Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SANDBOX PROJECT ONBOARDING] OpenFGA #921

Closed
29 tasks done
amye opened this issue Sep 13, 2022 · 43 comments
Closed
29 tasks done

[SANDBOX PROJECT ONBOARDING] OpenFGA #921

amye opened this issue Sep 13, 2022 · 43 comments
Assignees
@caniszczyk @amye @idvoretskyi @jeefy
Labels
project onboarding project onboarding sandbox static-code-checks A flag for FOSSA/Synk for onboarding

Comments

@amye
Copy link
Contributor

amye commented Sep 13, 2022
edited by Cmierly
Loading

Welcome to CNCF Project Onboarding!
This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project.
We would like to complete onboarding within one month of acceptance.

From the project side, please ensure that you:

Things that CNCF will need from the project:

  • Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk
  • Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
  • GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership
  • GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
  • GitHub: ensure that hat the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
  • Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
  • Website: Analytics transferred to projects@cncf.io
  • CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en

Things that the CNCF will do or help the project to do:
@amye amye added sandbox project onboarding project onboarding labels Sep 13, 2022
This was referenced Sep 16, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
aaguiarz added a commit to aaguiarz/foundation that referenced this issue Sep 16, 2022
@aaguiarz
Add OpenFGA Maintainers
17e2291 
Add OpenFGA Maintainers

For cncf/toc#921
For openfga/community#33

> Create maintainer list + add to aggregated https://maintainers.cncf.io/ list by submitting a PR to it

Signed-off-by: Andrés Aguiar <andres.aguiar@auth0.com>
@aaguiarz aaguiarz mentioned this issue Sep 16, 2022
Merged
@aaguiarz
Copy link

@amye our CI/CD pipeline currently uses tools like Semgrep/Snyk for vulnerability scanning/FOSSA for licensing, in their non-free tiers, paid by Okta. Those runs from Github Actions.

I see we can get FOSSA with CNCF's help, not sure if we can get Snyk for vulnerability scanning.

Can we keep using Snyk for vulnerability scanning and the paid Semgrep tier, or should we move to free tiers?

Thanks

@aaguiarz
Copy link

aaguiarz commented Sep 16, 2022
edited
Loading

We are currently using Discord. Should we start using Slack?

  • Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk

Adrian Tam adrian.tam@okta.com (@adriantam)
Andres Aguiar <andres.aguiar@okta.com (@aaguiarz)
Craig Pastro craig.pastro@okta.com (@craigpastro)
Damian Schenkelman damian@okta.com (@dschenkelman)
Jakub Hertyk jakub.hertyk@okta.com (@curfew-marathon)
Jonathan Whitaker jonathan.whitaker@okta.com (@jon-whit)
Maria Ines Parnisari maria.inesparnisari@okta.com (@miparnisari)
Mat Dupont mat.dupont@okta.com (@matldupont)
Matthew Pereira matthew.pereira@okta.com (@matthewpereira)
Raghd Hamzeh raghd.hamzeh@okta.com (@rhamzeh)
Yamil Asusta yamil.asusta@okta.com (@elbuo8)

https://bestpractices.coreinfrastructure.org/en/projects/6374

@aaguiarz
Copy link

GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project

Do you have a preference?

We are currently using https://cla-assistant.io/ for CLAs, can we use https://easycla.lfx.linuxfoundation.org/#/ instead?

@aaguiarz
Copy link

We don't have analytics on the website. Should we integrate an analytics service? Any preference?

@amye
Copy link
Contributor Author

amye commented Sep 16, 2022

We don't have analytics on the website. Should we integrate an analytics service? Any preference?

If you don't already have one, no need!

@amye
Copy link
Contributor Author

amye commented Sep 16, 2022

GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project

Do you have a preference?

We are currently using https://cla-assistant.io/ for CLAs, can we use https://easycla.lfx.linuxfoundation.org/#/ instead?

Yes, the EasyCLA team is at https://jira.linuxfoundation.org/plugins/servlet/theme/portal/4/create/143 - they'll be able to help you out!

@amye
Copy link
Contributor Author

amye commented Sep 16, 2022

@amye our CI/CD pipeline currently uses tools like Semgrep/Snyk for vulnerability scanning/FOSSA for licensing, in their non-free tiers, paid by Okta. Those runs from Github Actions.

I see we can get FOSSA with CNCF's help, not sure if we can get Snyk for vulnerability scanning.

Can we keep using Snyk for vulnerability scanning and the paid Semgrep tier, or should we move to free tiers?

Thanks

@jeefy can help with Synk or FOSSA

@aaguiarz
Copy link

aaguiarz commented Sep 16, 2022
edited
Loading

  • Website: Analytics transferred to projects@cncf.io
    We don't have website analytics

@aaguiarz
Copy link

jeefy can help with Synk or FOSSA

@amye Can we keep Semgrep using our Okta license, or do we need to move to create an account for OpenFGA and move to a free tier?

Thanks!

@lukaszgryglicki
Copy link
Member

DevStats page added.

@aaguiarz
Copy link

For transferring the domain here https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63 should I set it this way?

