Skip to content

Commit

Permalink
Revise the playbooks for the new names for the variables.
Browse files Browse the repository at this point in the history
  • Loading branch information
@tim-schilling
tim-schilling committed Jul 24, 2024
1 parent 94358af commit 16354a6
Showing 1 changed file with 90 additions and 95 deletions.
185 changes: 90 additions & 95 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,114 +12,97 @@ Django Commons packages.
## New Member Playbook

1. Review new issues/application at https://github.com/django-commons/membership/issues/
2. If they are a real human and are reasonably trustworthy, comment "Approved" and nothing else
- If they aren't a real human or reasonably trustworthy, close the issue.
- Apply the needed terraform changes to add the member to the organization.

### Terraform changes to add member to the organization

- Change `org.tfvars`: add the username under `members`, like this:
```terraform
2. If they are not a real human or not reasonably trustworthy, close the issue, asking for more information they are a human and not a spam bot. You can explain that by being a member, they can impact repositories immediately.
3. Add the user to the `members` collection in the [`terraform/production/org.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/org.tfvars) file.
```terraform
members = [
# ...
"new_user"
]
```
- Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed. Review the changes and make sure they align with the request.
- Merge the pull-request, it will trigger terraform to apply the changes in the organization.
```
5. If they requested to be on specific repository team(s), in the [`terraform/production/teams.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/teams.tfvars) file, for the repository's key under `teams_repositories`, add them to the `members` collection.
```terraform
teams_repositories = {
"[REPOSITORY]" = {
# ...
members = [
# ...
"new_user"
]
}
}
```
6. Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed. Review the changes and make sure they align with the request.
7. Merge the pull-request, it will trigger terraform to apply the changes in the organization.

## Team Change Playbook

1. If they are a real human and are reasonably trustworthy, comment "Approved" and close the issue manually
2. Add the member to requested team(s)

### Terraform changes to add member to the team

- Change `teams.tfvars`: find the relevant team under `team_parents` or `team_children`, and edit its members:
```terraform
team_children = {
# ...
"django-community-playground-admins" = {
description = "django-community-playground administrators"
parent_team_key = "django-community-playground"
permission = "admin"
members = [
# ...
"new_user"
]
repositories = [
"django-commons-playground",
]
1. If they are not a real human or not reasonably trustworthy, close the issue, asking for more information they are a human and not a spam bot. You can explain that by being a member, they can impact repositories immediately.
2. For the requested repository's team(s), in the [`terraform/production/teams.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/teams.tfvars) file, for the repository's key under `teams_repositories`, add them to the `members` collection.
```terraform
teams_repositories = {
"[REPOSITORY]" = {
# ...
members = [
# ...
"new_user"
]
}
}
}
```
- Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed. Review the changes and make sure they align with the request.
- Merge the pull-request, it will trigger terraform to apply the changes in the organization.
```
3. Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed. Review the changes and make sure they align with the request.
4. Merge the pull-request, it will trigger terraform to apply the changes in the organization.

## New Repository Admin Playbook
## New Repository Admin or Committer Playbook

1. Confirm with all existing admins that they are okay with the prospective admin
1. Confirm with all existing admins that they are okay with the change
2. If there's disagreement, close the issue and ask for the admins to come to a consensus
3. If there's agreement, add the prospective admin to the [repo]-admins team

### Changes in terraform to add a new repository admin

Change `repositories.tfvars`:

- Find the relevant team under `team_children` and edit its members:
```terraform
team_children = {
# ...
"django-community-playground-admins" = {
description = "django-community-playground administrators"
parent_team_key = "django-community-playground"
permission = "admin"
members = [
# ...
"new_user"
]
repositories = [
"django-commons-playground",
]
3. For the requested repository's team(s), in the [`terraform/production/teams.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/teams.tfvars)
file, for the repository's key under `teams_repositories_privileged`, add them to the `members` collection for the correct team. There will be two privileged teams for each repository, `*-admins` and `*-committers`, the user should be added to the requested team.
```terraform
teams_repositories_privileged = {
"[REPOSITORY]-[admins | committers]" = {
# ...
members = [
# ...
"new_user"
]
}
}
}
```
- Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed. Review the changes and make sure they align with the request.
- Merge the pull-request, it will trigger terraform to apply the changes in the organization.
```
4. Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed. Review the changes and make sure they align with the request.
5. Merge the pull-request, it will trigger terraform to apply the changes in the organization.

