Project Administration

This section documents all the information necessary to administer the infrastructure which makes the project possible.

Tooling

Indices and tables

Secrets

SSL certificates for all HTTPS-enabled domains are retrieved via Let’s Encrypt, so that data does not represent an explicitly-managed secret.

Third-party account owners

  • (unknown registrar): https://web-platform-tests.org

    • jgraham@hoppipolla.co.uk

  • (unknown registrar): https://w3c-test.org

    • mike@w3.org

  • (unknown registrar): http://testthewebforward.org

    • web-human@w3.org

  • Google Domains: https://wpt.fyi

    • danielrsmith@google.com

    • foolip@google.com

    • kyleju@google.com

    • pastithas@google.com

  • GitHub: web-platform-tests

  • GitHub: w3c

  • Google Cloud Platform: wptdashboard{-staging}

    • danielrsmith@google.com

    • foolip@google.com

    • kyleju@google.com

    • pastithas@google.com

  • Google Cloud Platform: wpt-live

    • danielrsmith@chromium.org

    • foolip@chromium.org

    • kyleju@chromium.org

    • mike@bocoup.com

    • pastithas@chromium.org

    • The DNS for wpt.live, not-wpt.live, wptpr.live, and not-wptpr.live are also managed in this project, while the domains are registered with a Google-internal mechanism.

  • Google Cloud Platform: wpt-pr-bot

    • danielrsmith@google.com

    • foolip@google.com

    • kyleju@google.com

    • pastithas@google.com

  • E-mail address: wpt.pr.bot@gmail.com

    • jamescscott@google.com

    • boaz@bocoup.com

    • mike@bocoup.com

  • GitHub: @wpt-pr-bot account

    • jamescscott@google.com

    • boaz@bocoup.com

    • mike@bocoup.com

Emergency playbook

Lock down write access to the repo

Recommended but not yet verified approach: Create a new branch protection rule that applies to * (i.e. all branches), and check “Restrict who can push to matching branches”. This should prevent everyone except those with the “Maintain” role (currently only the GitHub admins listed above) from pushing to any branch. To lift the limit, delete this branch protection rule.

Alternative approach proven to work in #21424: Go to manage access, and change the permission of “reviewers” to “Read”. To lift the limit, change it back to “Write”. This has the known downside of resubscribing all reviewers to repo notifications.