Create .github repo in all kubernetes GitHub orgs

[nikhita]

New Repo, Staging Repo, or migrate existing

new repository

Requested name for new repository

.github

Which Organization should it reside

all - @kubernetes, @kubernetes-sigs, @kubernetes-client, @kubernetes-csi

If not a staging repo, who should have admin access

@kubernetes/owners

If not a staging repo, who should have write access

NA

If not a staging repo, who should be listed as approvers in OWNERS

@kubernetes/owners

If not a staging repo, who should be listed in SECURITY_CONTACTS

PSC

What should the repo description be

Default files for all repos in the Kubernetes GitHub org

What SIG and subproject does this fall under in sigs.yaml

github-management subproject under SIG Contribex

Approvals

Currently, this would only hold the SECURITY.md file since files in the .github repo do not show up while cloning other repos. Note: if a repo contains an explicit SECURITY.md file, that file would be considered over the org-wide default.

Ref: https://docs.github.com/en/github/building-a-strong-community/creating-a-default-community-health-file#about-default-community-health-files

We would need approval from:

• SIG Contribex - owning SIG, since this deals with github-management
• PSC - since the repo would be used for SECURITY.md files
• SIG Architecture - since we intend to do this for @kubernetes as well
• Steering Committee - to confirm they won't like to own this repo, and to move ownership of https://github.com/kubernetes/kubernetes-template-project to contribex as well

Additional context for request

This stemmed from kubernetes/kubernetes-template-project#35 (comment)

[nikhita]

@joelsmith @tallclair can you please check if the issue body matches your request?

[joelsmith]

Regarding SECURITY_CONTACTS, that file is specific to our project. GitHub only looks in the .github repo for the specific Community Health files that it cares about. So SECURITY_CONTACTS would just be for the new .github repos, and wouldn't affect other repos in the orgs.

That being said, we're likely to deprecate SECURITY_CONTACTS soon in favor of a separate section in the OWNERS files.

This will go a long way toward addressing kubernetes/committee-security-response#105

/lgtm

[nikhita]

Update from today's contribex meeting - SIG Contribex is +1 to this. We'd want contribex to own this repo.

Since this would involve creating a new repo in the @kubernetes GitHub org, we'll need approval from SIG Arch. I'll reach out to them on the SIG Arch mailing list.

As a side note - I'll sync with steering on moving ownership of kubernetes-template-project to contribex too. Edit - https://groups.google.com/a/kubernetes.io/g/steering/c/Ph7j8r0L0rA

[nikhita]

Sent an email to the SIG Arch mailing list - https://groups.google.com/g/kubernetes-sig-architecture/c/FspTL3KGgJY

[nikhita]

/assign

We have lgtm on the SIG Arch list from two SIG Arch chairs. Going to go ahead with repo creation.

[nikhita]

Repos have been created:

• https://github.com/kubernetes/.github
• https://github.com/kubernetes-sigs/.github
• https://github.com/kubernetes-csi/.github
• https://github.com/kubernetes-client/.github

Also verified that the security policy shows up in the "Security" tab.

Not creating new GitHub teams for granting access since @kubernetes/owners have implicit admin access over the repo anyway.

Created kubernetes/community#5015 to add these repos to sigs.yaml

[nikhita]

kubernetes/community#5015 has merged. Closing 🎉