Manage jenkinsci GitHub permissions as code

To manage artifactory permission, diverge between Jira and GitHub issues, and activate automatic releases, the jenkinsci organization uses a tool called repository permission updater (RPU).

Despite the name containing "repository permission", the RPU can’t update or manage repository permission at all. Currently, all team modifications are done manually by the hosting team.

The RPU is a critical component in the jenkinsci infrastructure and is used daily to onboard new plugins and update release permission.

The project aims to build on top of the existing RPU logic and manage GitHub teams and individual users (for legacy reasons, we strive to use teams only), defined as a list in the pre-existing YAML file, which every repository within the jenkinsci GitHub organization has.

Every YAML file within the RPU is expected to have a team defined with a list of users, where the RPU updates the team membership to match the list of users defined in the YAML file in the jenkinsci organization.

Initially, we need to copy all teams and users added to every repository of the jenkinsci GitHub organization and add them to the permission files in the RPU.

Hosting new plugins adds an entry automatically to the new YAML file.

Beginner

175 hours

A functional "as-code" version of the RPU to manage GitHub teams and users (for legacy reasons) within the jenkinsci organization. If a filed pull request has been merged, the corresponding team should be updated to match the list of users defined in the YAML file. If needed, an invitation should be sent to the user to join the team.