This git repository is meant to simply store a json file that allows for members of the Fedora Cloud Working Group who are involved with the Fedora Two Week Atomic build pipeline to mark a known bad build of Fedora's Atomic images as bad even if the automated testing passes. This would happen for scenarios where a known vulnerable package made it into the image compose or if there's a known bug but there is yet to be a test case for it in the automated testing.
This is not meant to be the long term solution and we already have plans to improve it but the database to track all the build artifacts (PDC) will not be production ready in Fedora space in the short term.
In the bad-builds.json file we define bad builds such as:
{
"bad-builds": [
"Fedora-Cloud_Atomic-x86_64-22-20150910.iso",
"Fedora-Cloud_Atomic-x86_64-22-20150909.iso"
]
}
(Those builds aren't bad, I just needed an example)
This way pagure.io handles the authentication/authorization piece, it offers a common entry point (git) and we can grant a select group of people permission to push to master (Atomic Dev Team, Fedora QE, Rel-Eng, $other?)
Then automatic release script will pull the file, parse it and easily check to make sure the passed build candidate isn't known to be bad.