New "cncf-tags" GitHub org to host TAG specific projects #1098
Comments
|
cc @AloisReitbauer @Jenniferstrej @hongchaodeng @AlexsJones @thschue @joshgav cc @raravena80 @helayoty @quinton-hoole @k82cn @kad @cncf/cncf-toc please review and leave comments or +1s. |
|
cc @RobertKielty |
|
big +1 from CDI WG. Getting CDI spec under CNCF umbrella will be huge help for us, and for all projects that are nowadays depends on that repository. |
|
Sounds very sensible. I'd add an explicit process for deprecation/archiving, to prevent an accumulation of abandoned repos. |
Good point! I've updated the issue body to add more details around archiving a repo. I see explicit +1s from TAG Runtime and some TOC members. Will wait for +1s from TAG App Delivery before opening a PR to codify this process. |
|
@lukaszgryglicki would it be possible to add this github org to devstats? |
|
I like the proposal 👍 +1, in TAG ENV, a new working group is emerging that will likely develop some small tools for creating sustainability reports for CNCF projects. Good to see this being formalized :) |
|
@nikhita thank you for tagging me on this issue; your doing so has generated a design discussion on CLOWarden internally and has helped move development of this tool forward. Thank you again! We are fleshing out a new feature request to enhance CLOWarden to handle this use case, let me explain with a bit of background on CLOWarden. CLOWarden CLOWarden is drop-in replacement for Sheriff; CLOWarden has been commissioned by the CNCF and is undergoing active development at this time. A first release of CLOWarden has been deployed to manage the main CNCF GitHub Org and is being used successfully. CLOWarden provides an access control service for GitHub repos in a single GitHub Org. We can grant or deny GitHub Profiles access to GitHub repos in the controlled GitHub org. (We can also define teams and sub-teams to make managing larger groups easier) All of this is done using Pull Requests to change the access rules on cncf/people/config.yaml. Today, we use it to control access to GitHub repos, and there are plans to expand CLOWarden to control access to resources on other services. So given that background let's look at the use case that you have presented here. Multi org management In requesting an access control service to a new GitHub Org we now have to consider how to handle that and will flesh out that requirement on this issue cncf/clowarden#43 You can track development over on that issue. It would be useful (but not necessary) to get an estimate of how many repos you expect to have setup here. If it is a small number of repos we can allow you to use access control rules in ** (Normally, when CLOWarden is deployed and in use we discourage the use of repo-local |
|
@RobertKielty thank you so much for the detailed response!
At this point, we mainly expect repos that will be migrated from https://github.com/podtato-head and https://github.com/container-orchestrated-devices. Considering any additional repos that might be added as a part of TAG ENV (#1098 (comment)), I'd say we'd have ~8 repos (give or take) to start with. IMO it should be ok to control access via
@RobertKielty is there an approximate timeline for when we can expect CLOWarden to have multi-org support? Will definitely follow along cncf/clowarden#43 to keep track of latest updates 👍 |
|
This makes a lot of sense, thank you for getting the ball rolling on it - I am in full support. |
|
Given that we have +1s from several TAGs and TOC members, I have created #1100 to document this policy. PTAL. |
|
Reopening until the org has been created. The CNCF ServiceDesk ticket is now assigned to @RobertKielty and they are working to set up the new org. |
|
Looking at this now |
|
@nikhita I've created https://github.com/cncf-tags I've invited you, @amye and @jeefy to join as owners. I can see you accepted the invite. @tegioz @cynthia-sg cncf-tags is the org that we would like to use for UAT of upcoming multi-org capabilities of CLOWarden when those features are available for use. Extending CLOWarden so that it can manage multiple GitHub Orgs is partially complete and there remains some work to be done to expose that functionality via the web front-end. For now, we can manually control access using the GitHub UI/settings.yaml in individual repos but when CLOWarden is multi-org capable we will migrate over to using CLOWarden. |
Thanks, @RobertKielty!
@RobertKielty just to confirm, does this mean that repos can now be migrated over/added to the |
|
@nikhita Yes, you can start migrating repos. Just let people know that in the future we will move to using CLOWarden to manage access like we do on the main cncf org. |
|
@RobertKielty awesome, thanks! For anyone interested to create a repo in |
There have been requests from TAG Runtime and TAG App Delivery to have someplace where the TAGs can host repos they are working on. These repos involve code but aren't projects that can be applied to the CNCF.
For example:
Proposal
Create a new GitHub org called
cncf-tagsto serve as a home for TAG-sponsored projects and tools. This org is intended to provide a vendor-neutral place for TAGs to collaborate on projects endorsed by and actively worked on by members of a TAG.This is similar to the https://github.com/kubernetes-sigs model. Repos will be searchable per TAG through repo labels.
For instance, these are all the repos for sig-cluster-lifecycle - https://github.com/topics/k8s-sig-cluster-lifecycle.
Approval to create a new repo in
cncf-tagsA publicly linkable written decision should be available for all approvals.
Access for each repo
.github/settings.yamlfor now and later migrated over to CLOWarden (the current process for thecncforg) once multi-org support is implemented in CLOWarden (Consider supporting multiple organizations clowarden#43).Archiving a repo
TAG repos may be archived if they are deemed inactive. Inactive repos are those that meet any of the following criteria:
Approval for archiving a repo
Requires approval from:
Mandatory files
Each repo, at minium, should have the following files:
LICENSEcode-of-conduct.mdREADME.mdCONTRIBUTING.mdSECURITY.mdhttps://github.com/kubernetes/kubernetes-template-project can referred to for inspiration.
If there are no blocking comments, I will open a PR to document and codify the above policies.
The text was updated successfully, but these errors were encountered: