Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docs on creating sandbox repos #125

Conversation

evankanderson
Copy link
Member

@evankanderson evankanderson commented Apr 15, 2020

Fixes #152 , #76

Since I've had to do it twice, I bothered writing up some instructions.

/assign @mattmoor

@googlebot googlebot added the cla: yes Indicates the PR's author has signed the CLA. label Apr 15, 2020
@knative-prow-robot knative-prow-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 15, 2020
Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels redundant with some docs in test-infra (cc @chaodaiG @chizhg for the best pointer).

mechanics/CREATING-A-SANDBOX-REPO.md Show resolved Hide resolved
`config/prow/config_knative.yaml` and then running
`./hack/generate-configs.sh`

1. Set up the "Settings" on the repo as follows:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This requires repo or org admin.

- set "@knative-admin" group as "Admin" role
- set "\${WG}-writers" group as "Write" role
- Under "Branches" add a branch protection rule for `master`:
- Require status checks to pass (except `...-go-coverage` checks)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only the pull- legs should be required, though technically I think only "tide" is truly required.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically only tide is required, and I can't remember if test-infra is trying to make that change, but it's often helpful to me as a reviewer to see a Required label next to each check that tide would require.

@chaodaiG
Copy link
Contributor

This feels redundant with some docs in test-infra (cc @chaodaiG @chizhg for the best pointer).

This is the only section that I found redundant, but i think it has its value to be presented here:

   using the automation, which probably involves updating
   `config/prow/config_knative.yaml` and then running
   `./hack/generate-configs.sh`

@evankanderson
Copy link
Member Author

Clarified the two places mentioned -- one on repo access, and one that the link actually points to the automation instructions.


The [`knative-sandbox`](https://github.com/knative-sandbox) GitHub org exists to
hold "non-core" Knative components which are owned and sponsored by a Working
Group but are not part of an official Knative release.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this strictly true? @n3wscott is looking at moving camel & couchdb sources into sandbox (due to dep issues) and both of those were part of the release assests for eventing-contrib

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think @n3wscott's plan is currently a tactical maneuver, but it looks like there is also a proposal to migrate most of these repos, so either couchdb/camel-k will move back to the knative repo, or all the other contents will be moved to -sandbox as well.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right -- and it's if the latter case occurs I'm wondering if that line is strictly true or not

https://github.com/knative-sandbox using the "New" button. Set the repo to
public and include an "Apache License 2.0" but no `.gitignore` or `README`.

1. (Requires repo write/org owner) Create an `OWNERS` file and `README.md` for
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we specify that eventing OWNERS also be added this for maintenance purposes?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a general guide for adding things in knative-sandbox, not eventing specific.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aha good point -- then perhaps it's worthwhile to inherit the appropriate OWNERs from whichever WG Lead (technical or execution) approved the request.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's why I didn't specify exactly what went in the OWNERS file. This is notes for a human to follow, not an automated script. 😁

- set "\${WG}-writers" group as "Write" role
- Under "Branches" add a branch protection rule for `master`:
- Require status checks to pass (except `...-go-coverage` checks)
- Include administrators
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we also want to require this?

Require pull request reviews before merging
When enabled, all commits must be made to a non-protected branch and submitted via a pull request with the required number of approving reviews and no changes requested before it can be merged into a branch that matches this rule.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that prow / tide + status checks is probably sufficient. As precedent, this is not set on serving.

I think this is part of the GitHub review flow, and we're using /lgtm and /approve instead of "changes requested" reviews.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When this is enabled, there's a "merge is blocked" message in the merge button unless someone clicks the approve radio button in a review. But Prow robot can merge anyway since it's an admin.


1. Set up
[test-infra using the automation](https://github.com/knative/test-infra/blob/master/guides/prow_setup.md#setting-up-prow-for-a-new-repo-reviewers-assignment-and-auto-merge)
, which probably involves updating `config/prow/config_knative.yaml` and then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is config/prod/prow/config_knative.yaml

(note the missing /prod/ in there)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, thanks!

`knative.dev` import paths for golang.

- Prow automation for tests is not necessarily required for `knative-sandbox`,
but the Google CLA bot and OWNERS files/tide merge should be enforced.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do you set up the CLA bot?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, Google owns all sandbox projects?

Copy link

@duglin duglin May 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we switch to a DCO for these? Or at least allow for it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you'll need to take that to the TOC -- Google owns the trademark on "Knative", and the current requirements from #23 are to have the Google CLA-bot enforced.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CLA-bot is set up on the org as a whole.

I think Ville discovered that you can't select which checks are enforced until they've been run on at least one PR, so I moved the branch-protection setup to an additional item after creating a test PR for Prow.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The details are in the CLA which is a pretty long read. The Istio team wrote this very short summary about what it means: "...is necessary because you own the copyright to your changes, even after your contribution becomes part of this project. So this agreement simply gives Google permission to use and redistribute your contributions as part of the project." https://github.com/istio/community/blob/master/CONTRIBUTING.md#contributor-license-agreements

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doug, can you add the trademark question to the overall trademark issue: #9

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just switch to DCO for everything?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, Google projects require the Google CLA.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Google CLA has language like You hereby grant to Google and to recipients of software distributed by Google.... does this imply that "Google is distributing Knative" and not the community? Does it mean Google and the community are one in the same?


1. (Requires org or repo admin) Set up the "Settings" on the repo as follows:

- Disable "wiki"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would think this would be something they might choose to enable on a per repo basis

Copy link
Member Author

@evankanderson evankanderson May 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we've been discouraging wiki because the access control and review is weaker, and it's easier to end up with content that could lead a user to an insecure setup.

@duglin
Copy link

duglin commented May 10, 2020

Should we include something about governance, even if it just points to the knative docs for that?

@evankanderson
Copy link
Member Author

Should we include something about governance, even if it just points to the knative docs for that?

We should probably have at least one template file, maybe CODE-OF-CONDUCT.md that references the governance and COC. That might be a good option for the first PR.

(Comment fail, correcting)

@evankanderson
Copy link
Member Author

Besides the CLA questions, any other concerns with putting these directions in the repo with the following change I made the other day:

  • Add a reference to the community docs via CODE-OF-CONDUCT.md
  • Do the C-O-C as a PR to test Prow checks and get the checks to show up in the UI
  • Move the check enforcement after the PR is created, since it can't be applied before then.

@evankanderson
Copy link
Member Author

Ready for another review or /lgtm.


## Process

1. (Requires Org owner) Create the new repo in
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@evankanderson what is the concrete process for the communication between the requestor and the org owner ? Should this go via slack, issue, mailing-list ? I'd suggest to use a GitHub issue for this in the community repo, so maybe one can mention this here, too ?

Copy link
Contributor

@rhuss rhuss Jun 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think am issue template with a check list would be very helpful, too.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I'll see about adding an issue template for this which includes these steps.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks !

@knative-prow-robot knative-prow-robot removed the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 22, 2020
@knative-prow-robot knative-prow-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 22, 2020
@evankanderson evankanderson force-pushed the sandboxes-are-closed-due-to-coronavirus branch from c2f7675 to 427687d Compare June 22, 2020 22:03
@evankanderson evankanderson force-pushed the sandboxes-are-closed-due-to-coronavirus branch from 427687d to f8bd578 Compare June 22, 2020 22:05
@grantr
Copy link
Contributor

grantr commented Jun 26, 2020

I went through these instructions for knative/eventing#3167. Here are my friction log notes:

Took about 1.5 hours to get through all the steps. With no templates or clear examples for most of it, I had to go looking for them.

Could have saved a lot of time by copying a template repo with some standard files already in place:

  • LICENSE
  • OWNERS_ALIASES containing TOC members
  • OWNERS including TOC alias as approvers
  • README.md
  • CODE-OF-CONDUCT.md

And then web-editing those as needed.

