Red Hat Bugzilla – Bug 825360
Application template quickstarts should pull from a controlled, non-master branch
Last modified: 2015-05-14 21:10:52 EDT
Starting this sprint application templates will be available to our users through the UI that allows them to create a full featured application with a single click. The Git source for each app will be the quickstart.
For security reasons we want to ensure that the branch of quickstart code that is used by the template is very highly reviewed. These will be public repositories and are part of our opensource strategy, but we need to ensure that we don't open an attack vector (malicious user injects vuln. into quickstart, user clones quick start, attacker attacks their app). We also want to allow test to verify certain branches.
So, for each application template we create based on a public quickstart I recommend we create an application_template branch that a) is the source Git URL for the template) and b) only pushed to by the owner of the repo. If we need additional security, we may want an official fork but that adds additional process. I do not think we need a staging branch for these.
The test team will need to validate quickstart code that makes it into the template AND test it against the staging/production systems when it is updated.
The initial templates are:
Each of these will need a branch created and the templates updated to point to the branch as the Git source.
Required to enable templates in production.
Created User Story to capture this.
This was finally implemented this sprint in https://trello.com/c/VIrKJHSF