diff --git a/.github/workflows/org-inactive-user-management.yml b/.github/workflows/org-inactive-user-management.yml index 126f42ef8..990d8e71e 100644 --- a/.github/workflows/org-inactive-user-management.yml +++ b/.github/workflows/org-inactive-user-management.yml @@ -22,8 +22,8 @@ jobs: id: uds run: | python -m pip install --upgrade pip - pip install -r community/org/requirements.txt - python community/org/org_user_management.py + pip install -r community/orgs/requirements.txt + python community/orgs/org_user_management.py env: GH_TOKEN: ${{ secrets.GH_TOKEN }} INACTIVE_USER_MANAGEMENT_TAG_USERS: ${{ secrets.INACTIVE_USER_MANAGEMENT_TAG_USERS }} @@ -32,7 +32,7 @@ jobs: uses: peter-evans/create-pull-request@v5 with: path: community - add-paths: org/contributors.yml + add-paths: orgs/contributors.yml commit-message: Delete inactive users branch: delete-inactive-users title: 'Inactive users to be deleted' diff --git a/.github/workflows/org-management-check-prs.yml b/.github/workflows/org-management-check-prs.yml index 6e77dc6bb..15653dd19 100644 --- a/.github/workflows/org-management-check-prs.yml +++ b/.github/workflows/org-management-check-prs.yml @@ -2,7 +2,7 @@ name: 'Check Github Organization Settings PRs' on: pull_request: paths: - - 'org/*' + - 'orgs/*' - 'toc/TOC.md' - 'toc/working-groups/*.md' - '.github/workflows/org-management-check-prs.yml' @@ -19,5 +19,5 @@ jobs: - name: Generate github org configuration run: | python -m pip install --upgrade pip - pip install -r community/org/requirements.txt - python community/org/org_management.py -o cloudfoundry.out.yml -b branchprotection.out.yml + pip install -r community/orgs/requirements.txt + python community/orgs/org_management.py -o orgs.out.yml -b branchprotection.out.yml diff --git a/.github/workflows/org-management-ci.yml b/.github/workflows/org-management-ci.yml index 2f83d2e50..2d866b422 100644 --- a/.github/workflows/org-management-ci.yml +++ b/.github/workflows/org-management-ci.yml @@ -2,9 +2,9 @@ name: 'Org Automation CI' on: pull_request: paths: - - 'org/*.py' - - 'org/requirements*' - - 'org/pyproject.toml' + - 'orgs/*.py' + - 'orgs/requirements*' + - 'orgs/pyproject.toml' - '.github/workflows/org-management-ci.yml' jobs: org-automation-tests: @@ -19,13 +19,13 @@ jobs: - name: pip install run: | python -m pip install --upgrade pip - pip install -r community/org/requirements.txt - pip install -r community/org/requirements-dev.txt + pip install -r community/orgs/requirements.txt + pip install -r community/orgs/requirements-dev.txt - name: flake8 and black run: | - cd community/org + cd community/orgs python -m flake8 - name: unit tests run: | - cd community/org + cd community/orgs python -m unittest discover -s . diff --git a/.github/workflows/org-management-peribolos-dump.yml b/.github/workflows/org-management-peribolos-dump.yml index 4dec4ab8f..1599d67cf 100644 --- a/.github/workflows/org-management-peribolos-dump.yml +++ b/.github/workflows/org-management-peribolos-dump.yml @@ -41,17 +41,17 @@ jobs: with: entrypoint: /bin/sh # Switch back to app auth once following PR gets merged: https://github.com/kubernetes/test-infra/pull/24882 - # args: --dump-full --dump cloudfoundry --github-app-id=${{ secrets.GH_APP_ID }} --github-app-private-key-path=private_key > org/cloudfoundry.yml - args: -c "/ko-app/peribolos --dump-full --dump cloudfoundry --github-endpoint http://ghproxy:8888 --github-token-path=token > community/org/cloudfoundry.yml" + # args: --dump-full --dump cloudfoundry --github-app-id=${{ secrets.GH_APP_ID }} --github-app-private-key-path=private_key > orgs/orgs.yml + args: -c "/ko-app/peribolos --dump-full --dump cloudfoundry --github-endpoint http://ghproxy:8888 --github-token-path=token > community/orgs/orgs.yml" - name: Create Pull Request uses: peter-evans/create-pull-request@v5 with: path: community - add-paths: org/cloudfoundry.yml + add-paths: orgs/orgs.yml commit-message: Run peribolos -dump-full branch: peribolos-dump draft: true - title: 'Sync org/cloudfoundry.yml with reality' + title: 'Sync orgs/orgs.yml with reality' body: | This PR contains a fresh peribolos dump. PR is intended for debugging. Don't merge as-is because parts of the cloudfoundry org configuration are generated from WG charters. diff --git a/.github/workflows/org-management.yml b/.github/workflows/org-management.yml index 