chore: clean up inactive users from the org, teams and repos #12
Conversation
|
Before merge, verify that all the following plans are correct. They will be applied as-is after the merge. Terraform plansTerraform plans are too long to post as a comment. Please inspect Plan > Comment > Show terraform plans instead. |
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
There was a problem hiding this comment.
Took a first look. Thanks @galargh for pushing this forward.
How about we tag everyone in a comment that is about to lose some kind of permissions. Best to communicate this explicitly, instead of silently taking away permissions. Can include something along the lines of: "Happy to revert the change in case you ever require the permissions again".
| "permission": "push" | ||
| } | ||
| }, | ||
| "developer-meetings": { |
There was a problem hiding this comment.
This hasn't been touched since 2018. Can we just archive the hole repository?
|
Also tagging the other libp2p team members: @marten-seemann @MarcoPolo @elenaf9 @achingbrain. |
This comment was marked as resolved.
This comment was marked as resolved.
Thank you for the review! I really appreciate it :) Yes! I think that's exactly what we should do. Tag everyone, ask their opinion of the change, give instructions on how to revert it if they need to do so in the future and set a specific date when this PR will get merged. I just wanted to know your opinion on the direction first before tagging everyone. |
This comment was marked as resolved.
This comment was marked as resolved.
|
I'm tagging all affected users for visibility: Affected users (part 1)
|
|
I'm tagging all affected users for visibility: Affected users (part 2)
|
|
I'm tagging all affected users for visibility: |
|
edit: it looks like for many affected people it's removing them from specific repos they've been inactive on, not full org membership |
|
you must be doing something wrong, i am very much active. |
I double checked and our current base permission for org members is Tomorrow, I'll prepare a PR (targeting this branch) with the alumni team setup. |
chore: create a bifrost team
|
dht-hardening, if still private.
For the others i dont particularly care, as long as i have sufficient petms
to work on them.
…On Wed, Jun 8, 2022, 17:30 Piotr Galar ***@***.***> wrote:
@galargh <https://github.com/galargh> you are removing me from
repositories I AUTHORED. This is not acceptable.
In my opinion there are valid cases in which one doesn't need admin access
to a repository they authored. We used recent activity as a heuristic to
find those. But this is exactly why I included info on What do I do if my
permissions are being removed but I do need them? in the description and
mentioned those affected - to resolve the cases where following an
algorithm is not enough.
Would you like to be resotred as a collaborator in all 4 of these?
- https://github.com/libp2p/dht-hardening
- https://github.com/libp2p/go-doh-resolver
- https://github.com/libp2p/go-libp2p-circuit-progs (this one is
archived already)
- https://github.com/libp2p/go-libp2p-daemon
—
Reply to this email directly, view it on GitHub
<#12 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAI4SVHDLGJAR7LM73NYBTVOCVCBANCNFSM5WIH3VQA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
| "py-libp2p": { | ||
| "alexh": { | ||
| "permission": "push" | ||
| }, | ||
| "carver": { | ||
| "permission": "admin" | ||
| }, | ||
| "ralexstokes": { | ||
| "permission": "admin" | ||
| }, |
There was a problem hiding this comment.
I agree that I'm not active. I don't have any special desire to be a maintainer, though there have been times in the past when there was no one available/capable to take care of maintenance and I was happy to do some work. Sometimes that work has required admin access (like adding a readthedocs url hook to fix the doc builds).
My main concern here is that it seems like everyone is being removed from the repo. Presumably I'm missing something about how permissions are working here. I would just worry about getting things working quickly in some sort of emergency.
If you feel like leaving me on as a backup maintainer, I'm cool with that. Otherwise, I'd just ask that it's really clear who we can communicate with, in the case of an urgent need.
There was a problem hiding this comment.
That's a valid point - I added you back as an admin to that repo - eec0f22
| "role": "member" | ||
| }, | ||
| "MarcoPolo": { | ||
| "role": "member" |
There was a problem hiding this comment.
What's this section for? Should I be readded?
There was a problem hiding this comment.
This is team_membership in contributors team.
chore: create an alumni team
Co-authored-by: Steve Loeppky <[email protected]>
There was a problem hiding this comment.
