Documents which groups have access to which Infra assets. Note that links to
@nodejs/ teams are not visible to people who aren't in the Nodejs
organisation, so those links may not work for you. The secrets repo is also
secret...
For a list of machines, see the inventory.yml. Secrets are stored in the secrets repo, which @nodejs/build (and org owners) have access to. Secrets are individually encrypted, so access to the repo does not itself give access to any of the secrets within. For more info see the repo's README.
@nodejs/build have root access to the test CI machines (test-*). The list
of members is here.
A subsection of build members have access to infra machines
(infra-*). The list of members is here.
The infra group also have access to:
- DigitalOcean Droplets (individual accounts)
- Joyent
- MacStadium
- Packet.net (individual accounts)
- Rackspace (individual accounts)
- Scaleway
- SoftLayer (individual accounts)
- linuxOne
- Cloudflare
- Mailgun email (uses Rackspace login)
A subsection of build members have access to release machines
(release-*). The list of members is here.
There are a number of other infra assets maintained by the Build WG, accesses are as follows.
Note that the machines that our Jenkins instances run on are infra machines,
and thus any task that requires access to the machine requires infra access.
-
@nodejs/collaborators have access to run Node core tests.
-
Run and configure access for other jobs is controlled by the teams who own them (for example, the post-mortem jobs are run by @nodejs/post-mortem, and configured by @nodejs/post-mortem-admins. For more info see the Jenkins access doc.
-
@nodejs/build have machine access (the ability to add, remove, and configure machines).
-
@nodejs/jenkins-admins have admin access.
-
@nodejs/release have access to run builds.
-
@nodejs/jenkins-admins have admin access.
Those with github-bot access have access to the GitHub Bot's configuration,
including GitHub and Jenkins secrets. The list of members is
here.