Managing plugin permissions
This page documents managing permissions for plugin maintainers. There are 2 main permissions available to plugin contributors:
-
GitHub permissions. It includes merging pull requests, push to the repositories, managing GitHub applications, etc. The effective list of permissions depends on the permission levels, see below.
-
Release Permissions which are needed to deploy releases to the Jenkins artifact repository. Snapshots can be deployed by contributors without this permission.
If you want to adopt a plugin, please see Adopt a Plugin instead. |
GitHub Permissions
GitHub permissions in Jenkins are managed by GitHub teams.
Almost every plugin has a <pluginId> Developers
team created specifically for this plugin.
This team may have a different permission level depending on time of creation.
For all new repositories we tend to grant Admin
permissions at the moment, and other plugin teams can get permissions elevated upon a request.
Changing GitHub permissions as a maintainer
Any active maintainer is eligible to add more contributors to the GitHub repository. There are multiple ways to do that:
-
Via GitHub Web Interface, if you have admin permissions in the
<pluginId> Developers
team-
It is possible to also add collaborators to repositories
-
-
Via a request in the Infrastructure help desk
-
Via a request in the developer mailing list
-
Via the ChatOps command in the
#jenkins
IRC channel, if you have voice permissions there (see the IRCBot)
Getting GitHub permissions as a non-maintainer
You will need to send a permission transfer request and to specify the permission recipient’s GitHub account and Jenkins LDAP (aka Jenkins Jira) account there. An explicit approval by an active maintainer will be required before the permission transfer happens. If there no response from a maintainer, a Plugin Adoption Process might be used to request ownership of the plugin.
There are two following ways to do that:
-
Via ChatOps command in the
#jenkins
IRC channel, if you have voice permissions there (see the IRCBot) -
Via a request in the developer mailing list.
The following approvals are generally recognized as valid:
-
Confirmation in a Jenkins Jira ticket (permission request or other ticket)
-
Explicit approval in a GitHub pull request or issue
-
The reply should be sent from a GitHub account associated with a maintainer’s Jenkins LDAP account
-
-
Confirmation in the developer mailing list.
-
The reply should be sent from the email listed in the Jenkins LDAP account
-
Other types of approval (emails from different addresses, email forwards by requesters, etc.) will be reviewed and verified by jenkinsci
GitHub administrators.
Release Permissions
Release Permissions are needed to deploy releases to the Jenkins artifact repository. Permissions to upload plugin releases are independent of GitHub push access and maintained in the Repository Permissions Updater repository.
To request upload permissions for a new maintainer:
-
If you have never done it before, you log in at least in once with your Jenkins account into the Jenkins artifact repository. Any modification to the permission files will be ineffective until then.
-
File a PR in the Repository Permissions Updater for the specific plugin repository which needs the permission change. Refer to the Repository Permissions Updater README for more detailed instructions. Once the permissions are updated, you’ll be able to release your plugin.
Permission removal can be requested in the same way, e.g. during plugin adoption.
Such requests are subject for explicit approval by contributors being removed or by jenkinsci
GitHub administrators.