Project Administration¶
This section documents all the information necessary to administer the infrastructure which makes the project possible.
Secrets¶
SSL certificates for all HTTPS-enabled domains are retrieved via Let’s Encrypt, so that data does not represent an explicitly-managed secret.
Third-party account owners¶
(unknown registrar): https://web-platform-tests.org
jgraham@hoppipolla.co.uk
(unknown registrar): https://w3c-test.org
mike@w3.org
(unknown registrar): http://testthewebforward.org
web-human@w3.org
Google Domains: https://wpt.fyi
smcgruer@google.com
foolip@google.com
(Google internal): https://wpt.live
smcgruer@google.com
foolip@google.com
GitHub: web-platform-tests
GitHub: w3c
Google Cloud Platform: wptdashboard{-staging}
smcgruer@google.com
foolip@google.com
Google Cloud Platform: wpt-live
smcgruer@google.com
Google Cloud Platform: wpt-pr-bot
smcgruer@google.com
E-mail address: wpt.pr.bot@gmail.com
smcgruer@google.com
boaz@bocoup.com
mike@bocoup.com
simon@bocoup.com
GitHub: @wpt-pr-bot account
smcgruer@google.com
boaz@bocoup.com
mike@bocoup.com
simon@bocoup.com
Emergency playbook¶
Lock down write access to the repo¶
Recommended but not yet verified approach: Create a new branch protection
rule
that applies to * (i.e. all branches), and check “Restrict who can push to
matching branches”. This should prevent everyone except those with the
“Maintain” role (currently only the GitHub admins listed above) from pushing
to any branch. To lift the limit, delete this branch protection rule.
Alternative approach proven to work in #21424: Go to manage access, and change the permission of “reviewers” to “Read”. To lift the limit, change it back to “Write”. This has the known downside of resubscribing all reviewers to repo notifications.