I'm not sure why the fact that someone created a repo should give them admin permissions. We start repos as individuals, and move them into the libp2p org because they should be a part of libp2p. I see that I'm still the admin for some of the repos that I've created, and I think that those special permissions should be revoked.
|
@marten-seemann if you're referring to my comments - I don't want admin permissions. I'd just like to stay in the org, please. It sucked to be removed from @ipfs, and I'd rather be seen as someone who was essential to this community with the badge. Agreed on the lack of admin permissions. |
It's certainly not the last step of auditing permissions in our orgs - including libp2p - and I do hope we eventually get to a point where we don't have admin powers where not needed. The most immediate next steps are:
|
|
As per the description, I'm merging the PR today. Thank you all for your participation, I appreciate it a lot ❤️ ❤️ ❤️ If you find yourself missing some permissions, remember that all you have to do is to make a PR to this repo that adds your permissions back. You can have a look at this doc for guidance. Feel free to ping me as well 😄 |
|
@galargh and @BigLep one thing I noticed in the permissions is that we have maintainer "teams defined" for some repos: Lines 8182 to 8191 in e1c4dfa and Lines 8294 to 8303 in e1c4dfa and Lines 8199 to 8203 in e1c4dfa this isn't consistent across all of the repos. is that the "preferred" way to do this? if so, can we just have a team per implementation and group them all close together at the top so it's easier to understand this file? |
|
Also, what is the significance of the list of "members"? Lines 16 to 19 in e1c4dfa |
|
Also, IMO, this list should be extremely small (3-5 people). Lines 4 to 15 in e1c4dfa Probably just the libp2p Foundation board members. |
|
Hi @dhuseby. A 2024 round of cleanup is underway as part of ipfs/ipfs#511. I'll put a couple of comments here, but we should discuss more as new PRs are opened this week:
I think it makes sense to have a maintainer team per implementation. That way all repos related to that implementation can declare the maintainer team as the admins. It also makes it easy to @mention the team in PRs
Currently github-mgmt does a lexigraphical sort. There is a backlog item to start changing the sort function: ipdxco/github-as-code#114
That list of members are those who are part of the github Organization.
Agreed. That is phase 1 in ipfs/ipfs#511. It is getting handled in #202 |
PR Description from the draft stage
Dear reviewers
This is a first run at cleaning up libp2p org GitHub configuration. I want to put it out there to start a conversation and refine the approach. I'll leave it in a draft state until we're happy with the results. Feedback highly appreciated 🙇
Description
Approach
TLDR Remove a user from org/team/repo if they didn't perform any actions related to that identity in the last 12 months. See the script that I implements the approach.
Audit Log
Use the audit log as the source of information for the activity within libp2p organisation. It can be downloaded as a JSON from organisation settings page (that's what I did).
The audit log is a list of actions that happened inside the organisation.
There is no information on what kind of permissions a specific action required but I think we could prepare it if we wanted to start answering questions like:
The audit log can be accessed through API only in GitHub Enterprise which we don't have.
Organisation Members
If a user didn't perform any action in the organisation in the past 12 months, remove them from the organisation.
Repository Collaborators
For each repository in the organisation, if a repository collaborator didn't perform any action in the repository in the past 12 months, remove them from the repository.
Team Members
For each team in the organisation, if a team member didn't perform any action in any of the repositories that are connected to that team in the past 12 months, remove them from the team.
If a team has no members, delete the team and team repositories.
Result
Using this approach we'd remove 515 resources altogether.
Open Questions/Ideas
protocollabsit-readonlyuser is being removed from the org. Are there any other actions it might be missing?ajnavarrobeing removed fromw3dt-stewardsteam but they have only been added recently so I assume they didn't have time to perform any actions just yet.pushDescription
This PR removes org/team/repo members if they have been inactive in that context for the past 12 months. Some changes have been adjusted following the discussions that happened while the PR was in a draft stage.
This PR is going to get merged at the EOD Friday, June 10.
FAQ
How do I check why I was mentioned?
The best way to check it is to search for your GitHub username in the terraform plan output that is part of this workflow run output: https://github.com/libp2p/github-mgmt/runs/6808695393?check_suite_focus=true
Remember to expand the
Show terraform planssection.What do I do if my permissions are being removed but I do need them?
Please comment on the appropriate line and I (@galargh) will revert that particular change.
What do I do if I notice this after the PR was merged and my permissions that I need were removed?
All you have to do is to make a PR to this repo that adds your permissions back. You can have a look at this doc for guidance.