Project Administration¶
This section documents all the information necessary to administer the infrastructure which makes the project possible.
Tooling¶
Indices and tables¶
Secrets¶
SSL certificates for all HTTPS-enabled domains are retrieved via Let’s Encrypt, so that data does not represent an explicitly-managed secret.
Third-party account owners¶
(unknown registrar): https://web-platform-tests.org
(unknown registrar): https://w3c-test.org
(unknown registrar): http://testthewebforward.org
Google Domains: https://wpt.fyi
GitHub: web-platform-tests
GitHub: w3c
Google Cloud Platform: wptdashboard{-staging}
Google Cloud Platform: wpt-live
The DNS for wpt.live, not-wpt.live, wptpr.live, and not-wptpr.live are also managed in this project, while the domains are registered with a Google-internal mechanism.
Google Cloud Platform: wpt-pr-bot
E-mail address: [email protected]
GitHub: @wpt-pr-bot account
Emergency playbook¶
Lock down write access to the repo¶
Recommended but not yet verified approach: Create a new branch protection
rule
that applies to * (i.e. all branches), and check “Restrict who can push to
matching branches”. This should prevent everyone except those with the
“Maintain” role (currently only the GitHub admins listed above) from pushing
to any branch. To lift the limit, delete this branch protection rule.
Alternative approach proven to work in #21424: Go to manage access, and change the permission of “reviewers” to “Read”. To lift the limit, change it back to “Write”. This has the known downside of resubscribing all reviewers to repo notifications.