Transfer Jenkins OAuth Application to nodejs (from rvagg)

[gibfahn]

I noticed that the ci.nodejs.org Jenkins Auth plugin is still owned by @rvagg. It would be good if we could transfer it to the Node.js org so it looks more official.

Apparently you go Setting->Oauth->Transfer and then specify nodejs (cc/ @gdams who's done it before).

[gibfahn]

Adding wg-agenda to check that this is okay in the meeting.

[gibfahn]

Couple of points brought up in the meeting.

• Is it an easy process?
  • As I noted above, it should be a two minute change.
• Will there be any loss of data from moving it?
  • There shouldn't be, and in any case if we lose the cache that just means everyone has to click the button again, which isn't the end of the world.
• Does the app know any sensitive information that we wouldn't want to be accessible to nodejs owners?
  • I think it just gets read access to email addresses, and org/team membership, so that shouldn't be too worrying.

Overall no-one had any particular concerns, so @rvagg does this make sense?

[rvagg]

Fine by me, it was done under my name because nodejs is an org, not a user, but if this is possible then 👍

[rvagg]

OK, so it's possible to transfer to an org, the next question is permission. I don't know who gets access to the secret on this in the org, and we have a lot of org members. Instead of trying to find a doc (I can't so far), how about we test. I've made a new OAuth app for the nodejs org, can you all report whether you can see this or not? https://github.com/organizations/nodejs/settings/applications/517086

[rvagg]

There's a second app btw, the Node.js Release Jenkins one

[gdams]

@rvagg I believe that it's only the owner of the org who has full permissions

[gibfahn]

can you all report whether you can see this or not?

I can't see it

[rvagg]

OK, well that's no good, since @gibfahn isn't even an org owner, we don't really want that key to be leaked

[gibfahn]

OK, well that's no good, since @gibfahn isn't even an org owner, we don't really want that key to be leaked

To clarify, I am not able to see it, which suggests to me that it's only org owners who can.

[mhdawson]

I can see it.

[gibfahn]

ping @rvagg , given that I think we've established that only org owners can see it, maybe time to make the move?

cc/ @Trott

[Trott]

Came up again today onboarding @BridgeAR. Not a big deal, but don't want this to be forgotten about. kthxbai

[rvagg]

Well that was much easier than I thought, nothing needed to change on the Jenkins end, just needed to do the transfer on the GitHub side and didn't need to touch Jenkins. So all done!