02bb8ea24..81919f70a 100644 --- a/.github/workflows/org-management.yml +++ b/.github/workflows/org-management.yml @@ -4,7 +4,7 @@ on: branches: - 'main' paths: - - 'org/*' + - 'orgs/*' - 'toc/TOC.md' - 'toc/working-groups/*.md' - '.github/workflows/org-management.yml' @@ -43,8 +43,8 @@ jobs: - name: Generate github org configuration run: | python -m pip install --upgrade pip - pip install -r community/org/requirements.txt - python community/org/org_management.py -o cloudfoundry.out.yml -b branchprotection.out.yml + pip install -r community/orgs/requirements.txt + python community/orgs/org_management.py -o orgs.out.yml -b branchprotection.out.yml - name: write github private key run: | echo "${GH_PRIVATE_KEY}" > private_key @@ -65,7 +65,7 @@ jobs: --github-app-id=${{ secrets.GH_APP_ID }} --github-app-private-key-path=private_key --require-self=false - --config-path=cloudfoundry.out.yml + --config-path=orgs.out.yml --fix-org --fix-org-members --fix-repos @@ -105,8 +105,8 @@ jobs: - name: Generate github org configuration run: | python -m pip install --upgrade pip - pip install -r community/org/requirements.txt - python community/org/org_management.py -o cloudfoundry.out.yml -b branchprotection.out.yml + pip install -r community/orgs/requirements.txt + python community/orgs/org_management.py -o orgs.out.yml -b branchprotection.out.yml - name: write github private key run: | echo "${GH_PRIVATE_KEY}" > private_key diff --git a/.github/workflows/project-sync.yml b/.github/workflows/project-sync.yml index 9564cc43d..9c4e1b9d2 100644 --- a/.github/workflows/project-sync.yml +++ b/.github/workflows/project-sync.yml @@ -11,7 +11,7 @@ jobs: - uses: actions/checkout@v4 - id: matrix run: | - echo "::set-output name=matrix::$(./org/generate_working_group_projects_sync_config.sh)" + echo "::set-output name=matrix::$(./orgs/generate_working_group_projects_sync_config.sh)" outputs: matrix: ${{ steps.matrix.outputs.matrix }} diff --git a/org/contributors.yml b/org/contributors.yml deleted file mode 100644 index 257e0f39a..000000000 --- a/org/contributors.yml +++ /dev/null @@ -1,224 +0,0 @@ -contributors: -- a-b -- a-hassanin -- abg -- acosta11 -- acrmp -- aditya267vmware -- adrianhoelzl-sap -- ameowlia -- anshrupani -- anthonydahanne -- ANUGRAHG -- app-autoscaler-ci-bot -- aqstack -- aramprice -- ard-wg-gitbot -- arjun024 -- asalan316 -- Benjamintf1 -- beyhan -- bgandon -- Birdrock -- blgm -- bonzofenix -- bosh-admin-bot -- bosh-init-concourse -- boyan-velinov -- brayanhenao -- bruce-ricard -- bsoroushian -- c0d1ngm0nk3y -- ccjaimes -- cf-buildpacks-eng -- cf-bosh-ci-bot -- cf-cli-eng -- cf-final-release-election-bot -- cf-frontend -- cf-gitbot -- cf-identity -- cf-infra-bot -- cf-rabbit-bot -- cf-release-notes-bot -- chaitanyamullangi -- colins -- coolgang123 -- crhntr -- Cryogenics-CI -- ctlong -- cunnie -- dalvarado -- Dariquest -- danail-branekov -- danielfor -- davewalter -- dennisjbell -- dibya1947 -- dlresende -- dmikusa -- domdom82 -- Dray56 -- dsabeti -- dsanand22 -- dsboulder -- duanemay -- dubeyshefali -- ebroberson -- emalm -- emmjohnson -- evanfarrar -- FelisiaM -- fhanik -- fifthposition -- FloThinksPi -- ForestEckhardt -- genevieve -- geofffranks -- georgethebeatle -- Gerg -- gm2552 -- Gourab1998 -- gururajsh -- haochenhu233 -- hibell -- hsinn0 -- iaftab-alam -- ifindlay-cci -- ikasarov -- iprotsiuk -- itsouvalas -- IvanBorislavovDimitrov -- jbooherl -- jericop -- jhvhs -- jintusebastian -- jmervinnirma -- joaopapereira -- jochenehret -- joefitzgerald -- joergdw -- johha -- jpalermo -- jrussett -- julian-hj -- kabathla -- karthikseshadri -- kathap -- kehrlann -- KesavanKing -- kevin-ortega -- kimago -- klakin-pivotal -- klapkov -- klaus-sap -- kohara88 -- korifi-bot -- kpujadev -- krsna-m -- krutten -- lechner77 -- lnguyen -- loewenstein-sap -- Lokowandtg -- m-thavaf -- MarcPaquette -- mariash -- max-soe -- metric-store-ci -- mingxiao -- mkocher -- MNoeva -- modulo11 -- moggibear -- moleske -- mrosecrance -- mukeshkhicher-br -- mvach -- nader-ziada -- nakulogale-cb -- nand2 -- norman-abramovitz -- nouseforaname -- ohkyle -- oliver-heinrich -- oppegard -- paketo-bot -- paketo-bot-reviewer -- paulcwarren -- pcf-core-services -- PeteLevineA -- peterhaochen47 -- philippthun -- Pivotal-Christopher-Wong -- pivotal-david-osullivan -- pivotal-marcela-campo -- pivotalgeorge -- plowin -- pyogesh2 -- radhavmwtnz -- radito3 -- ragaskar -- rajathagasthya -- ramonskie -- reedr3 -- rlewis24 -- robdimsdale -- rpranay1 -- rroberts2222 -- ryanwittrup -- s-yonkov-yonkov -- saloni-sshah -- salzmannsusan -- samze -- Sascha-Stoj -- selzoc -- services-api-ci -- servicesenablement -- sethboyles -- sg038444 -- shilpachandrashekara -- shrisha-c -- siddarthalk -- silvestre -- snneji -- Soha-Albaghdady -- sophiewigmore -- spgreenberg -- sp1goyal -- ssunka -- stefanlay -- strehle -- svcboteos -- svkrieger -- swalchemist -- tack-sap -- Tallicia -- tas-runtime-bot -- tcdowney -- ten4o -- theghost5800 -- thitch97 -- TisVictress -- torsten-sap -- totherme -- uzabanov -- vinaybheri -- vipinvkmenon -- vkalapov -- VRBogdanov -- wayneeseguin -- WeiQuan0605 -- weresch -- winkingturtle-vmw -- xandroc -- xiujiao -- xtreme-conor-nosal -- xtreme-nitin-ravindran -- xtremerui -- Yavor16 -- ystros -- ZPascal -- zucchinidev -- nookala -- joeeltgroth -- jajita diff --git a/org/.flake8 b/orgs/.flake8 similarity index 100% rename from org/.flake8 rename to orgs/.flake8 diff --git a/org/branchprotection.yml b/orgs/branchprotection.yml similarity index 100% rename from org/branchprotection.yml rename to orgs/branchprotection.yml diff --git a/orgs/contributors.yml b/orgs/contributors.yml new file mode 100644 index 000000000..07d137bba --- /dev/null +++ b/orgs/contributors.yml @@ -0,0 +1,226 @@ +orgs: + cloudfoundry: + contributors: + - a-b + - a-hassanin + - abg + - acosta11 + - acrmp + - aditya267vmware + - adrianhoelzl-sap + - ameowlia + - anshrupani + - anthonydahanne + - ANUGRAHG + - app-autoscaler-ci-bot + - aqstack + - aramprice + - ard-wg-gitbot + - arjun024 + - asalan316 + - Benjamintf1 + - beyhan + - bgandon + - Birdrock + - blgm + - bonzofenix + - bosh-admin-bot + - bosh-init-concourse + - boyan-velinov + - brayanhenao + - bruce-ricard + - bsoroushian + - c0d1ngm0nk3y + - ccjaimes + - cf-buildpacks-eng + - cf-bosh-ci-bot + - cf-cli-eng + - cf-final-release-election-bot + - cf-frontend + - cf-gitbot + - cf-identity + - cf-infra-bot + - cf-rabbit-bot + - cf-release-notes-bot + - chaitanyamullangi + - colins + - coolgang123 + - crhntr + - Cryogenics-CI + - ctlong + - cunnie + - dalvarado + - Dariquest + - danail-branekov + - danielfor + - davewalter + - dennisjbell + - dibya1947 + - dlresende + - dmikusa + - domdom82 + - Dray56 + - dsabeti + - dsanand22 + - dsboulder + - duanemay + - dubeyshefali + - ebroberson + - emalm + - emmjohnson + - evanfarrar + - FelisiaM + - fhanik + - fifthposition + - FloThinksPi + - ForestEckhardt + - genevieve + - geofffranks + - georgethebeatle + - Gerg + - gm2552 + - Gourab1998 + - gururajsh + - haochenhu233 + - hibell + - hsinn0 + - iaftab-alam + - ifindlay-cci + - ikasarov + - iprotsiuk + - itsouvalas + - IvanBorislavovDimitrov + - jbooherl + - jericop + - jhvhs + - jintusebastian + - jmervinnirma + - joaopapereira + - jochenehret + - joefitzgerald + - joergdw + - johha + - jpalermo + - jrussett + - julian-hj + - kabathla + - karthikseshadri + - kathap + - kehrlann + - KesavanKing + - kevin-ortega + - kimago + - klakin-pivotal + - klapkov + - klaus-sap + - kohara88 + - korifi-bot + - kpujadev + - krsna-m + - krutten + - lechner77 + - lnguyen + - loewenstein-sap + - Lokowandtg + - m-thavaf + - MarcPaquette + - mariash + - max-soe + - metric-store-ci + - mingxiao + - mkocher + - MNoeva + - modulo11 + - moggibear + - moleske + - mrosecrance + - mukeshkhicher-br + - mvach + - nader-ziada + - nakulogale-cb + - nand2 + - norman-abramovitz + - nouseforaname + - ohkyle + - oliver-heinrich + - oppegard + - paketo-bot + - paketo-bot-reviewer + - paulcwarren + - pcf-core-services + - PeteLevineA + - peterhaochen47 + - philippthun + - Pivotal-Christopher-Wong + - pivotal-david-osullivan + - pivotal-marcela-campo + - pivotalgeorge + - plowin + - pyogesh2 + - radhavmwtnz + - radito3 + - ragaskar + - rajathagasthya + - ramonskie + - reedr3 + - rlewis24 + - robdimsdale + - rpranay1 + - rroberts2222 + - ryanwittrup + - s-yonkov-yonkov + - saloni-sshah + - salzmannsusan + - samze + - Sascha-Stoj + - selzoc + - services-api-ci + - servicesenablement + - sethboyles + - sg038444 + - shilpachandrashekara + - shrisha-c + - siddarthalk + - silvestre + - snneji + - Soha-Albaghdady + - sophiewigmore + - spgreenberg + - sp1goyal + - ssunka + - stefanlay + - strehle + - svcboteos + - svkrieger + - swalchemist + - tack-sap + - Tallicia + - tas-runtime-bot + - tcdowney + - ten4o + - theghost5800 + - thitch97 + - TisVictress + - torsten-sap + - totherme + - uzabanov + - vinaybheri + - vipinvkmenon + - vkalapov + - VRBogdanov + - wayneeseguin + - WeiQuan0605 + - weresch + - winkingturtle-vmw + - xandroc + - xiujiao + - xtreme-conor-nosal + - xtreme-nitin-ravindran + - xtremerui + - Yavor16 + - ystros + - ZPascal + - zucchinidev + - nookala + - joeeltgroth + - jajita diff --git a/org/generate_working_group_projects_sync_config.sh b/orgs/generate_working_group_projects_sync_config.sh similarity index 100% rename from org/generate_working_group_projects_sync_config.sh rename to orgs/generate_working_group_projects_sync_config.sh diff --git a/org/org_management.py b/orgs/org_management.py similarity index 94% rename from org/org_management.py rename to orgs/org_management.py index 32d004695..c8912b9ca 100644 --- a/org/org_management.py +++ b/orgs/org_management.py @@ -1,5 +1,5 @@ # Generates cloudfound org configuration for Peribolos from: -# - a static configuration: cloudfoundry.yml +# - a static configuration: orgs.yml # - a contributors list: contributors.yml # - the WG charters: ../toc/working-groups/*.md (yaml block) # - the TOC charter: ../toc/TOC.md (yaml block) @@ -47,7 +47,9 @@ def __init__( ) OrgGenerator._validate_github_org_cfg(self.org_cfg) self.contributors = ( - set(OrgGenerator._validate_contributors(OrgGenerator._yaml_load(contributors))["contributors"]) if contributors else set() + set(OrgGenerator._validate_contributors(OrgGenerator._yaml_load(contributors))["orgs"]["cloudfoundry"]["contributors"]) + if contributors + else set() ) self.toc = OrgGenerator._yaml_load(toc) if toc else OrgGenerator._empty_wg_config("TOC") OrgGenerator._validate_wg(self.toc) @@ -60,7 +62,7 @@ def __init__( OrgGenerator._validate_branch_protection(self.branch_protection) def load_from_project(self): - path = f"{_SCRIPT_PATH}/cloudfoundry.yml" + path = f"{_SCRIPT_PATH}/orgs.yml" print(f"Reading static org configuration from {path}") self.org_cfg = OrgGenerator._validate_github_org_cfg(OrgGenerator._read_yml_file(path)) @@ -69,7 +71,7 @@ def load_from_project(self): print(f"Reading contributors from {path}") contributors_yaml = OrgGenerator._read_yml_file(path) OrgGenerator._validate_contributors(contributors_yaml) - self.contributors = set(contributors_yaml["contributors"]) + self.contributors = set(contributors_yaml["orgs"]["cloudfoundry"]["contributors"]) path = f"{_SCRIPT_PATH}/branchprotection.yml" print(f"Reading branch protection configuration from {path}") @@ -121,7 +123,7 @@ def generate_org_members(self): self.org_cfg["orgs"]["cloudfoundry"]["admins"] = sorted(org_admins) def generate_teams(self): - # overwrites any teams in cloudfoundry.yml that match a generated team name according to RFC-0005 + # overwrites any teams in orgs.yml that match a generated team name according to RFC-0005 # working group teams for wg in self.working_groups: (name, team) = OrgGenerator._generate_wg_teams(wg) @@ -214,8 +216,22 @@ def _wg_github_users_leads(wg) -> Set[str]: _CONTRIBUTORS_SCHEMA = { "type": "object", - "properties": {"contributors": {"type": "array", "items": {"type": "string"}}}, - "required": ["contributors"], + "properties": { + "orgs": { + "type": "object", + "properties": { + "cloudfoundry": { + "type": "object", + "properties": {"contributors": {"type": "array", "items": {"type": "string"}}}, + "required": ["contributors"], + "additionalProperties": False, + } + }, + "required": ["cloudfoundry"], + "additionalProperties": False, + } + }, + "required": ["orgs"], "additionalProperties": False, } @@ -487,7 +503,7 @@ def _generate_wb_branch_protection(self, wg) -> Dict[str, Any]: def _get_default_branch(self, repo: str) -> str: # https://github.com/organizations/cloudfoundry/settings/repository-defaults - Repository default branch = main (for new repos) - # But in cloudfoundry.yml: all repos w/o default_branch use master (data was generated by peribolos) + # But in orgs.yml: all repos w/o default_branch use master (data was generated by peribolos) # https://github.com/kubernetes/test-infra/blob/master/prow/config/org/org.go#L173 # Looks like trouble ahead. Should not create new repos w/o default_branch setting. return