The Gatekeeper, or a project gating system
Go to file
Clark Boylan 0937872119 Use bwrap --disable-userns if possible
Newer bwrap has added the ability to disable additional nested user
namespace creation from with the bwrap execution context. Take advantage
of this feature in Zuul if we are able to in order to fortify Zuul's
security position.

In particular we need two conditions to take advantage of this. 1) bwrap
must be new enough to support the feature (>=0.8.0) and 2) we must be
running with user namespaces enabled. We explicitly check for both
conditions and add the appropriate invocation flags to bwrap when the
conditions are met.

Change-Id: Idf933a0847cb8570b551892186ca9c0057be127f
2023-05-16 10:12:21 -07:00
doc Merge "Add Gerrit pipeline trigger requirements" 2023-04-29 21:20:01 +00:00
etc Remove "sql connection" backwards compatability for database 2022-01-25 16:07:08 -08:00
playbooks Do not wait for streamer when disabled 2023-04-10 11:14:00 -07:00
releasenotes/notes Use bwrap --disable-userns if possible 2023-05-16 10:12:21 -07:00
tests Merge "Add Gerrit pipeline trigger requirements" 2023-04-29 21:20:01 +00:00
tools Revert "Test with MariaDB instead of MySQL" 2023-04-13 13:38:13 +00:00
web web: add dark mode and theme selection 2023-04-21 11:23:56 +00:00
zuul Use bwrap --disable-userns if possible 2023-05-16 10:12:21 -07:00
.coveragerc Revert "Revert "Switch to stestr"" 2018-05-17 08:33:40 -07:00
.dockerignore Add web/node_modules to dockerignore 2019-01-27 11:23:45 +01:00
.gitignore Add noxfile and switch to nox 2022-12-20 08:57:53 -08:00
.gitreview OpenDev Migration Patch 2019-04-19 19:25:28 +00:00
.mailmap Fix pep8 E127 violations 2012-09-26 14:23:10 +00:00
.stestr.conf Revert "Revert "Switch to stestr"" 2018-05-17 08:33:40 -07:00
.zuul.yaml Add container creation details 2023-04-28 15:04:46 -07:00
bindep.txt Revert "Test with MariaDB instead of MySQL" 2023-04-13 13:38:13 +00:00
COPYING Update README and add GPL license 2018-03-19 09:25:52 -07:00
Dockerfile Use bwrap --disable-userns if possible 2023-05-16 10:12:21 -07:00
LICENSE Initial commit. 2012-05-29 14:49:32 -07:00
MANIFEST.in Optimize canMerge using graphql 2020-02-28 09:43:56 +01:00
noxfile.py Merge "Switch to sqlalchemy 2.0" 2023-02-14 14:55:16 +00:00
README.rst Update README to point to Matrix, not IRC 2022-11-08 22:25:10 -08:00
reno.yaml Add reno configuration settings 2020-07-22 08:45:46 -07:00
requirements.txt Switch to sqlalchemy 2.0 2023-02-01 09:18:59 -08:00
setup.cfg Add noxfile and switch to nox 2022-12-20 08:57:53 -08:00
setup.py Partial sync with OpenStack requirements. 2013-09-25 15:30:37 -07:00
test-requirements.txt github: more complete mocking for app setup 2021-09-23 19:53:48 +10:00
TESTING.rst Update unit test container setup and instructions 2022-08-05 21:00:02 +00:00
tox.ini Add noxfile and switch to nox 2022-12-20 08:57:53 -08:00

Zuul

Zuul is a project gating system.

The latest documentation for Zuul v3 is published at: https://zuul-ci.org/docs/zuul/

If you are looking for the Edge routing service named Zuul that is related to Netflix, it can be found here: https://github.com/Netflix/zuul

If you are looking for the Javascript testing tool named Zuul, it can be found here: https://github.com/defunctzombie/zuul

Getting Help

There are two Zuul-related mailing lists:

zuul-announce

A low-traffic announcement-only list to which every Zuul operator or power-user should subscribe.

zuul-discuss

General discussion about Zuul, including questions about how to use it, and future development.

You will also find Zuul developers on Matrix <https://matrix.to/#/#zuul:opendev.org>.

Contributing

To browse the latest code, see: https://opendev.org/zuul/zuul To clone the latest code, use git clone https://opendev.org/zuul/zuul

Bugs are handled at: https://storyboard.openstack.org/#!/project/zuul/zuul

Suspected security vulnerabilities are most appreciated if first reported privately following any of the supported mechanisms described at https://zuul-ci.org/docs/zuul/user/vulnerabilities.html

Code reviews are handled by gerrit at https://review.opendev.org

After creating a Gerrit account, use git review to submit patches. Example:

# Do your commits
$ git review
# Enter your username if prompted

Join us on Matrix to discuss development or usage.

License

Zuul is free software. Most of Zuul is licensed under the Apache License, version 2.0. Some parts of Zuul are licensed under the General Public License, version 3.0. Please see the license headers at the tops of individual source files.

Python Version Support

Zuul requires Python 3. It does not support Python 2.

Since Zuul uses Ansible to drive CI jobs, Zuul can run tests anywhere Ansible can, including Python 2 environments.