Hello @alexkappa.

First, I want to sincerely say thank you for all your work to get this project to the point it is today. It's a valuable project and as such has become a key piece of a lot of projects.

I wanted to raise the question of maintainership and project status. Over the last few months, many issues and pull-requests have gone w/o action for weeks, and up to a month. This includes the configured stale bot closing valid issues w/o any recourse. It's unclear to me at this point what the status of the project is, and what it can be going forward. I've personally offered my time to help maintain and it seems others have (such as @paddycarey) been given some level of access.

What can I, and/or the community do to ensure this project remains healthy and active moving forward?

Thanks!

(also applies to https://github.com/alexkappa/terraform-provider-auth0)

Thanks for bringing this up, @kpurdon ! We're in the same situation as you, and are also interested in this project remaining healthy!

Hello, thank you for the kind words and I appreciate your question with regard to project maintainership. Recently I've been having less time to focus on this due to an increased workload both professionally as well as personally. I am very late in getting to review PRs and address issues - let alone develop. I hope that will change, however, but I have no timeline to give you.

The good news is, this project is gaining much more support from Auth0. @yvovandoorn and a number of engineers from Auth0. @paddycarey, @jpadilla, @cyx among other engineers at Auth0 are able to help you out with issues and reviews if I am too late in getting to them myself.

What you can do to help: your offer is appreciated, and very much welcome.

• One thing that could help would be finally figuring out a safe way to run our integration tests in Github Actions during PRs. This would massively decrease the time to merge a PR. Due to the integration tests requiring a set of auth0 client id/secret, gh actions won't pass these secrets to PR actions for security reasons.
• Continue submitting issues and PRs. Triage and issue verification takes a long time sometimes and finding the root cause is a very manual operation. If we can come up with a way to organize better around this, issues might be easier to solve.
• Call me out! When something is delaying and it really needs attention, please reach out to me. It is possible that I just missed the issue/comment. Or reach out to any one of the other maintainers.

I am sure we can do better in the future with the support from auth0, but for me personally, it will take me a little more time to become as active as I need to be in order to support this project and the terraform provider so we can serve you best.

Thank you for the response @alexkappa. I have some follow up suggestions:

The good news is, this project is gaining much more support from Auth0. @yvovandoorn and a number of engineers from Auth0. @paddycarey, @jpadilla, @cyx among other engineers at Auth0 are able to help you out with issues and reviews if I am too late in getting to them myself.

This is great news. I've seen @paddycarey around a few PRs reviewing and hoped this was the case. My suggestion here would be to try and formalize a group of maintainers and document the correct way to request review (ideally rotating through those maintainers). A specific example issue is #187 which was reviewed/approved but it seems only you have the power to merge today. I'd love to see all maintainers gain that ability. This will drastically reduce your workload.

This includes the configured stale bot closing valid issues w/o any recourse.

This might only be relevant to the terraform repo, for example: alexkappa/terraform-provider-auth0#286 (comment). Can that bot be disabled?

One thing that could help would be finally figuring out a safe way to run our integration tests in Github Actions during PRs. This would massively decrease the time to merge a PR. Due to the integration tests requiring a set of auth0 client id/secret, gh actions won't pass these secrets to PR actions for security reasons.

GitHub actions and CI are tricky to contribute without permissions. This also seems like a good task for some Auth0 folks. Perhaps some actual tenant resources/etc could be dedicated to this project for testing?

Secrets should work for PR actions, I do this using https://docs.github.com/en/actions/reference/encrypted-secrets professionally. However, the obvious trick is that you couldn't have 2 PRs sharing the same Auth0 tenant. Unfortunately, GitHub actions still doesn't support limiting concurrency AFAIK.

Call me out! When something is delaying and it really needs attention, please reach out to me. It is possible that I just missed the issue/comment. Or reach out to any one of the other maintainers.

I think this goes back to my first point. It would be great to have an easy way to request action/review from any maintainer. I would normally accomplish this by creating an organization team, and then documenting that as the correct thing to use for requesting review. You could even make use of https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/managing-code-review-assignment-for-your-team to auto-assign to all maintainers and balance the workload.

Hey @kpurdon, as you can see I and the rest of my fellow Auth0 folks are starting to take a more active role. I'll discuss internally to see if an organization team makes the best sense.

For now, as an interim, feel free to @ myself. While I won't guarantee SLAs under 24 hours, your point of PRs sitting open for a long time is duly noted.

Thank you all for the responses here. It's clear to me that w/ the addition of Auth0 folks taking a role the health of this project will improve over time. As always let me know if I can help in any way.

I would also like to add my appreciation for the additional help from Auth0 (@yvovandoorn and company), it's been a big help getting things rolling again. And thank you to @alexkappa for creating this provider in the first place! I'm not really a developer but I'll help out where I can.