Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

meta: introduce codeowners again #33895

Closed
wants to merge 1 commit into from

Conversation

jasnell
Copy link
Member

@jasnell jasnell commented Jun 15, 2020

The Contributor's Survey
results
highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set.

A couple of points:

  1. A codeowner should always be a team, never an individual person
  2. Each codeowner team should contain at least one TSC member (to
    provide coverage for signing off on semver-major changes)
  3. PRs touching any code with a codeowner must be signed off by at least
    one person on the codeowner team

/cc @nodejs/tsc

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the meta Issues and PRs related to the general management of the project. label Jun 15, 2020
@jasnell jasnell force-pushed the codeowners-take-2 branch from 86c8fa8 to 65013eb Compare June 15, 2020 20:13
@richardlau
Copy link
Member

The Contributor's Survey results highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

My recollection was we disabled it because it didn't work the way it was intended to with the way we'd set up teams/permissions for the repository: #21161

@jasnell
Copy link
Member Author

jasnell commented Jun 15, 2020

Yep, and it's possible that it still doesn't but we should at least try it. If it still doesn't work the way we need it to, then the bot needs to be updated to ensure that the right people are automatically pulled in to review.... it's also possible that a github action can be set up to achieve the behavior we need here. This is all why this is still just a draft PR.

.github/CODEOWNERS Outdated Show resolved Hide resolved
@Trott
Copy link
Member

Trott commented Jun 15, 2020

I checked GitHub docs, and CODEOWNERS will not work for the same reason it didn't work last time: The owners require write access in the repo. From https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners:

When the code owner is a team, that team must have write permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.

So every entity listed in CODEOWNERS will need to have write access to the repo granted directly to it. So adding teams will not work. Adding individuals will not work. The only team that will work is @nodejs/collaborators. We either need to change the way we have the permissions in the repository set up (please, no) or do something different.

@Trott
Copy link
Member

Trott commented Jun 15, 2020

I suppose we could add teams with write access to the repo and then restrict the teams to collaborators. But that will be a lot of work when offboarding people, generally error-prone, and I think basically not a good idea, as we often benefit from non-collaborators being members of teams like @nodejs/http.

@jasnell
Copy link
Member Author

jasnell commented Jun 15, 2020

Dang... ok, then let's explore a github actions based approach here... essentially, an action that applies the basic codeowner rules to teams without the write requirement.

@DerekNonGeneric
Copy link
Contributor

The approach taken by @amphtml may be of some interest here. It's an OWNERS file rather than CODEOWNERS. The @amp-owners-bot pings the appropriate people when you open a PR.

Check it out. :)

Relevant: https://twitter.com/cramforce/status/1182349710121734145

@mmarchini
Copy link
Contributor

mmarchini commented Jun 15, 2020

it's also possible that a github action can be set up to achieve the behavior we need here.

GitHub Actions can't comment or add reviewers on PRs from forks as Actions running on those PRs lack write-permission, so it wouldn't work either. Our bot should be able to do it though.

@mhdawson
Copy link
Member

If we can specify specific files we can probably also add the n-api in the initial set of areas.

@mcollina
Copy link
Member

I think this is a good motivation to rethink our team structure and analyze who is part of said teams and why they are not collaborators yet.

I think we should make those teams subteams of @nodejs/collaborators and onboard (or remove) people that do not need that level of permission.

I think we should give a shot to codeowners. This will also highlight areas where we are lacking contributors (and we can also point people to work on those part of core).

@jasnell
Copy link
Member Author

jasnell commented Jun 16, 2020

Good point @mcollina. In fact, we can start rolling this out incrementally as I originally suggested with teams that we know do have write access. The teams can definitely be cleaned up a bit!