Project: "None"
LF Stakeholder email: @caniszczyk's
Community Stakeholder email: mine

Thanks!

@amye
Copy link
Contributor Author

amye commented Sep 19, 2022

For transferring the domain here https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63 should I set it this way?

Project: "None" LF Stakeholder email: @caniszczyk's Community Stakeholder email: mine

Thanks!
You want Project to be 'CNCF'.

@aaguiarz
Copy link

aaguiarz commented Sep 20, 2022
edited
Loading

@matthewpereira matthewpereira mentioned this issue Sep 22, 2022
Merged
@aaguiarz
Copy link

aaguiarz commented Oct 18, 2022
edited
Loading

@aaguiarz
Copy link

  • Is your project in its own separate neutral github organization?
  • GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership

@aaguiarz
Copy link

@jeefy could you please help me with Synk and FOSSA?

@aaguiarz
Copy link

@amye In our notice.txt files we have "Copyright 2022 Okta, Inc.". I see other projects use "The Authors". Is it OK if we use "The OpenFGA Project Authors"? Should we mention CNCF?

@caniszczyk
Copy link
Contributor

caniszczyk commented Oct 20, 2022 via email

@aaguiarz
Copy link

  • Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).

Check https://openfga.dev/

@caniszczyk
Copy link
Contributor

caniszczyk commented Oct 21, 2022 via email

@aaguiarz
Copy link

@jeefy now the Github org is part of CNCF's org, would it be possible to setup the integration with Synk and FOSSA? Thanks a lot.

@aaguiarz
Copy link

aaguiarz commented Nov 1, 2022

@amye can you confirm if I should use @caniszczyk 's emails as "LF Stakeholder" when transferring the domains? Thanks!

@amye
Copy link
Contributor Author

amye commented Nov 1, 2022

It can be me, that's fine.

@aaguiarz
Copy link

aaguiarz commented Nov 1, 2022
edited
Loading

https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-24780

@aaguiarz
Copy link

aaguiarz commented Nov 1, 2022

I think we are done from our side, we still need help to:

  • Setup EasyCLA
  • Setup FOSSA/Snyk

Thanks for your help!

@aaguiarz
Copy link

  • GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project

EasyCLA is now integrated.

@aaguiarz
Copy link

Domain transfer was completed.

@aaguiarz
Copy link

@amye The rest of the items that are unchecked are completed too:

We don't have Slack channels, we are using Discord. Should we create a Slack channel in CNCF's Slack?

  • Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).

In Openfga.dev, there's a CNCF icon at the bottom left that links to https://www.linuxfoundation.org/legal/trademark-usage let us know if that does not work.

@aaguiarz
Copy link

@amye @jeefy can we get help with FOSSA/Snyk? We are using our own configuration and we want to make sure the license checks are compliant with CNCF's.

Thanks a lot

@amye
Copy link
Contributor Author

amye commented Dec 2, 2022

I'll let @jeefy weigh in on Fossa, but last thing: do you want a space on community.cncf.io?

@aaguiarz
Copy link

aaguiarz commented Dec 2, 2022

@amye Not yet, can we do it later, when we start to see the need? Thanks!

@amye
Copy link
Contributor Author

amye commented Dec 2, 2022

Awesome!

@aaguiarz
Copy link

aaguiarz commented Jan 4, 2023

@jeefy can you help us integrate FOSSA/Snyk?

@ogazitt ogazitt mentioned this issue Jan 18, 2023
Open
30 tasks
@aaguiarz
Copy link

aaguiarz commented Feb 1, 2023

@jeefy ping :) We really need to get that integration done... Thanks!

@amye
Copy link
Contributor Author

amye commented Feb 7, 2023

This is our our list, @RobertKielty may also be assisting here :)

@jeefy
Copy link
Member

jeefy commented Feb 28, 2023

Not only did this fall off my radar, my radar just ceased functioning. My bad.

@aaguiarz all maintainers should have invitations to Snyk in their inboxes (if not already, soon)

@aaguiarz
Copy link

Thanks @jeefy ! Can we also get access to FOSSA? We have it already configured for OSS Licensing Compliance but we are using our keys.

@aaguiarz
Copy link

aaguiarz commented Mar 6, 2023
edited
Loading

  • Adopt a license scanning tool, like FOSSA or Snyk

@amye this is done, we can close the task :)

@amye amye added the static-code-checks A flag for FOSSA/Synk for onboarding label Mar 16, 2023
@aaguiarz
Copy link

Also make sure you work on any issues found here :)
https://clomonitor.io/projects/cncf/openfga

We got there! ☺️ cc @caniszczyk

@Cmierly
Copy link

Cmierly commented Sep 26, 2023

All tasks have been completed!
Closing this out.

@Cmierly Cmierly closed this as completed Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caniszczyk caniszczyk

@amye amye

@idvoretskyi idvoretskyi

@jeefy jeefy

Labels
project onboarding project onboarding sandbox static-code-checks A flag for FOSSA/Synk for onboarding
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@caniszczyk @amye @idvoretskyi @jeefy @aaguiarz @lukaszgryglicki @Cmierly