hmm http://docs.buildbot.net/current/manual/configuration/workers-docker.html
might be better On Fri, Jan 11, 2019 at 5:58 PM Gavin McDonald <ipv6g...@gmail.com> wrote: > > https://github.com/buildbot/buildbot-docker-example-config/blob/master/multimaster/docker-compose.yml > > Buildbot is very configurable > > Gav... > > On Fri, Jan 11, 2019 at 6:28 AM Joan Touzet <woh...@apache.org> wrote: > >> > > I believe this is the missing piece for Jenkins CI. >> > >> > Nope. Though configuring the behaviour for untrusted refs is a bit of >> > a dark magic. For one the Authorize Project plugin was implemented >> > without anyone paying attention to the permissions stuff in the >> > Credentials plugin... so there are some minor pitfalls there... >> > mostly around people not actually understanding what the different >> > credentials stores are for. Then the SCM API trusted refs stuff is >> > poorly understood... and finally on top of all that Pipeline >> > currently runs the Groovy script on the master so you cannot verify >> > untrusted refs that change the Jenkinsfile while having the security >> > protections. >> > >> > But you can most certainly set up Jenkins to have access to a user's >> > deployment credentials when triggered by the user wanting to deploy >> > while preventing PRs from accessing those credentials... However it >> > probably requires a Jenkins Ninja such as myself, KK, Jesse or Oleg >> > to set it up! >> > >> > New initiatives in Jenkins will help make these things accessible to >> > people not intimately aware of the finer details of how Jenkins >> > works >> >> I'm willing to believe that Jenkins, the software, is incapable of >> this, though more detail would be nice rather than just "trust me, >> it's hard." >> >> What about buildbot? Or another technology we could use with INFRA's >> support? Last time I looked at buildbot, its integration with Docker >> was very poor. >> >> I don't have any special attachment to Jenkins. >> >> -Joan >> > > > -- > Gav... > -- Gav...
