active maintainer will be required before the permission transfer happens. If there no response from a maintainer, a Plugin Adoption Process might be used to request ownership of the plugin.

There are two following ways to do that:

  1. Via ChatOps command in the #jenkins IRC channel, if you have voice permissions there (see the IRCBot)

  2. Via a request in the developer mailing list.

The following approvals are generally recognized as valid:

  • Confirmation in a Jenkins Jira ticket (permission request or other ticket)

  • Explicit approval in a GitHub pull request or issue

    • The reply should be sent from a GitHub account associated with a maintainer’s Jenkins LDAP account

  • Confirmation in the developer mailing list.

    • The reply should be sent from the email listed in the Jenkins LDAP account

Other types of approval (emails from different addresses, email forwards by requesters, etc.) will be reviewed and verified by jenkinsci GitHub administrators.

Release Permissions

Release Permissions are needed to deploy releases to the Jenkins artifact repository. Permissions to upload plugin releases are independent of GitHub push access and maintained in the Repository Permissions Updater repository.

To request upload permissions for a new maintainer:

  1. If you have never done it before, you log in at least in once with your Jenkins account into the Jenkins artifact repository. Any modification to the permission files will be ineffective until then.

  2. File a PR in the Repository Permissions Updater for the specific plugin repository which needs the permission change. Refer to the Repository Permissions Updater README for more detailed instructions. Once the permissions are updated, you’ll be able to release your plugin.

Permission removal can be requested in the same way, e.g. during plugin adoption. Such requests are subject for explicit approval by contributors being removed or by jenkinsci GitHub administrators.

References