self.org_cfg["orgs"]["cloudfoundry"]["repos"].get(repo, {}).get("default_branch", "master") @@ -502,14 +518,14 @@ def _kebab_case(name: str) -> str: if __name__ == "__main__": - parser = argparse.ArgumentParser(description="Cloud Foundry Org Generator") - parser.add_argument("-o", "--out", default="cloudfoundry.out.yml", help="output file for generated org configuration") + parser = argparse.ArgumentParser(description="CFF Managed Github Orgs Generator") + parser.add_argument("-o", "--out", default="orgs.out.yml", help="output file for generated org configuration") parser.add_argument( "-b", "--branchprotection", default="branchprotection.out.yml", help="output file for generated branch protection rules" ) args = parser.parse_args() - print("Generating cloudfoundry org configuration.") + print("Generating CFF Managed Github Org configuration.") generator = OrgGenerator() generator.load_from_project() if not generator.validate_repo_ownership(): diff --git a/org/org_user_management.py b/orgs/org_user_management.py similarity index 100% rename from org/org_user_management.py rename to orgs/org_user_management.py diff --git a/org/cloudfoundry.yml b/orgs/orgs.yml similarity index 100% rename from org/cloudfoundry.yml rename to orgs/orgs.yml diff --git a/org/orphaned_repos.sh b/orgs/orphaned_repos.sh similarity index 87% rename from org/orphaned_repos.sh rename to orgs/orphaned_repos.sh index a83aa5774..12ed9503f 100755 --- a/org/orphaned_repos.sh +++ b/orgs/orphaned_repos.sh @@ -2,7 +2,7 @@ set -eu -o pipefail -comm -3 <(cat org/cloudfoundry.yml | spruce json \ +comm -3 <(cat org/orgs.yml | spruce json \ | jq -r '.orgs.cloudfoundry.repos | with_entries(select(.value.archived != true)) | keys | map("cloudfoundry/\(.)") | sort | unique | .[]') \ <(./toc/working-groups/parsable-working-groups.sh \ | jq -s -r 'map(map(.areas[].repositories)) | flatten | map(select(contains("cloudfoundry"))) | sort | unique | .[]') diff --git a/org/pyproject.toml b/orgs/pyproject.toml similarity index 100% rename from org/pyproject.toml rename to orgs/pyproject.toml diff --git a/org/readme.md b/orgs/readme.md similarity index 80% rename from org/readme.md rename to orgs/readme.md index b5c5fd48d..1cfa08fd1 100644 --- a/org/readme.md +++ b/orgs/readme.md @@ -1,28 +1,30 @@ -# Management of github organization cloudfoundry +# CFF Managed Github Orgs -The projects, teams and org membership in github org 'cloudfoundry' are maintained according to a number of [RFCs](https://github.com/cloudfoundry/community/tree/main/toc/rfc). The RFCs require PRs to one of the following files: +:construction: Multiple CFF Managed Github Orgs is work-in-progress. Currently, only the `cloudfoundry` org is supported as CFF Managed Github Org. -- [cloudfoundry.yml](https://github.com/cloudfoundry/community/blob/main/org/cloudfoundry.yml) - static org configuration and projects -- [contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml) - list of [Contributors](https://github.com/cloudfoundry/community/blob/main/toc/ROLES.md#contributor) -- [branchprotection.yml](https://github.com/cloudfoundry/community/blob/main/org/branchprotection.yml) - static branch protection rules for projects +The projects, teams and org membership in CFF Managed Github Orgs are maintained according to a number of [RFCs](https://github.com/cloudfoundry/community/tree/main/toc/rfc). The RFCs require PRs to one of the following files: + +- [orgs.yml](https://github.com/cloudfoundry/community/blob/main/orgs/orgs.yml) - static org configuration and projects +- [contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml) - list of [Contributors](https://github.com/cloudfoundry/community/blob/main/toc/ROLES.md#contributor) per org +- [branchprotection.yml](https://github.com/cloudfoundry/community/blob/main/orgs/branchprotection.yml) - static branch protection rules for projects - [TOC.md](https://github.com/cloudfoundry/community/blob/main/toc/TOC.md) - projects owned by the TOC (specified in yaml block) - [ADMIN.md](https://github.com/cloudfoundry/community/blob/main/toc/ADMIN.md) - special WG for maintaining administrative repositories owned by CFF staff - [Working Group Charters](https://github.com/cloudfoundry/community/tree/main/toc/working-groups) - projects owned by working groups (specified in yaml block) -Once approved and merged, the github action [org-management.yml](https://github.com/cloudfoundry/community/actions/workflows/org-management.yml) compiles a resulting cloudfoundry org configuration from the files mentioned above and applies it with [peribolos](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/peribolos). +Once approved and merged, the github action [org-management.yml](https://github.com/cloudfoundry/community/actions/workflows/org-management.yml) compiles a resulting Github org configuration from the files mentioned above and applies it with [peribolos](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/peribolos). -[org_management.py](https://github.com/cloudfoundry/community/blob/main/org/org-management.py) generates the following parts of the resulting cloudfoundry org configuration: +[org_management.py](https://github.com/cloudfoundry/community/blob/main/orgs/org-management.py) generates the following parts of the resulting CFF Managed Github Org configuration: ### Organization Members Organization members are generated according to [rfc-0002-github-members](https://github.com/cloudfoundry/community/blob/main/toc/rfc/rfc-0002-github-members.md) and [rfc-0008-role-change-process](https://github.com/cloudfoundry/community/blob/main/toc/rfc/rfc-0008-role-change-process.md): -- any members specified in [cloudfoundry.yml](https://github.com/cloudfoundry/community/blob/main/org/cloudfoundry.yml) (should be none) -- all contributors from [contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml) +- any members specified in [orgs.yml](https://github.com/cloudfoundry/community/blob/main/orgs/orgs.yml) (should be none) +- all contributors from [contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml) - all working group leads and approvers specified in the [Working Group Charters](https://github.com/cloudfoundry/community/tree/main/toc/working-groups) - org admins and TOC members must not be added to org member list ### Organization Admins Organization admins are: -- any admin specified in [cloudfoundry.yml](https://github.com/cloudfoundry/community/blob/main/org/cloudfoundry.yml) (should be none) +- any admin specified in [orgs.yml](https://github.com/cloudfoundry/community/blob/main/orgs/orgs.yml) (should be none) - all TOC execution leads and technical leads specified in [TOC.md](https://github.com/cloudfoundry/community/blob/main/toc/TOC.md) ### Github Teams for Working Group Areas @@ -39,7 +41,7 @@ config: ``` Branch protection rules are applied using the [branchprotector tool from the prow toolset](https://docs.prow.k8s.io/docs/components/optional/branchprotector/). -Rules specified in [branchprotection.yml](https://github.com/cloudfoundry/community/blob/main/org/branchprotection.yml) take precedence, i.e. no RFC-0015 rules are generated for repositories listed here but the static configuration is taken without modification. +Rules specified in [branchprotection.yml](https://github.com/cloudfoundry/community/blob/main/orgs/branchprotection.yml) take precedence, i.e. no RFC-0015 rules are generated for repositories listed here but the static configuration is taken without modification. The generated branch protection rules specification for working group projects look like: ``` @@ -67,7 +69,7 @@ Best Practices: - Replace github deploy keys by working group bot users. Branch protection rules enforce PRs for commits with deploy keys (enforce_admins=true). - Ensure that all bot users are members of the working group bots team or working group area bots team. - Remove all direct repository users in 'Settings > Collaborators and teams'. Repository access shall be governed by the generated teams only. -- You may exclude repos w/o source code (e.g. bbl config and state, semver). See [branchprotection.yml](https://github.com/cloudfoundry/community/blob/main/org/branchprotection.yml) for examples. +- You may exclude repos w/o source code (e.g. bbl config and state, semver). See [branchprotection.yml](https://github.com/cloudfoundry/community/blob/main/orgs/branchprotection.yml) for examples. Limitations: - The branchprotector doesn't support wildcards for branch rules. I.e. every version branch gets its own rule. diff --git a/org/requirements-dev.txt b/orgs/requirements-dev.txt similarity index 100% rename from org/requirements-dev.txt rename to orgs/requirements-dev.txt diff --git a/org/requirements.txt b/orgs/requirements.txt