Page MenuHomePhabricator

Share Appveyor account credentials with Release Engineering
Open, LowPublic

Description

An account on http://www.appveyor.com was *manually* created using @jayvdb's email address and a new password. It is easy to switch email addresses, once I know what to change it to, and can hand over the password but that is probably unnecessary once the email address has changed as the password recovery could be used to get a new one.

Event Timeline

jayvdb created this task.Jun 30 2015, 9:50 AM
jayvdb assigned this task to MoritzMuehlenhoff.
jayvdb raised the priority of this task from to Needs Triage.
jayvdb updated the task description. (Show Details)
jayvdb added a project: acl*sre-team.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptJun 30 2015, 9:50 AM

@MoritzMuehlenhoff we would like to hold the password / email in the gpg backed credential store that got recently introduced for WMF.

Do we have a generic/ops email we can use for the account?

I am not sure who would need access to the pass. Probably all of Release-Engineering-Team since we are the primary point of contact for anything CI related and provide support for the community. But then I am a bit afraid of having to maintain a GPG key :-/

@MoritzMuehlenhoff we would like to hold the password / email in the gpg backed credential store that got recently introduced for WMF.
Do we have a generic/ops email we can use for the account?

pwstore provides an ACL mechanism for each password file. We can specify a group releng which consists of all the key IDs of the people who should have access.

I am not sure who would need access to the pass. Probably all of Release-Engineering-Team since we are the primary point of contact for anything CI related and provide support for the community. But then I am a bit afraid of having to maintain a GPG key :-/

Maybe you can discuss who should have access at a releng meeting or similar?

Instructions for PGP use are at https://wikitech.wikimedia.org/wiki/PGP_Keys.

When I get a list of PGP fingerprints I can setup the releng password stash (which once done could easily be used for further releng password maintenance).

MoritzMuehlenhoff triaged this task as Low priority.Jul 22 2015, 2:06 PM
MoritzMuehlenhoff set Security to None.
greg added a subscriber: greg.

What/who uses this appveyor account?

valhallasw added a subscriber: valhallasw.EditedNov 8 2015, 4:43 PM

Pywikibot does, for running tests on Windows: https://ci.appveyor.com/project/wikimedia/pywikibot-core. Appveyor hooks into Github (comparable to Travis), hence the need for a Wikimedia account.

MoritzMuehlenhoff removed MoritzMuehlenhoff as the assignee of this task.Aug 10 2016, 2:11 PM
greg edited projects, added Pywikibot-General; removed Operations.Aug 10 2016, 5:06 PM

So, just to be clear, the pywikibot team wants the WMF Release Engineering team to own this account?

As this account is not something that RelEng set up nor maintains I will suggest that the pywikibot team maintain it on-going. We (RelEng) can hold a copy of the password for safe-keeping, if still desired.

greg renamed this task from Manage Appveyor account to Share Appveyor account credentials with Release Engineering.Aug 10 2016, 5:07 PM
greg added a comment.Aug 7 2017, 5:55 PM

We (RelEng) can hold a copy of the password for safe-keeping, if still desired.

Otherwise let's close this :)

Dvorapa added a subscriber: Dvorapa.Jun 9 2018, 9:44 PM

Finally Pywikibot team went to a phase when the AppVeyor builds are not working and AppVeyor account credentials are unknown to fix the issue. See T183860 for more details...

Xqt added a subscriber: Xqt.Sep 27 2018, 1:10 PM

There is some documentation at https://www.appveyor.com/docs/team-setup/ Seems the AppVeyor accounts/team can be tied to the GitHub ones.