@mmarchini
Copy link
Contributor

mmarchini commented Jun 16, 2020

analyze who is part of said teams and why they are not collaborators yet

Team like @nodejs/modules and @nodejs/diagnostics are Working Group teams. On both teams there are folks who are actively engaged but don't have write access to nodejs/node. Maybe for those cases we could create @nodejs/[teamname]-reviewers, and use the reviewers team for codeowners. This might even be automatable with GitHub Actions (edit: not as well as I was hoping, there's no trigger when a team is changed). But I agree with @jasnell, we can start with the teams which work and incrementally add teams later.

@mcollina
Copy link
Member

I would really need to have something in place for streams.

@jasnell
Copy link
Member Author

jasnell commented Jun 18, 2020

To move forward on this, let's initially limit the subsystem scope and see where we get and what issues may come up. The quic subsystem is new, the team is currently limited to folks who have write access, and it's well contained. Let's limit the CODEOWNERS to it and give it a test run. If things work out, we can expand out incrementally from there.

The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team
@jasnell jasnell force-pushed the codeowners-take-2 branch from c2137e0 to a2a2d55 Compare June 18, 2020 17:02
@jasnell jasnell marked this pull request as ready for review June 18, 2020 17:02
@jasnell
Copy link
Member Author

jasnell commented Jun 18, 2020

@nodejs/tsc ... please take a look. This re-introduces a limited CODEOWNERS as an experiment to see if we can use CODEOWNERS more extensively and what the issues may be. It is currently limited in scope to cover the new experimental quic subsystem, so it shouldn't interfere with anything else.

Copy link
Contributor

@mmarchini mmarchini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will it work? I thought the team had to be a subteam of @nodejs/collaborators to get pinged (but maybe I misunderstood). This also adds @nodejs/tsc as codeowners of codeowners, which I agree, but I wonder if it will face the same issue.

Regardless, LGTM. If it doesn't work, we can tweak codeowners and teams until we figure out something that works for us.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@addaleax
Copy link
Member

I don’t think the quic team currently has write access here? Is the current idea to verify whether write access is no longer required?

Maybe for those cases we could create @nodejs/[teamname]-reviewers, and use the reviewers team for codeowners.

I like that suggestion. 👍

@jasnell
Copy link
Member Author

jasnell commented Jun 19, 2020

I don’t think the quic team currently has write access here? Is the current idea to verify whether write access is no longer required?

The team, no, but everyone currently on it should, and enabling it for the team should work.

the challenge with using separate *-reviewer teams is that I think we're already just about at our allowed limit on the number of teams we're allowed to create in this github org (I could be wrong, but I thought the upper limit was about 200)

@mmarchini
Copy link
Contributor

Oh, I didn't know there was a limit. Maybe we should try to contact GitHub and ask if they can bump it?

As for giving write permission to quic: I'd be wary of giving write permission to teams without those teams being a subteam of collaborators. I believe we don't want to fragment permissions too much. But adding the permission temporarily to test should be fine.

@jasnell
Copy link
Member Author

jasnell commented Jun 19, 2020

Oh, I didn't know there was a limit. Maybe we should try to contact GitHub and ask if they can bump it?

I could be wrong. We need to find out. It would also be good to just audit our existing teams and see if there are any that can be removed

@jasnell
Copy link
Member Author

jasnell commented Jun 19, 2020

As for giving write permission to quic: I'd be wary of giving write permission to teams without those teams being a subteam of collaborators. I believe we don't want to fragment permissions too much. But adding the permission temporarily to test should be fine.

All the current members of the quic team are part of collaborators already, so we should be fine here.

@jasnell
Copy link
Member Author

jasnell commented Jun 19, 2020

I've made the @nodejs/quic team a sub-team of nodejs/Collaborators and have confirmed that the team has write access and everyone in it currently in a collaborator.

@nodejs/tsc ... I'm proposing that we land this as an experiment with the relaxed time requirements proposed by @addaleax in #33879 scoped specifically to the QUIC work for now. Let's run the experiment for a couple of weeks to see how things go, and assuming all goes well we can expand it to other subsystems incrementally before rolling the process changes out to the full repository.