Confirmed with @chaodaiG that the test-infra steps at https://github.com/knative/test-infra/blob/master/guides/prow_knative_setup.md#setting-up-prow-for-a-new-repo-reviewers-assignment-and-auto-merge are still current for creating a new repo.

It's unclear what the standard Prow job template (presubmit and continuous) is for an empty repo with no tests. I copied the jobs from other repos, but example yaml blocks would be clearer.

I added build, unit, and integration presubmit jobs since it seemed better to assume that the new repo owners would eventually add these tests. To verify these jobs, I created the first PR with an no-op test/presubmit-tests.sh (just calls true) and checked that they succeeded.

I forked the repo to create this first PR, but next time I'll just create a new branch in the same repo and use web editing. In general, using GitHub's web UI exclusively (without cloning anything locally) would have saved a bunch of time.

When I created the first PR, Prow started commenting and adding labels even though none of my supporting PRs were merged. Seems like Prow approval mechanisms work on all repos in the org once they have the Prow robot added as an admin. I still waited for the test-infra changes to go in because I wanted to see the presubmit jobs pass, but I think I could have gotten a PR merged by Tide before then.

Because I put test/presubmit-tests.sh in the first PR, it didn't seem necessary to have another PR to add CODE-OF-CONDUCT.md. This file will be the same for every repo so it should be part of the template.

In some repos, CODE-OF-CONDUCT.md contains a link to the community repo, in others, a copy. Probably best to link so we don't have multiple versions floating around.

I copied branch protection rules from the eventing repo, but a canonical example would be better. Maybe the template repo can also serve as an example of branch protection rules and collaborator access (like prow robot).

I created a bunch of PRs in various repos, who should I request review from? Probably fine to let Prow suggest someone in the future, but in this case I cc'd @evankanderson on each one so he can see if everything is done right.

Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

couple nits, and an observation, but we can iterate on the peribolos observation to avoid churning this more.

name: Question
about: Question for TOC or Steering Committee
title: ""
---
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should think about labeling these in the template, so that we can query them?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds like a good but orthogonal project.

It might be worth seeing if we can get @macruzbar to summarize some triage best-practices gleaned from across the WGs, so we don't need to design our own.

## Process (to be executed by TOC or Steering member)

1. (Requires Org owner) Create the new repo in
https://github.com/knative-sandbox using the "New" button. Set the repo to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tcnghia and I learned the hard way yesterday that peribolos can create skeleton repos for you, so unless we're starting from a template repo, that might be a useful trick to incorporate.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a set of template repos is probably the way to go.

base --> controller
--> source
--> ???

But I'm worried about building more than we need, so let's start with the sample-controller and sample-source, plus a barebones one, and see where we get.

Copy link
Contributor

@grantr grantr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @evankanderson!

/lgtm

- set "@knative-admin" group as "Admin" role
- set "\${WG}-writers" group as "Write" role
- Under "Branches" add a branch protection rule for `master`:
- Require status checks to pass (except `...-go-coverage` checks)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically only tide is required, and I can't remember if test-infra is trying to make that change, but it's often helpful to me as a reviewer to see a Required label next to each check that tide would require.

- set "\${WG}-writers" group as "Write" role
- Under "Branches" add a branch protection rule for `master`:
- Require status checks to pass (except `...-go-coverage` checks)
- Include administrators
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When this is enabled, there's a "merge is blocked" message in the merge button unless someone clicks the approve radio button in a review. But Prow robot can merge anyway since it's an admin.

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 15, 2020
@evankanderson
Copy link
Member Author

Ugh, the issue templates aren't in a directory I have OWNERS on. Looking for someone from steering to approve that part.

@bsnchan
Copy link
Contributor

bsnchan commented Jul 27, 2020

/approve

Thanks for putting this together!

@knative-prow-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bsnchan, evankanderson, grantr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 27, 2020
@knative-prow-robot knative-prow-robot merged commit 8a248c4 into knative:master Jul 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the CLA. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Clarify and document the sandbox repository creation and verification process