



























Here's what the Infrastructure Team delivered in Q1 2026 and what we're focusing on in Q2.
You can find the previous blog post of this series here.
We started migrating from branch protection rules to GitHub Rulesets.
Rulesets are the new way in which GitHub suggests protecting branches and tags. They allow more configurability with respect to classic branch protections, and they are the only way in which you can setup new functionalities such as merge queues via API.
We converted all repositories, except for
the rust repository. We are working on it!
As part of this effort, we also made all the branch protection and ruleset options we use
configurable via the team repository, so that they can be managed as Infrastructure as Code (IaC).
Here are the newly available configuration options:
allowed-merge-appsmerge-queueprevent-deletionprevent-force-pushrequire-conversation-resolutionrequire-linear-historyFor more details, see the GitHub issue.
We always try to improve our security posture. Here are the most relevant examples for this quarter:
team repository, we enabled Renovate, a bot
that automatically creates pull requests to keep GitHub Actions and Rust
dependencies up to date.
This makes it easier for us to keep our dependencies up to date and fix security issues in a timely manner.compiler-builtins CI, we
enabled Renovate and resolved the security issues reported by zizmor in preparation for running the RISC-V self-hosted runner in CI in a more secure way.crates-io-auth-action v1.0.4, updating its dependencies and moving it from Node 20 to Node 24 after GitHub announced the deprecation of Node 20 on Actions runners.We provisioned two new dev desktops: dev-desktop-us-2.infra.rust-lang.org and dev-desktop-eu-2.infra.rust-lang.org.
We also enabled IPv6 access for dev desktops, making them easier to reach from more network environments. See the GitHub issue.
Learn more in the Forge docs.
We are experiencing an unprecedented increase in crates published on crates.io,
which is putting a lot of pressure on the docs.rs infrastructure, which has to build
the documentation for more crates than before.
To keep up with this growth, we upgraded the docs.rs instance to a more powerful one, doubling
the available RAM and CPU cores.
We introduced Google SSO as part of Rust infrastructure offerings. We enabled Google Workspace accounts for the infrastructure team and validated the SAML setup for some of the key infrastructure providers, like Datadog and Fastly.
More on that in the GitHub issue.
Triagebot is our trusty bot incessantly processing workflows on GitHub and on our Zulip chat.
We implemented several notable changes in Q1 2026.
We've added to Triagebot a GitHub issues and PRs viewer. It's primarily designed for long issues and PRs where GitHub is unhelpful with its "Load More" button.
It can be accessed via the View all comments link at the top of long issues and PRs.
Example for triagebot#2251:

And while it started rather small in its ambitions, it evolved quite a bit over the last quarter with:
Triagebot has many features and configurations, and while it's not difficult to enable a feature in a repo (the cost of a PR), it doesn't scale to the size of the rust-lang organization and its >200 repositories.
In order to address the uneven availability of features across all the repositories, we've added support for organization-wide default configuration in the Triagebot codebase and started enabling some features org-wide.
Announcements of soon-to-be-enabled org-wide features are done in #t-infra/announcements>Triagebot Organization-Wide Defaults on Zulip.
user-info commandThis new Zulip command first appeared as the comments command for viewing recent user comments, but was extended into a more general user-info command, which shows recent activity (PRs, repositories) and account creation date for the given GitHub user account.
This is part of our efforts to help reviewers and maintainers with sloppy AI-generated PRs.
Triagebot handles the automatic assignment of reviewers in multiple repositories. Until February, it was not possible to set per-team rotation mode.
This is now possible via the Zulip command work set-team-rotation-mode <team> off/on, implemented in #2273 by @Kobzol.
Continuing with the theme of reviewer assignments, it was previously only possible to set a review preference for rust-lang/rust, despite the multiple repositories handled by Triagebot.
@Kobzol fixed that in #2286. It is now possible to set per-repository review preferences.
As part of supporting different team needs, we've implemented an automatic reporting system on Zulip for banned users in our GitHub organization (implemented in #2269).
The goal of this feature is to relieve moderators from taking screenshots and manually archiving offending comments and user actions by automatically retrieving that information and posting it in the moderators’ Zulip channel.
Similar to the previous topic, we've also helped T-clippy set up an automatic FCP topic on Zulip when they want to nominate a lint for discussion.
As part of this work, we have also added the ability to add back a comment on GitHub with the link to the created Zulip topic.
Project members can now use two new Zulip commands to apply labels on rust-lang/rust issues and pull requests:
backport [stable | beta ] [approve | decline ] <pr #>: to accept or decline for backport a patch fixing a regressionassign-prio <issue #> [ critical | high | medium | low | <empty>]: to assign a priority label to an issue (admittedly mostly used by the Compiler Team but it's available to everyone)For more details, see the documentation.
In Q1, we didn't manage to finish all our goals, so we will continue working on them in Q2:
rust repository to GitHub Rulesets.team repository.We want to keep making the CI of the Rust Project both safer and easier to work with.
We have many ideas and we're not sure which ones we will prioritize yet, but here are some examples:
zizmor to secure more CI workflows.We want to secure access to critical Rust infrastructure even further by using hardware security keys. The Rust Foundation partnered with Yubico, and we want to provide YubiKeys to the Rust teams with access to critical infrastructure.
Our plan is to distribute hardware keys in May, during the Rust All Hands. See the related GitHub issue.
If you're interested in contributing to Rust's infrastructure, have a look at the infra-team repository to learn more about us and reach out on Zulip.
We are always looking for new contributors!
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。