-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add docs on creating sandbox repos #125
Add docs on creating sandbox repos #125
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mechanics/CREATING-A-SANDBOX-REPO.md
Outdated
`config/prow/config_knative.yaml` and then running | ||
`./hack/generate-configs.sh` | ||
|
||
1. Set up the "Settings" on the repo as follows: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This requires repo or org admin.
- set "@knative-admin" group as "Admin" role | ||
- set "\${WG}-writers" group as "Write" role | ||
- Under "Branches" add a branch protection rule for `master`: | ||
- Require status checks to pass (except `...-go-coverage` checks) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only the pull-
legs should be required, though technically I think only "tide" is truly required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically only tide is required, and I can't remember if test-infra is trying to make that change, but it's often helpful to me as a reviewer to see a Required label next to each check that tide would require.
This is the only section that I found redundant, but i think it has its value to be presented here:
|
Clarified the two places mentioned -- one on repo access, and one that the link actually points to the automation instructions. |
mechanics/CREATING-A-SANDBOX-REPO.md
Outdated
|
||
The [`knative-sandbox`](https://github.com/knative-sandbox) GitHub org exists to | ||
hold "non-core" Knative components which are owned and sponsored by a Working | ||
Group but are not part of an official Knative release. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this strictly true? @n3wscott is looking at moving camel & couchdb sources into sandbox (due to dep issues) and both of those were part of the release assests for eventing-contrib
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @n3wscott's plan is currently a tactical maneuver, but it looks like there is also a proposal to migrate most of these repos, so either couchdb/camel-k will move back to the knative
repo, or all the other contents will be moved to -sandbox
as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right -- and it's if the latter case occurs I'm wondering if that line is strictly true or not
mechanics/CREATING-A-SANDBOX-REPO.md
Outdated
https://github.com/knative-sandbox using the "New" button. Set the repo to | ||
public and include an "Apache License 2.0" but no `.gitignore` or `README`. | ||
|
||
1. (Requires repo write/org owner) Create an `OWNERS` file and `README.md` for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we specify that eventing OWNERS also be added this for maintenance purposes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a general guide for adding things in knative-sandbox
, not eventing specific.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aha good point -- then perhaps it's worthwhile to inherit the appropriate OWNERs from whichever WG Lead (technical or execution) approved the request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's why I didn't specify exactly what went in the OWNERS
file. This is notes for a human to follow, not an automated script. 😁
- set "\${WG}-writers" group as "Write" role | ||
- Under "Branches" add a branch protection rule for `master`: | ||
- Require status checks to pass (except `...-go-coverage` checks) | ||
- Include administrators |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we also want to require this?
Require pull request reviews before merging
When enabled, all commits must be made to a non-protected branch and submitted via a pull request with the required number of approving reviews and no changes requested before it can be merged into a branch that matches this rule.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that prow / tide + status checks is probably sufficient. As precedent, this is not set on serving.
I think this is part of the GitHub review flow, and we're using /lgtm
and /approve
instead of "changes requested" reviews.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When this is enabled, there's a "merge is blocked" message in the merge button unless someone clicks the approve radio button in a review. But Prow robot can merge anyway since it's an admin.
mechanics/CREATING-A-SANDBOX-REPO.md
Outdated
|
||
1. Set up | ||
[test-infra using the automation](https://github.com/knative/test-infra/blob/master/guides/prow_setup.md#setting-up-prow-for-a-new-repo-reviewers-assignment-and-auto-merge) | ||
, which probably involves updating `config/prow/config_knative.yaml` and then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is config/prod/prow/config_knative.yaml
(note the missing /prod/ in there)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed, thanks!
mechanics/CREATING-A-SANDBOX-REPO.md
Outdated
`knative.dev` import paths for golang. | ||
|
||
- Prow automation for tests is not necessarily required for `knative-sandbox`, | ||
but the Google CLA bot and OWNERS files/tide merge should be enforced. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do you set up the CLA bot?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, Google owns all sandbox projects?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we switch to a DCO for these? Or at least allow for it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you'll need to take that to the TOC -- Google owns the trademark on "Knative", and the current requirements from #23 are to have the Google CLA-bot enforced.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The CLA-bot is set up on the org as a whole.
I think Ville discovered that you can't select which checks are enforced until they've been run on at least one PR, so I moved the branch-protection setup to an additional item after creating a test PR for Prow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The details are in the CLA which is a pretty long read. The Istio team wrote this very short summary about what it means: "...is necessary because you own the copyright to your changes, even after your contribution becomes part of this project. So this agreement simply gives Google permission to use and redistribute your contributions as part of the project." https://github.com/istio/community/blob/master/CONTRIBUTING.md#contributor-license-agreements
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doug, can you add the trademark question to the overall trademark issue: #9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we just switch to DCO for everything?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, Google projects require the Google CLA.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Google CLA has language like You hereby grant to Google and to recipients of software distributed by Google....
does this imply that "Google is distributing Knative" and not the community? Does it mean Google and the community are one in the same?
mechanics/CREATING-A-SANDBOX-REPO.md
Outdated
|
||
1. (Requires org or repo admin) Set up the "Settings" on the repo as follows: | ||
|
||
- Disable "wiki" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would think this would be something they might choose to enable on a per repo basis
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we've been discouraging wiki because the access control and review is weaker, and it's easier to end up with content that could lead a user to an insecure setup.
