-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub Permissions for TODO Group Repos #106
Comments
Thanks for the issue @gtback Context for SC, I didn't think we should make any of these changes during Work Day without discussing in the SC. |
Thanks, @gtback! I'll add this topic for the upcoming SC meeting (Dec 13th) |
I'll make some suggestions based on previous experiences with GitHub org management... Org-level
Repo permissions
Managing org membershipUse Example: name: TODO Group
description: Org description
default_repository_permission: read
has_organization_projects: true
has_repository_projects: true
members_can_create_repositories: false
billing_email: [email protected]
admins:
- admin1
- admin2
- admin3
- admin4
- admin5
members:
- member1
- member2
- member3
- bot1
- bot2
teams:
bots:
description: Bot service accounts
maintainers:
- bot1
members:
- bot2
privacy: closed
members:
description: TODO Group members
members:
- member1
- member2
- member3
privacy: closed
steering-committee:
description: Steering Committee members
maintainers:
- admin1
- admin2
- admin3
- admin4
- admin5
privacy: closed
repo1-admins:
description: Admins for repo1
members:
- member1
privacy: closed
repo1-maintainers:
description: Maintainers for repo1
members:
- member1
- member2
- member3
privacy: closed The Kubernetes Community manages multiple orgs with this tool --> https://github.com/kubernetes/org I'm working on making this easier to use for non-Kubernetes orgs here: uwu-tools/peribolos#9 |
Thanks for your help @justaugustus . I've left some comments below, but I think we should take a look at this issue next week during the SC meeting, to:
+1, If everyone agrees on this, I can make the required changes in settings
AFAIK, this is something we can do if we add the
This is being discussed in this issue: #111
|
SGTM! I've added it to the agenda.
Before we enforce 2FA, we need to check how many org members already have 2FA enabled. If everyone has 2FA enabled, we can turn on enforcement immediately. If anyone DOES NOT has 2FA enabled, we need to:
(Otherwise, the 2FA enforcement will remove org members that do not have 2FA enabled.)
Yep, but I'd have to tweak a few things in https://github.com/relengfam/peribolos to support non-Kubernetes orgs first. :) I'd suggest enabling this manually in the meantime. I'd also like to explore (when time allows) https://github.com/github/safe-settings (suggested by @byjrack) for org policy enforcement.
I think the process of proposing an idea is a little different from guidelines for repo creation. A "recent" example is https://github.com/todogroup/member-shares, which may have some really awesome content, but was created as a private repo, so members are unable to see the content. The Kubernetes project has some great guidance for their repos that we could borrow from. |
Added an initial task list to the issue description. |
Thanks @justaugustus . Let me know if I can help with any of this. |
Org-level
read
Repo permissions
repo-name-admins
: hasadmin
rolerepo-name-maintainers
: hasmaintain
rolerepo-name-maintainers
orrepo-name-admins
(Original text from @gtback)
👋🏻 Hi!
We started talking about this at the Work Day today, but these are questions best answered by the Steering Committee. I think most of these can be set here. I get a 404 error because I'm not an owner of the TODO Group org, but that matches what it is for other orgs I'm an owner of.
governance
, perhaps)? Or would branch protection rules (requiring a review from someone in the @todogroup/steering-committee team or via CODEOWNERS) be OK? If not, I think we'd need to create a team for "All Members" and give that team Write permissions on repos we want people to be able to edit.(I don't mind helping out with some of these permission/maintenance issues, once things are decided.)
The text was updated successfully, but these errors were encountered: