Long-Term Automation Manager Improvements #223
Description
These issues don't necessarily need to be done right away, but are tasks which we'll likely eventually want to tackle as things grow more sophisticated.
- Avoid building on the built-in node. Per Jenkins documentation, any builds running on the built-in node have the same level of access to the controller file system as the Jenkins process. Instead, use agents ("statically configured or provided by clouds") to run builds.
- Identify more secure way of storing secrets and environment variables -- currently, in builds, secrets are stored in plain-text within the builds. Since only two people -- administrators -- have access to these at the moment, that's not the worst thing, but should likely be adjusted over the long term.
- Determine more granular forms of user access -- if we want to eventually delegate some of this work, we may want to determine how to create users with different permissions and then how to assign them to others.
- Currently, some parts of setup scripts don't work from Jenkins and have to be performed by an administrator entering the droplet via a console. This is less than desirable, and we'd benefit from figuring out how to work around that. This may relate to...
- Look into using containers rather than builds directly on the Jenkins build server. #225
- Set up system for sending discord notifications, emails, and/or texts when automation jobs fail. #227