Skip to content

Set final cutoff date for projects using SSH keys with write access #12536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 3, 2025
Merged

Set final cutoff date for projects using SSH keys with write access #12536

merged 3 commits into from
Nov 3, 2025

Conversation

@stsewd
Copy link
Member

@stsewd stsewd commented Oct 29, 2025

@stsewd stsewd requested a review from a team as a code owner October 29, 2025 18:41
@stsewd stsewd requested a review from agjohnson October 29, 2025 18:41
@stsewd stsewd requested a review from Copilot October 29, 2025 18:42
Copilot AI reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR extends the deprecation deadline for SSH keys with write access from July 31, 2025 to December 1st, 2025. This gives users additional time to migrate to read-only deploy keys before the hard enforcement begins.

  • Updated user-facing messages across notification and error contexts to reflect the new December 1st, 2025 deadline
  • Added hard failure logic that will enforce the deprecation after December 1st, 2025 when the brownout setting is enabled
  • The enforcement involves raising a BuildUserError to stop builds that use SSH keys with write access

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
readthedocs/projects/notifications.py Updated notification message deadline from July 31 to December 1st, 2025
readthedocs/notifications/messages.py Updated error message deadline from July 31 to December 1st, 2025
readthedocs/doc_builder/director.py Added hard failure enforcement logic with datetime check for December 1st, 2025 and updated import to include datetime module

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@stsewd stsewd moved this to Needs review in 📍Roadmap Oct 29, 2025
Copy link
Contributor

Copilot AI commented Oct 29, 2025

@stsewd I've opened a new pull request, #12538, to work on those changes. Once the pull request is ready, I'll request review from you.

Copilot AI mentioned this pull request Oct 29, 2025
Merged
Copilot AI and others added 2 commits October 29, 2025 14:01
@stsewd
Use timezone-aware datetime for SSH key cutoff date comparison (#12538)
11a07a1 
Addresses feedback from #12536 to use timezone-aware datetime objects in
the SSH key write access deprecation check.

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: stsewd <[email protected]>
@stsewd
Format
e111e42
humitos
humitos approved these changes Nov 3, 2025
View reviewed changes
readthedocs/doc_builder/director.py
message_id=MESSAGE_PROJECT_SSH_KEY_WITH_WRITE_ACCESS,
dismissable=True,
)
if hard_failure and settings.RTD_ENFORCE_BROWNOUTS_FOR_DEPRECATIONS:
Copy link
Member

@humitos humitos Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

settings.RTD_ENFORCE_BROWNOUTS_FOR_DEPRECATIONS I assume this setting will True only on commercial, right?

Don't we need to add it here as False?

Copy link
Member Author

@stsewd stsewd Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That setting is True on production, .org and .com. https://github.com/readthedocs/readthedocs-ops/blob/98917ade4ccd68ca31fec369ea0764df83c1cfe6/salt/base/readthedocs/settings/base.py#L83

Copy link
Member

@humitos humitos Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are not using SSH keys on .org, so it should have no effect there; right?

Copy link
Member Author

@stsewd stsewd Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, we already check for that just above

readthedocs.org/readthedocs/doc_builder/director.py

Line 214 in e111e42

if settings.ALLOW_PRIVATE_REPOS:

@stsewd stsewd merged commit ea0e44f into main Nov 3, 2025
7 checks passed
@stsewd stsewd deleted the final-cutoff-date-ssh-keys branch November 3, 2025 19:04
@github-project-automation github-project-automation bot moved this from Needs review to Done in 📍Roadmap Nov 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@humitos humitos humitos approved these changes

Copilot code review Copilot Copilot left review comments

@agjohnson agjohnson Awaiting requested review from agjohnson agjohnson is a code owner automatically assigned from readthedocs/backend

Assignees

@stsewd stsewd

Labels

None yet

Projects

📍Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stsewd @humitos