Assuming a better solution does not exist, I _think_ what I'm ultimately asking for is a Zuul managed / JJB maintained private Jenkins instance only accessible over SSH, if that makes sense. Is there anything like that? There must be other teams in the foundation that need a secure release job and we could either leverage their solution or they ours.
The reason this is important is because we want to leverage all the effort that's been put in to building the versioned, maintained, homogeneous public WMF Jenkins instances, only privately and securely. We want to avoid a homebuilt configuration sitting on a PC in the office that we hope never breaks because it only makes sense to one engineer and they are working on something else. I really appreciate the help on this question as well as all the support that's been provided in getting our CI spinning up recently. --stephen On Wed, Aug 12, 2015 at 4:18 PM, Greg Grossmeier <[email protected]> wrote: > <quote name="Chris Steipp" date="2015-08-12" time="10:33:44 -0700"> > > Hi Michael / Stephen, > > > > Off the top of my head, I believe hashar setup something on our current > > Jenkins instance to handle passwords. But nothing extreemly secret goes > > there. > > (Others correct me if I'm wrong, but since Antoine's out...) > > Yeah, and mostly just passwords for Selenium (ie: not the end of the > world if they're exposed, they just have accounts on Beta Cluster). > > We don't have, eg, a Jenkins instance that we trust with private gpg > keys to sign release tarballs. > > Greg > > -- > | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | > | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | >
_______________________________________________ QA mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/qa
