GitHub Organization Updates

Question

GitHub Organization Updates

onlydole opened this issue a year ago · comments

Taylor Dolezal commented a year ago

In using Sheriff, there are some organizational edits that I'd like to see or use with end user members:

Send organization invites to users who have yet to join.
Do not block Sheriff runs when users have not joined the org.
Remove Slack notifications for "X is not a member of the org" (we can utilize "pending invitations" instead).
Sheriff requires GitHub usernames to be case sensitive in the configuration. Auto-updating the PR with the correct username casing or allowing for all lowercase would be great additions.

Robert Kielty · Answer 1 · Sat Feb 18 2023 19:39:46 GMT+0800 (China Standard Time)

Thank you @onlydole for this, great feedback!

Incidents

X is not a member of the org - cncf/people#134

Robert Kielty · Answer 2 · Tue Feb 21 2023 20:00:17 GMT+0800 (China Standard Time)

I could add a cncf/people pull request check to block merging so that references to GitHub accounts that are not CNCF org members cannot be merged to main there.

That should then mean that merged people data only includes GitHub accounts that are cncf org members; less code checks on the Sheriff permissions sync job runs.

First pass, the check would update the PR letting the submitter know that they are attempting to add non CNCF org members using the check.

Could consider automatically inviting new members? Perhaps a human manually sending out the invites might be safer. This needs consideration, @jeefy @amye @onlydole

Submitter could then go about inviting GH accounts and once invites are accepted we could re-run the check to clear the blocking to merge.

@jeefy Should the check be implemented on sheriff?

Robert Kielty · Answer 3 · Tue Feb 21 2023 23:59:47 GMT+0800 (China Standard Time)

Met with @jeefy who explained that CNCF Org Membership is not required for external_collaborators

CNCF Org Memeberhip is only required for people added to named teams:

We broadly agreed that we can add this as a webhook-based check to Sheriff and that it would be best to allow human oversight on a manual process to invite a person into the CNCF org rather than automatically inviting a new person.

cc @amye @onlydole

Taylor Dolezal · Answer 4 · Wed Feb 22 2023 02:35:59 GMT+0800 (China Standard Time)

Thank you for these updates, @RobertKielty!

I agree that human oversight with org invites makes absolute sense to me. I like your proposal about adding in a check to let folks know that someone is also not a part of the org. If we did take the path of the human approval being the PR getting approved/merged before an invite is sent, I could also see that being a good workflow.

Utilizing external_collaborators is a good use case - for end users, I think the teams approach will be more useful as their most practical repo is private, and we provide read-only access to a majority of folks (400+ before the teams were deleted).

If there's a way to administrate these handles via a team-like object outside of GitHub and utilize external_collaborators, that would be another way to solve this issue (ex., something like a Terraform list), that would be another useful outcome.

Robert Kielty · Answer 5 · Mon Jul 17 2023 23:13:38 GMT+0800 (China Standard Time)

Closing as we have migrated away from Sheriff and are now using CLOWarden.

For details on how CLOWarden works see

https://github.com/cncf/clowarden#configuration