Skip to content

Consider better separation of public CI validation and release infrastructure #243

Closed
@retronym

Description

@retronym

While we're beefing up the security of our Jenkins install, it occurred to me that we should probably run two Jenkins installs: one that does all the stuff that only needs the "public" nodes, and another that does the releases and needs the "publish" node, which has some secrets to protect. We could place that private Jenkins behind a VPN, rather than expose it directly to the internet.

This would protect us better from vulnerabilities in Jenkins (or our configuration of it).

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions