Merge branch 'main' into feat/scs-0004-w1

Author: garloff

.github/scs-compliance-check/openstack/clouds.yaml

@@ -1,12 +1,10 @@
 clouds:
-  gx-scs:
+  scs2:
+    auth_type: "v3applicationcredential"
     auth:
-      auth_url: https://api.gx-scs.sovereignit.cloud:5000
-      username: "u500924-svc-standards"
-      project_id: 3829cc7c8f034fc985f5055a1df6f247
-      project_name: "p500924-scs-healthmonitor"
-      user_domain_name: "d500924"
-    region_name: "RegionOne"
+      auth_url: https://scs2.api.pco.get-cloud.io:5000
+      application_credential_id: "f8f301ccf04047589afac62665227edd"
+    region_name: "scs2"
     interface: "public"
     identity_api_version: 3
   pco-prod1:

.github/workflows/check-gx-scs-v4.yml .github/workflows/check-scs2-v4.yml.github/workflows/check-gx-scs-v4.yml renamed to .github/workflows/check-scs2-v4.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v4 of gx-scs"
+name: "Compliance IaaS v4 of scs2"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:45 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '45 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-gx-scs:
-    uses: ./.github/workflows/scs-compliance-check.yml
+  check-scs2:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
       version: v4
       layer: iaas
-      cloud: "gx-scs"
-      secret_name: "OS_PASSWORD_GXSCS"
+      cloud: "scs2"
+      secret_name: "OS_ACSECRET_SCS2"
     secrets: inherit

.github/workflows/check-gx-scs-v3.yml .github/workflows/check-scs2-v5.yml.github/workflows/check-gx-scs-v3.yml renamed to .github/workflows/check-scs2-v5.yml

@@ -1,9 +1,9 @@
-name: "Compliance IaaS v3 of gx-scs"
+name: "Compliance IaaS v5 of scs2"
 
 on:
-  # Trigger compliance check every day at 4:30 UTC
+  # Trigger compliance check every day at 4:25 UTC
   schedule:
-    - cron:  '30 4 * * *'
+    - cron:  '25 4 * * *'
   # Trigger compliance check after Docker image has been built
   workflow_run:
     workflows: [Build and publish scs-compliance-check Docker image]
@@ -13,11 +13,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  check-gx-scs:
-    uses: ./.github/workflows/scs-compliance-check.yml
+  check-scs2:
+    uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
     with:
-      version: v3
+      version: v5
       layer: iaas
-      cloud: "gx-scs"
-      secret_name: "OS_PASSWORD_GXSCS"
+      cloud: "scs2"
+      secret_name: "OS_ACSECRET_SCS2"
     secrets: inherit

.zuul.d/config.yaml

@@ -8,10 +8,10 @@
         - scs-check-all
     periodic-hourly:
       jobs:
-        - scs-check-gx-scs-main
+        - scs-check-scs2-main
     post:
       jobs:
-        - scs-check-gx-scs
+        - scs-check-scs2
     check:
       jobs:
         - scs-check-adr-syntax
@@ -22,7 +22,7 @@
     pre-run: playbooks/pre.yaml
     run: playbooks/adr_syntax.yaml
 - job:
-    name: scs-check-gx-scs
+    name: scs-check-scs2
     parent: base
     secrets:
      - name: clouds_conf
@@ -35,11 +35,11 @@
      - playbooks/pre_cloud.yaml
     run: playbooks/compliance_check.yaml
 - job:
-    name: scs-check-gx-scs-main
-    parent: scs-check-gx-scs
+    name: scs-check-scs2-main
+    parent: scs-check-scs2
     branches: main
 - job:
     name: scs-check-all
-    parent: scs-check-gx-scs-main
+    parent: scs-check-scs2-main
     vars:
       preset: all

.zuul.d/secure.yaml

@@ -35,28 +35,6 @@
           JWvUvQl33JFC1jzIoQ7Rph6c660fRmz377jwjqx9/+bkHwLozGCP/9XrZVcizefEJM6jD
           eHRcpMpjuyFJLyNKnEF1lp58sfVQoJfVHTIvmzS9erVJhU/zjyeDFPsrLFweV7/5QzRvI
           lDiXrfj+X40EQvPrkSBJj/BIBYl+RuF8PfYnV4jqaQBwFNNBQoL/hGEotZa5h4=
-      gx_scs_ac_id: !encrypted/pkcs1-oaep
-        - uTdKdJXEzdx0pFAOAxR3054IdWqY1Hpjo/HQoNTJrXwT1yKFS2lkXk4LZWfVy2pnkk+I8
-          T3vpvonxb8hwkZQLZRbauzLmuCrjWpM6u2Nu2aY6bppFkj26t/VZ2/ovFjWmKL2isd7qx
-          iZPaVcniFLG/nEUeH3Jaq0dnGgoE1k8jRj+ke4tw8gy+KVVy51Ok9g1dq4AtTAtl04KkR
-          Xcu9O2gFQaN6aikbbr5Nh4tJJAlbybSk0pbPD9e5Kj9aamls7rHLaJCzdh2BBAYfdBejp
-          iuCcY15cauNiwYCAHVmnz+E0gDA4IfIH224Id8LrlO8xp5r0+hd1nWZw48jjk5ozZLIFv
-          Ud7DsPoTKs8zhME7tIglbdzVFllc5L3IF5mSpvc5mKfvT8b4bNN5T7fOgpsUYyorpzE0G
-          5oWNW5dG0YsK+6UkbUGIgHFHOBQbZ1qhthb+QQ7bvFUiMEft6Sbga1p1DXi6P++b8tsCQ
-          L9e0LdDMqK5vWlbcM1xYbjqhuYYSHwPqqMrAYVc5/rlLIsXJEHEt8s/D4/0rX20VAE/Ii
-          1CQMRyU7sgVQqaS9YPoVyGFdaL8FoVAbyageQxWSTjFVXZ4EUmrsncOcxAVrVmWOZmIZn
-          wrZYNjAYSkHWnHIO2gFoC8QtnThb0i4htmRf1Nv2YGWWyUxA32JbIyliS2O57k=
-      gx_scs_ac_secret: !encrypted/pkcs1-oaep
-        - QmUbdGH6ZrkVaL7qV8P0lxKn/kvpEREmf8MffxWvQb+zeWs4y2O8A4TNl/tGRjmJzV7Vk
-          tkte+bdazt7fG665WxKaUI8exkuLYCA3fPPp00/7CyhYDc24bWG/BH0ypEWpjfzInxv3Q
-          waqjvC4O3tp2oNX9wIicrZuDVfdDywCHgkEdApQpjJZqe0VifjZ4/Arj3m4sCA9yCj3gW
-          PUa8kDgGheYYqyIETAbKAskcUbRNUrKGkDZBMfYqXSuXLRDbjk4G2RZK74E56s7iZcW51
-          FLBVFrdfU+EV/haAIkLPacQ05xbtsLJ9tUdmy4gjd2lzA7CQxtZ3Kf6p9lWXk/xvnHvdv
-          SLvQPsWV1/6WeLaBq+m2ncajWrJW2WyltxEfUF4jYTroM1bw+b4OiYOhSwFDipzyYpTwY
-          zxFSwfmhHvkwPdeinjK2s04XmDLBGjfYFGvGwMKpEIYC9/hoBNQcSV26k2CKIPMX2Wb+z
-          TW7x5U3evZ22RResSQrIxZGt1xOvYFVw8KK8n243pL1tk0VtRtlEpNNVLbY7Zm8dUj9mU
-          ogEUIbRB2NVl904YLtqD1u/jasBYsvdvB7HmcXQmh+8/lybh5ouBP2ZTdSNnPy2tZDTTB
-          aqdJ+oJYtAwnm+e5fR8ddqvfcEW6eq8D7ouahjNYcbWT7K2ZjWlR2HxrqJJRxs=
       cc_rrze_ac_id: !encrypted/pkcs1-oaep
         - DUgJ7ozJOzJq1TSmBE6P8RGAW6C+s9LDRbW6mHIbAQlAX3+21d/KgoLk9zEyDdOanK1yd
           QaEZJDjURsIAcHJh7vh9w/2Z948XKDybxIOb1tcJGJU1LsEmYoNAQXM5G3+l8Z66Crpgw
@@ -321,3 +299,25 @@
           cYBWMsILDfv/7AR2lE+QTCxtL3gqPbjX5h0XlIXS/8p+xuA04pvSA6MWWCOuEUgQyt7i2
           6QnUC2DdYiVKGf54pBGuyilsBlH9Hmmcpa3UFrFQhGJjvZ1+M+8shFH3m238UYu72Q57q
           JZBtAU3zdwqDrDe5d/EfGSDE9FFLoMvColJpwLeY4zhP3XK6MrDnjwkMGMpsrE=
+      scs2_ac_id: !encrypted/pkcs1-oaep
+        - Y8BQv9PqamMnqL72LDSTxIE7qKQUz8pclYYZV2MhBbspuzBzs9/a3dMXyrOL1HyFacGZo
+          IPYnTG7BnnQLup0iwNoL2DMmsut69c0nLXIId2+hmH2/inW9GmEN12zE70nSG1jhGqAm/
+          V6q814Ef0O+bnvs8Abr06w2mWDAtbyZeAD7K7UzsQpz1SzyJKidRltQQNuI5cCpPCenkm
+          5Co9q0df8E3JeLwOa96Y1Xb4bHXmh0sfDTsc2DNGOAE3+wWc2iYMYIvCqrIvYmTUJMX+z
+          IqGJ3Ca1Py27xl7hOhlwFerJdTZTB1YZ61T5+RAbJ9LzNhP6hzQscArYLJHCMclxH7kI4
+          SH778FfSPK7nJmkAK8T6D8uFLuJmw7aNhuUPcRTIWrvMic1Pe+y12OJa2mCF3ULiaj+Ct
+          roCW3hPBVOwQPe1LsgoT2pUbhhA4Gej5vDeGSgcCqwFyZMK+9F4y6ueGeupYgaenSSNSA
+          oDvjYvE7IAceBqpm06miDNIMHRiHOfKvS7GWmN64axgoFvL8PwpjHmufOg5tvDqAPhNPo
+          ymNxEuQbPyXz6uEvqkIzXNqJD1Rso9lzDSpmuw0DGYiURINAlJ5+aIKd1I80E5jnYqWDi
+          AzoVDdcc8rs5dSv5EVUNgHAZbhoGXCrDG4Rle3W7O7OjYRhujWfPvOsZpKshus=
+      scs2_ac_secret: !encrypted/pkcs1-oaep
+        - IKyt7UBMh6ByyMYriD1348U14YAeDyshpizDi+JFRKMUTHfGOMt8ymMwvSNjZNl0lDq05
+          hj+5eihgASkXeKrDVqqB/UV1eB5romShC72AyoeenR33ydfXhpscAW6Ygsx1o1k49FDVa
+          zc7xe4T6dEcGfuXCELUcC6bl7LiOh4lX8fKUie1liq5l3yonYGgKQ00kLMTd3NkEiIzan
+          HJF6ezLq2AvJPHBeoa7x0yGUk6IwJGafL++kiYNUqbzYP1MG0JJyMbHP4svM/Fq/IiO6y
+          HBoLT0zc3owQ3JUxysQ+jDCeltLvwdwEtl7T10+xtSYsOQnsoN+/KTqW3+jrFHEAI0xDc
+          v3X81xZb9zW6aEQc75Upx0fnDOBHPnGBziHG+4m8YrIkMthJ812v0Xrwi1VH6sFac1lET
+          dOvR0LsXw1t/N8T7JbmzsJ7TTluN32iegt9mZ0syXHJyNr6DuUs3P6iDoOlRUzv+UzIJP
+          PHOVS1umROCJJi/5T78EA4ukDdFN/zdEktGauSDqUVRPASodV8Q3qvN6PgskPh1dQgxwB
+          Po9R1405It3aQtBiXnT+38eKAd1nTJkaRlC03VgbeV+XrjMI1YsMQDAt+YhMKSfys1ZhB
+          n6Dw+nc3Qi21G/CnY45rFUMLGTzevukKuHeiApf+eX4PdNQ1LPkUGrHdNnqkj8=

Standards/scs-0006-v1-organization-management.md

@@ -0,0 +1,85 @@
+---
+title: SCS GitHub Organization - Management of Inactive Users and Repositories
+type: Procedural
+status: Draft
+track: Global
+description: |
+  SCS-0006 defines how the SCS GitHub organization identifies and handles inactive users and stale repositories.
+  It ensures that only active contributors remain in the organization and that outdated repositories are archived to
+  keep the environment organized and relevant.
+---
+
+## Introduction
+
+To keep the SCS GitHub organization active and well-maintained, we regularly review user activity and repository relevance.
+Inactive users are removed to ensure security and engagement, while outdated repositories are archived to keep the
+workspace clean and efficient. This document outlines the criteria for identifying inactivity and the steps taken to manage it.
+
+## Definitions
+
+### Inactive User
+
+A member of the SCS GitHub organization who has not engaged in any of the following activities within the past **365** days:
+
+- Creating or commenting on pull requests (PRs) or issues within SCS GitHub repositories.
+- Pushing commits to any repository within the organization.
+- Participating in code reviews or other interactions within the SCS GitHub organization.
+
+**Exclusions:**
+
+- Comments in mailing lists or Matrix discussions do not count as activities that grant GitHub rights.
+
+### Stale Repository
+
+A repository within the SCS GitHub organization that has not experienced any of the following activities for a continuous period of **365** days:
+
+- Commits or code merges.
+- Issue creation or comments.
+- Pull request submissions or reviews.
+- Updates to documentation or other repository content.
+
+**Exclusions:**
+
+- Auto-generated PRs (e.g., Renovate, Dependabot) are ignored.
+- If no codeowners are left in the repository, it is considered stale.
+
+A warning will be issued **30 days** ahead of reaching the 365-day inactivity mark.
+
+## Procedures
+
+### Identification of Inactive Users
+
+On a monthly basis, organization owners will review user activity logs to identify members who meet the inactivity criteria.
+Identified inactive users will be flagged via a GitHub PR proposing their removal, mentioning their GitHub handle with a message:
+
+> "Please get in touch with us within 30 days if you wish to remain part of the organization."
+
+Additionally, if an email address is available (either from a public GitHub profile or the UCS/Nextcloud instance),
+a notification email will be sent.
+
+### Management of Inactive Users
+
+If a user remains inactive for an additional 30 days after the initial notification (totaling **365 days** of inactivity),
+they will be designated as dormant and removed from the SCS GitHub organization. Dormant users may request reactivation
+by contacting the organization owners and expressing their intent to contribute.
+
+### Identification of Stale Repositories
+
+On a monthly basis, organization owners will assess all repositories for activity levels. Repositories identified as stale
+(approaching 365 days of inactivity) will receive a warning **30 days** before being archived.
+
+An issue will be opened in the repository, tagging the most active contributors and codeowners (defined via CODEOWNERS file).
+If no codeowners exist, organization owners will assess whether the repository is still relevant.
+
+### Management of Stale Repositories
+
+Maintainers of repositories deemed stale will be contacted to determine the repository's relevance and future plans.
+If maintainers confirm that the repository is no longer active or necessary, or if no response is received within 30 days
+(totaling **365 days** of inactivity), the repository will be archived. Archiving a repository makes it read-only,
+preserving its content for reference while indicating that it is no longer actively maintained.
+
+## Conclusion
+
+By systematically managing inactive users and stale repositories, the SCS GitHub organization ensures that its collaborative
+environment remains secure, efficient, and focused on active projects. This proactive approach fosters a culture of engagement
+and maintains the integrity and relevance of the organization's resources.