Should we include something about governance, even if it just points to the knative docs for that? |
We should probably have at least one template file, maybe CODE-OF-CONDUCT.md that references the governance and COC. That might be a good option for the first PR. (Comment fail, correcting) |
Besides the CLA questions, any other concerns with putting these directions in the repo with the following change I made the other day:
|
Ready for another review or |
|
||
## Process | ||
|
||
1. (Requires Org owner) Create the new repo in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@evankanderson what is the concrete process for the communication between the requestor and the org owner ? Should this go via slack, issue, mailing-list ? I'd suggest to use a GitHub issue for this in the community repo, so maybe one can mention this here, too ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think am issue template with a check list would be very helpful, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I'll see about adding an issue template for this which includes these steps.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks !
…sed-due-to-coronavirus
c2f7675
to
427687d
Compare
427687d
to
f8bd578
Compare
I went through these instructions for knative/eventing#3167. Here are my friction log notes: Took about 1.5 hours to get through all the steps. With no templates or clear examples for most of it, I had to go looking for them. Could have saved a lot of time by copying a template repo with some standard files already in place:
And then web-editing those as needed. Confirmed with @chaodaiG that the test-infra steps at https://github.com/knative/test-infra/blob/master/guides/prow_knative_setup.md#setting-up-prow-for-a-new-repo-reviewers-assignment-and-auto-merge are still current for creating a new repo. It's unclear what the standard Prow job template (presubmit and continuous) is for an empty repo with no tests. I copied the jobs from other repos, but example yaml blocks would be clearer. I added build, unit, and integration presubmit jobs since it seemed better to assume that the new repo owners would eventually add these tests. To verify these jobs, I created the first PR with an no-op I forked the repo to create this first PR, but next time I'll just create a new branch in the same repo and use web editing. In general, using GitHub's web UI exclusively (without cloning anything locally) would have saved a bunch of time. When I created the first PR, Prow started commenting and adding labels even though none of my supporting PRs were merged. Seems like Prow approval mechanisms work on all repos in the org once they have the Prow robot added as an admin. I still waited for the test-infra changes to go in because I wanted to see the presubmit jobs pass, but I think I could have gotten a PR merged by Tide before then. Because I put test/presubmit-tests.sh in the first PR, it didn't seem necessary to have another PR to add CODE-OF-CONDUCT.md. This file will be the same for every repo so it should be part of the template. In some repos, CODE-OF-CONDUCT.md contains a link to the community repo, in others, a copy. Probably best to link so we don't have multiple versions floating around. I copied branch protection rules from the eventing repo, but a canonical example would be better. Maybe the template repo can also serve as an example of branch protection rules and collaborator access (like prow robot). I created a bunch of PRs in various repos, who should I request review from? Probably fine to let Prow suggest someone in the future, but in this case I cc'd @evankanderson on each one so he can see if everything is done right. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
couple nits, and an observation, but we can iterate on the peribolos observation to avoid churning this more.
name: Question | ||
about: Question for TOC or Steering Committee | ||
title: "" | ||
--- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should think about labeling these in the template, so that we can query them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sounds like a good but orthogonal project.
It might be worth seeing if we can get @macruzbar to summarize some triage best-practices gleaned from across the WGs, so we don't need to design our own.
## Process (to be executed by TOC or Steering member) | ||
|
||
1. (Requires Org owner) Create the new repo in | ||
https://github.com/knative-sandbox using the "New" button. Set the repo to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tcnghia and I learned the hard way yesterday that peribolos can create skeleton repos for you, so unless we're starting from a template repo, that might be a useful trick to incorporate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a set of template repos is probably the way to go.
base --> controller
--> source
--> ???
But I'm worried about building more than we need, so let's start with the sample-controller and sample-source, plus a barebones one, and see where we get.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @evankanderson!
/lgtm
- set "@knative-admin" group as "Admin" role | ||
- set "\${WG}-writers" group as "Write" role | ||
- Under "Branches" add a branch protection rule for `master`: | ||
- Require status checks to pass (except `...-go-coverage` checks) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically only tide is required, and I can't remember if test-infra is trying to make that change, but it's often helpful to me as a reviewer to see a Required label next to each check that tide would require.
- set "\${WG}-writers" group as "Write" role | ||
- Under "Branches" add a branch protection rule for `master`: | ||
- Require status checks to pass (except `...-go-coverage` checks) | ||
- Include administrators |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When this is enabled, there's a "merge is blocked" message in the merge button unless someone clicks the approve radio button in a review. But Prow robot can merge anyway since it's an admin.
Ugh, the issue templates aren't in a directory I have OWNERS on. Looking for someone from steering to approve that part. |
/approve Thanks for putting this together! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bsnchan, evankanderson, grantr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes #152 , #76
Since I've had to do it twice, I bothered writing up some instructions.
/assign @mattmoor