similarity index 100% rename from org/requirements.txt rename to orgs/requirements.txt diff --git a/org/test_org_management.py b/orgs/test_org_management.py similarity index 97% rename from org/test_org_management.py rename to orgs/test_org_management.py index 162f0c1be..a02691883 100644 --- a/org/test_org_management.py +++ b/orgs/test_org_management.py @@ -169,9 +169,11 @@ """ contributors = """ -contributors: -- contributor1 -- Contributor2 +orgs: + cloudfoundry: + contributors: + - contributor1 + - Contributor2 """ branch_protection = """ @@ -209,10 +211,12 @@ def test_org_members_wg(self): def test_org_admins_cannot_be_org_members(self): contributors = """ - contributors: - - contributor1 - - Contributor2 - - admin1 + orgs: + cloudfoundry: + contributors: + - contributor1 + - Contributor2 + - admin1 """ o = OrgGenerator(static_org_cfg=org_cfg, contributors=contributors) o.generate_org_members() @@ -221,11 +225,13 @@ def test_org_admins_cannot_be_org_members(self): def test_toc_members_are_org_admins(self): contributors = """ - contributors: - - contributor1 - - Contributor2 - - toc-member-1 - - toc-member-2 + orgs: + cloudfoundry: + contributors: + - contributor1 + - Contributor2 + - toc-member-1 + - toc-member-2 """ o = OrgGenerator(toc=toc, contributors=contributors) o.generate_org_members() @@ -265,7 +271,7 @@ def test_validate_yaml_unique_keys(self): OrgGenerator._yaml_load(yml) def test_validate_contributors(self): - OrgGenerator._validate_contributors({"contributors": []}) + OrgGenerator._validate_contributors({"orgs": {"cloudfoundry": {"contributors": []}}}) OrgGenerator._validate_contributors(OrgGenerator._yaml_load(contributors)) with self.assertRaises(jsonschema.ValidationError): OrgGenerator._validate_contributors({}) diff --git a/toc/ROLES.md b/toc/ROLES.md index 860ae51b7..a84c8471e 100644 --- a/toc/ROLES.md +++ b/toc/ROLES.md @@ -490,7 +490,7 @@ Last ammended by [RFC-0008 Role Change Process](https://github.com/cloudfoundry/ - When a person meets the criteria to be a Contributor as defined in [Contributor Role](#contributor), they may submit a PR adding themselves to -[contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml). +[contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml). - Two existing Contributors, Reviewers, or Approvers must attest that they meet the criteria by reviewing the PR. @@ -531,7 +531,7 @@ they may submit a PR adding themselves to - People with the Contributor role may submit a PR to revoke their role by removing the appropriate entry from - [contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml). + [contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml). - An existing Contributor, Reviewer, or Approver may submit the revocation request on behalf of someone else, but the person whose role is being revoked diff --git a/toc/rfc/rfc-0007-repository-ownership.md b/toc/rfc/rfc-0007-repository-ownership.md index f3bb2a1a2..e94c676db 100644 --- a/toc/rfc/rfc-0007-repository-ownership.md +++ b/toc/rfc/rfc-0007-repository-ownership.md @@ -133,7 +133,7 @@ Approval requirements Steps 1. Someone opens a PR that: adds the repo to the - [cloudfoundry.yml](../../org/cloudfoundry.yml) and adds the repo to the + [orgs.yml](../../orgs/orgs.yml) and adds the repo to the desired Working Group's yaml. 2. The Working Group and TOC both approve the PR. 3. The TOC merges the PR. @@ -174,7 +174,7 @@ Approval requirements Steps 1. Someone opens a PR that: marks the repo as archived in the - [cloudfoundry.yml](../../org/cloudfoundry.yml) and that removes the repo from + [orgs.yml](../../orgs/orgs.yml) and that removes the repo from the Working Group's yaml. 2. The Working Group and TOC both approve the PR. 3. The TOC merges the PR. @@ -191,7 +191,7 @@ Approval requirements Steps 1. Someone opens a PR that removes the - [cloudfoundry.yml](../../org/cloudfoundry.yml) and removes the repo from the + [orgs.yml](../../orgs/orgs.yml) and removes the repo from the Working Group's yaml. 2. The Working Group and TOC both approve the PR. 3. The TOC merges the PR. @@ -226,7 +226,7 @@ Approval requirements Steps 1. Someone opens a PR that: renames the repo in the - [cloudfoundry.yml](../../org/cloudfoundry.yml) and renames the repo in the + [orgs.yml](../../orgs/orgs.yml) and renames the repo in the Working Group's yaml. 2. The Working Group