Shane, Thank you for initiating this work! Can we do an audit of jenkins users and trim down the list?
re pruning external (spark-specific) users w/shell and jenkins login access: we can absolutely do this.
limiting logins for EECS students/faculty/staff is possible, but i will need to do some experiments. we're using SSSD to manage our LDAP logins, and it is supposed to handle group filtering but i haven't had much luck actually getting it working.
well, since the creds in the repo are actually encrypted, i think that keeping them in there is actually fine. since i wasn't the one who set any of this up, however, i will defer to josh about this.
Not sure if that's what you meant; but it should be ok for the jenkins
servers to manually sync with master after you (or someone else) have
verified the changes. That should prevent inadvertent breakages since
I don't expect it to be easy to test those scripts without access to
some test jenkins server.
JJB has some built-in lint and testing, so that'll be the first step in verifying the build configs.
i still have a dream where i have a fully functioning jenkins staging deployment... one day i will make that happen. :)
UC Berkeley EECS Research / RISELab Staff Technical Lead