@Trott
Copy link
Member

Trott commented Jun 19, 2020

The idea here is to create new -reviewer teams and give them write access so that CODEOWNERS can ping them? Not blocking, but I'm not excited that it increases the overhead of maintaining teams. We're already not-great at it. This is going to require updates to our onboarding and offboarding docs, and probably has other consequences. It may render the current teams obsolete, thus excluding people who aren't already collaborators.

Again, not blocking, but want to get a full accounting of probable downsides out here, in case there's another way....

@mmarchini
Copy link
Contributor

@Trott ideally if we decide to go the -reviewer way, I'd like to see it automated to keep these teams up to date with everyone from respective teams who are also collaborators. I don't think going with a manual approach would work well for us.

Has anyone tried to contact GitHub to ask about the possibility of codeowners working for teams who don't have write permission?

@Trott
Copy link
Member

Trott commented Jun 19, 2020

@Trott ideally if we decide to go the -reviewer way, I'd like to see it automated to keep these teams up to date with everyone from respective teams who are also collaborators. I don't think going with a manual approach would work well for us.

Automating these teams would be great.

Has anyone tried to contact GitHub to ask about the possibility of codeowners working for teams who don't have write permission?

Yes, they have definitely heard that feedback. I know I gave it to them some time ago and I know I'm not the first one.

@Trott
Copy link
Member

Trott commented Jun 19, 2020

Speaking of supplementing CODEOWNERS with bots: https://bionic.fullstory.com/taming-github-codeowners-with-bots/

Can't seem to locate the repo I used to put GitHub feature requests in, but I did find this: https://gh.neting.ccmunity/t/feature-request-codeowners-without-write-permissions/2323

@mmarchini
Copy link
Contributor

Oh yes, that's definitely a good alternative: we can have github-bot apply the reviewers instead of GitHub.

I hope one day Actions will be able to do these cool things (without relying on scheduler shenanigans).

mmarchini pushed a commit that referenced this pull request Jun 20, 2020
The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team

PR-URL: #33895
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
@mmarchini
Copy link
Contributor

Landed in fdf10ad

Let's continue the discussion on how to proceed with other teams in an issue, since that's not a blocker for this PR

@mmarchini
Copy link
Contributor

Continue discussion on: #33984

codebytere pushed a commit that referenced this pull request Jun 27, 2020
The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team

PR-URL: #33895
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
@codebytere codebytere mentioned this pull request Jun 28, 2020
codebytere pushed a commit that referenced this pull request Jun 30, 2020
The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team

PR-URL: #33895
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
codebytere pushed a commit that referenced this pull request Jul 10, 2020
The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team

PR-URL: #33895
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
codebytere pushed a commit that referenced this pull request Jul 12, 2020
The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team

PR-URL: #33895
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
@codebytere codebytere mentioned this pull request Jul 13, 2020
codebytere pushed a commit that referenced this pull request Jul 14, 2020
The [Contributor's Survey
results](nodejs/TSC#882) highlight the fact that
it is often not easy for contributors to know who the right people are
to talk to about a proposed change or who to ask for reviews of a given
subsystem. We briefly toyed around with codeowners before when GitHub
introduced it but just as quickly disabled it because the structure of
our repository made it exceedingly difficult to get right.

Rather than start with a codeowners for the entire project, I propose
that we start with a small experiment focused on specific subsystems.
Specifically, codeowners for modules, streams, net/tls, http/http2, and
quic (once that lands). We can expand out from there as we see how
things go with the minimal starter set. Initially this just enables
codeowners for the `quic` subsystem.

A couple of points:

1. A codeowner should always be a team, never an individual person
2. Each codeowner team should contain at least one TSC member (to
provide coverage for signing off on semver-major changes)
3. PRs touching any code with a codeowner must be signed off by at least
one person on the codeowner team

PR-URL: #33895
Reviewed-By: Matheus Marchini <mat@mmarchini.me>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.