[Nix-dev] More permissions on hydra for people with push access

Eelco Dolstra eelco.dolstra at logicblox.com
Wed Feb 26 13:00:28 CET 2014


Hi,

On 20/02/14 22:45, Pascal Wittmann wrote:

> in #nixos the question came up why people with push access to the
> nixpkgs repository do not have the right to e.g. restart jobs or create
> jobsets on hydra. Vladimír Čunát and I think that people that have push
> access to nixpkgs should be trusted anyway. IMO this would make NixOS
> development easier. For example commits like "whitespace change to
> trigger a rebuild" would be no longer necessary and creating jobsets
> would ease the testing of stdenv changes.
> 
> So, whats the reason for the current policy of granting only very few
> people those rights on hydra? Wouldn't it make sense to grant those
> rights to all with push access?

Currently there are two problems:

- Hydra doesn't have very fine-grained access controls.  IIRC, if you're a
project member, you can do anything with that project (including deleting it).

- A full Nixpkgs jobset is almost 25K jobs, so allowing everybody to create
jobsets for Nixpkgs branches would be pretty expensive.  There is a
"release-small.nix" jobset which contains far fewer jobs, but it might not test
what you want to be tested.

The ideal would be to create jobsets automatically for Git branches and pull
requests.  Then you wouldn't need admin access to Hydra.  But it still leaves
problem #2.

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/


More information about the nix-dev mailing list