and TOC both approve the PR. 3. The TOC stops the Github automation. diff --git a/toc/rfc/rfc-0008-role-change-process.md b/toc/rfc/rfc-0008-role-change-process.md index fe1d788eb..afd9b6aa5 100644 --- a/toc/rfc/rfc-0008-role-change-process.md +++ b/toc/rfc/rfc-0008-role-change-process.md @@ -32,7 +32,7 @@ Approver roles if they are no longer interested in participating at that level. - When a person meets the criteria to be a Contributor as defined in [ROLES.md](https://github.com/cloudfoundry/community/blob/main/toc/ROLES.md), they may submit a PR adding themselves to -[contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml). +[contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml). - Two existing Contributors or Approvers must attest that they meet the criteria by reviewing the PR. @@ -72,7 +72,7 @@ themselves to the team's yaml definition. - People with the Contributor role may submit a PR to revoke their role by removing the appropriate entry from - [contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml). + [contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml). - An existing Contributor or Approver may submit the revocation request on behalf of someone else, but the person whose role is being revoked must be diff --git a/toc/rfc/rfc-0013-remove-nonstandard-github-teams.md b/toc/rfc/rfc-0013-remove-nonstandard-github-teams.md index 6f02ffe44..15af4f7b4 100644 --- a/toc/rfc/rfc-0013-remove-nonstandard-github-teams.md +++ b/toc/rfc/rfc-0013-remove-nonstandard-github-teams.md @@ -20,7 +20,7 @@ These teams grant access to CFF-governed repositories, but are not beholden to the CFF's roles and other processes for governing access. In addition, the volume of GitHub teams makes it more difficult to manage team access via the GitHub UI and intermediary tools like -[`cloudfoundry.yml`](https://github.com/cloudfoundry/community/blob/main/org/cloudfoundry.yml). +[`orgs.yml`](https://github.com/cloudfoundry/community/blob/main/orgs/orgs.yml). Nevertheless, controlling access to Cloud Foundry repositories only by teams defined by CFF technical governance is a substantial change from the previous system of access and team management and in the short term will cause unexpected loss of access to repositories for some contributors and automated development and release processes. diff --git a/toc/rfc/rfc-0025-define-criteria-and-removal-process-for-inactive-members.md b/toc/rfc/rfc-0025-define-criteria-and-removal-process-for-inactive-members.md index e4eef069e..4f11f03a7 100644 --- a/toc/rfc/rfc-0025-define-criteria-and-removal-process-for-inactive-members.md +++ b/toc/rfc/rfc-0025-define-criteria-and-removal-process-for-inactive-members.md @@ -39,7 +39,7 @@ If the inactivity criteria are fulfilled for a member they should be removed fro #### Implementation This process should be fully automated until a pull-request for the removal is created. It should do following: -1. Find the Github users listed in [contributors.yml](https://github.com/cloudfoundry/community/blob/main/org/contributors.yml) without any working group role +1. Find the Github users listed in [contributors.yml](https://github.com/cloudfoundry/community/blob/main/orgs/contributors.yml) without any working group role 2. Find the inactive Github users from 1). We will implement this by ourself or use tools like [inactive-users-action](https://github.com/peter-murray/inactive-users-action/tree/main). 3. Create a pull-request to remove the user from the Cloud Foundry Github organization diff --git a/toc/rfc/rfc-0036-multiple-github-orgs.md b/toc/rfc/rfc-0036-multiple-github-orgs.md index 15590c866..bc6eb69ff 100644 --- a/toc/rfc/rfc-0036-multiple-github-orgs.md +++ b/toc/rfc/rfc-0036-multiple-github-orgs.md @@ -52,7 +52,7 @@ Github Org. Each CFF Managed Github Org MUST have its own list of contributors. ### Rename `cloudfoundry.yml` to `orgs.yml` Currently -[cloudfoundry.yml](https://github.com/cloudfoundry/community/blob/main/org/cloudfoundry.yml) +[cloudfoundry.yml](https://github.com/cloudfoundry/community/blob/8c7298337a8515d7dfae058b3bd1f88ad0eeaf95/org/cloudfoundry.yml) contains yaml defining all of the repos in the cloudfoundry Github org. It already has a top level [`orgs` key](https://github.com/cloudfoundry/community/blob/8c7298337a8515d7dfae058b3bd1f88ad0eeaf95/org/cloudfoundry.yml#L2).