## New Project Playbook

1. Check if repository
meets [inbound requirements](https://github.com/django-commons/membership/blob/main/incoming_repo_requirements.md)
2. Confirm who will be the admins and maintainers for the repository
3. PyPI project owner must add you (Django Commons admin) as owner in PyPI
4. (TODO: Determine how this works with transfering out of an org and into the Django Commons org)
5. [Add repository owner to Django Commons as member](https://github.com/orgs/django-commons/people) (they'll be added
4. (TODO: Determine how this works with transferring out of an org and into the Django Commons org)
5. [Add repository owner to Django Commons as member](#new-member-playbook) (they'll be added
to a team later)
6. Share
link ([https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository))
with repo owner to transfer repo
7. Wait for repository transferred in
8. [Run new team action](https://github.com/django-commons/controls/actions/workflows/new_team.yml)
9. Invite repository admins to [repo]-admins team, repository maintainers to [repo]-committers team
10. Configure environments pypi and testpypi
9. [Make Terraform changes to add new project](#terraform-changes-to-add-a-new-project)
10. [Configure environments](https://docs.github.com/en/actions/administering-github-actions/managing-environments-for-deployment#creating-an-environment) pypi and testpypi in the repository to enable [publishing packages via GitHub Actions](https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#)
11. For pypi environment, add Deployment protection rule with reviewers as [repo]-admins and enable "Allow
administrators to bypass configured protection rules"
12. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for
first-time contributors"
13. Add previous repository owner to [repo]-admins team
14. Set a calender event or reminder for 30 days in the future to remove previous repository owner from team
13. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team

### Terraform changes to add a new project

Assuming repository name is `repo-name`:

1. In `repositories.tfvars`, Add the new repository to the `repositories` section:
1. In [`terraform/production/respositories.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/respositories.tfvars), Add the new repository to the `repositories` section:
```terraform
repositories = {
# ...
Expand All @@ -133,6 +116,7 @@ Assuming repository name is `repo-name`:
enable_branch_protection = true # optional, default is true
has_discussions = true # optional, default is true
has_downloads = true # optional, default is true
has_wiki = false # optional, default is false
is_template = false # optional, default is false
push_allowances = []
required_status_checks_contexts = [] # optional, default is []
Expand All @@ -142,55 +126,66 @@ Assuming repository name is `repo-name`:
}
}
```
2. In `teams.tfvars`, add the new parent team `repo-name` for the repository in the `team_parents` section with the
2. In [`terraform/production/teams.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/teams.tfvars), add the new team `repo-name` for the repository in the `teams_repositories` section with the
relevant members:
```terraform
team_parents = {
teams_repositories = {
# ...
"repo-name" = {
description = "django-community-playground team"
description = "repo-name team"
members = [
"tim-schilling",
"williln",
# Put the user from Step 5 here
"username",
]
permission = "triage"
repositories = [
"repo-name",
"repo-name",
]
maintainers = [
"tim-schilling",
"williln",
"ryancheley",
"Stormheg",
"cunla",
]
review_request_delegation = true
}
}
```
3. Add two new child teams `repo-name-admin` and `repo-name-committers` for the repository in the `team_children`
section
with the relevant members:
3. Add two new child teams `repo-name-admins` and `repo-name-committers` for the repository in the `teams_repositories_privileged`
section with the relevant members:
```terraform
team_children = {
teams_repositories_privileged = {
# ...
"repo-name-admin" = {
description = "django-community-playground team"
parent_team_key = "repo-name"
"repo-name-admins" = {
description = "repo-name admins team"
parent_team_key = "repo-name"
members = [
# Put the user from Step 5 here
"username",
]
permission = "admin"
maintainers = [
"tim-schilling",
"williln",
"ryancheley",
"Stormheg",
"cunla",
]
permission = "admin"
}
"repo-name-committers" = {
description = "django-community-playground team"
description = "repo-name committers team"
parent_team_key = "repo-name"
members = [
# Leave empty unless there are committers ready to be designated
]
permission = "push"
maintainers = [
"tim-schilling",
"williln",
"ryancheley",
"Stormheg",
"cunla",
]
permission = "push"
}
}
```
Expand All @@ -209,9 +204,9 @@ Assuming repository name is `repo-name`:

### Terraform changes to remove a project

1. Remove the repository from the `repositories` section in `repositories.tfvars`
2. Remove the parent team and child teams for the repository from the `team_parents` and `team_children` sections in
`teams.tfvars`
1. Remove the repository from the `repositories` section in [`terraform/production/respositories.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/respositories.tfvars)
2. Remove the parent team and child teams for the repository from the `teams_repositories` and `teams_repositories_privileged` sections in
[`terraform/production/teams.tfvars`](https://github.com/django-commons/controls/blob/main/terraform/production/teams.tfvars)
3. Create a pull-request to `main` branch, it will trigger terraform to plan the changes in the organization to be
executed.
Review the changes and make sure they align with the request.
Expand Down

0 comments on commit 16354a6

Please sign in to comment.