Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create .github repo in all kubernetes GitHub orgs #2081

Closed
nikhita opened this issue Aug 5, 2020 · 7 comments
Closed

Create .github repo in all kubernetes GitHub orgs #2081

nikhita opened this issue Aug 5, 2020 · 7 comments
Assignees
Labels
area/github-repo Creating, migrating or deleting a Kubernetes GitHub Repository committee/security-response Denotes an issue or PR intended to be handled by the product security committee. committee/steering Denotes an issue or PR intended to be handled by the steering committee. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience.

Comments

@nikhita
Copy link
Member

nikhita commented Aug 5, 2020

New Repo, Staging Repo, or migrate existing

new repository

Requested name for new repository

.github

Which Organization should it reside

all - @kubernetes, @kubernetes-sigs, @kubernetes-client, @kubernetes-csi

If not a staging repo, who should have admin access

@kubernetes/owners

If not a staging repo, who should have write access

NA

If not a staging repo, who should be listed as approvers in OWNERS

@kubernetes/owners

If not a staging repo, who should be listed in SECURITY_CONTACTS

PSC

What should the repo description be

Default files for all repos in the Kubernetes GitHub org

What SIG and subproject does this fall under in sigs.yaml

github-management subproject under SIG Contribex

Approvals

Currently, this would only hold the SECURITY.md file since files in the .github repo do not show up while cloning other repos. Note: if a repo contains an explicit SECURITY.md file, that file would be considered over the org-wide default.

Ref: https://docs.github.com/en/github/building-a-strong-community/creating-a-default-community-health-file#about-default-community-health-files

We would need approval from:

  • SIG Contribex - owning SIG, since this deals with github-management
  • PSC - since the repo would be used for SECURITY.md files
  • SIG Architecture - since we intend to do this for @kubernetes as well
  • Steering Committee - to confirm they won't like to own this repo, and to move ownership of https://github.com/kubernetes/kubernetes-template-project to contribex as well

Additional context for request

This stemmed from kubernetes/kubernetes-template-project#35 (comment)

@nikhita nikhita added area/github-repo Creating, migrating or deleting a Kubernetes GitHub Repository committee/security-response Denotes an issue or PR intended to be handled by the product security committee. committee/steering Denotes an issue or PR intended to be handled by the steering committee. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience. labels Aug 5, 2020
@nikhita
Copy link
Member Author

nikhita commented Aug 5, 2020

@joelsmith @tallclair can you please check if the issue body matches your request?

@joelsmith
Copy link
Contributor

joelsmith commented Aug 5, 2020

Regarding SECURITY_CONTACTS, that file is specific to our project. GitHub only looks in the .github repo for the specific Community Health files that it cares about. So SECURITY_CONTACTS would just be for the new .github repos, and wouldn't affect other repos in the orgs.

That being said, we're likely to deprecate SECURITY_CONTACTS soon in favor of a separate section in the OWNERS files.

This will go a long way toward addressing kubernetes/committee-security-response#105

/lgtm

@nikhita
Copy link
Member Author

nikhita commented Aug 5, 2020

Update from today's contribex meeting - SIG Contribex is +1 to this. We'd want contribex to own this repo.

Since this would involve creating a new repo in the @kubernetes GitHub org, we'll need approval from SIG Arch. I'll reach out to them on the SIG Arch mailing list.

As a side note - I'll sync with steering on moving ownership of kubernetes-template-project to contribex too. Edit - https://groups.google.com/a/kubernetes.io/g/steering/c/Ph7j8r0L0rA

@nikhita
Copy link
Member Author

nikhita commented Aug 6, 2020

Sent an email to the SIG Arch mailing list - https://groups.google.com/g/kubernetes-sig-architecture/c/FspTL3KGgJY

@nikhita
Copy link
Member Author

nikhita commented Aug 7, 2020

/assign

We have lgtm on the SIG Arch list from two SIG Arch chairs. Going to go ahead with repo creation.

@nikhita
Copy link
Member Author

nikhita commented Aug 7, 2020

Repos have been created:

Also verified that the security policy shows up in the "Security" tab.

Not creating new GitHub teams for granting access since @kubernetes/owners have implicit admin access over the repo anyway.

Created kubernetes/community#5015 to add these repos to sigs.yaml

@nikhita
Copy link
Member Author

nikhita commented Aug 10, 2020

kubernetes/community#5015 has merged. Closing 🎉

@nikhita nikhita closed this as completed Aug 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/github-repo Creating, migrating or deleting a Kubernetes GitHub Repository committee/security-response Denotes an issue or PR intended to be handled by the product security committee. committee/steering Denotes an issue or PR intended to be handled by the steering committee. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience.
Projects
None yet
Development

No branches or pull requests

2 participants