-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add write access to kubeflow
repo for wg-notebooks-leads
#618
add write access to kubeflow
repo for wg-notebooks-leads
#618
Conversation
@james-jwu and @zijianjoy, I would appreciate your review of this, to help unblock the Notebooks WG. |
The admins should ensure that the following repo branch-protection rules are enabled on
Require a pull request before merging:Require status checks to pass before merging:Restrict who can push to matching branches: |
Hello @thesuperzapper ,
If there is any need for repo-level write permission, please raise it to Kubeflow Steering Committee, or propose to separate Notebook component into its own repo going forward. |
@zijianjoy just copying the main points raised during the community meeting:
@kimwnasptd I am interested in your feedback here. |
@zijianjoy @kimwnasptd @thesuperzapper i think we need the same for Kubeflow/manifests |
Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>
e1bade9
to
be61fa6
Compare
kubeflow
repo for wg-notebooks-leads
@andreyvelich @james-jwu this really needs to be resolved soon (it's making it hard to release 1.8.1 for notebooks). Can the KSC confirm they are happy with this, and if so, please merge? |
Yes please and I also need write access to create tags for Kubeflow/manifests and the 1.8.1 prerelease. Cc @rimolive |
@juliusvonkohout raise a separate PR, because I don't want that to block this one. |
@thesuperzapper it is already the case for wg-manifests-leads |
But i still cannot create tags. So there is another problem. |
@juliusvonkohout I bet there is a "protected tags" rule, like this one from another repo: The only way around that is to be an admin (which is obviously not allowed), however, GitHub now has more granular "rule sets" in which we can add specific groups as "except from": We can remove the "protected tags" and replace them with:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you considered moving notebooks to a separate repo?
@terrytangyuan @andreyvelich There are several Problems here.
@zijianjoy @james-jwu can approve this PR. I hope that @kimwnasptd comes back as maintainer and that the release manager @rimolive can back up my statements. |
I am okay with granting write access until longer term solution can be found. I would like to get 2 more lgtms from @kubeflow/kubeflow-steering-committee |
I understand these concerns @juliusvonkohout and I agree with you that WG co-chairs should have write permission to the appropriate repositories. So That will make very clear to the users that Kubeflow is a combination of different sub-services for end-to-end AI/ML platform on Kubernetes. We can also disable issue creation in the |
@andreyvelich I agree on disabling issues under |
@juliusvonkohout @thesuperzapper I want to help you guys to stabilize the issue count and the repo migration. We can form a plan and assign tasks. Migration out of |
We can use kubeflow/community repo or other repos. Let's discuss it some time. Usually, these issues are not created by Kubeflow users so we can find better place. |
@andreyvelich @james-jwu so can we please merge this? It simply adds myself and @kimwnasptd as write access on |
Please give us a few more hours to discuss it during today's KSC meeting. |
Hi @thesuperzapper, during today KSC meeting we discussed this PR to give write access to |
Hi @thesuperzapper @juliusvonkohout @kubeflow/wg-notebooks-leads, do we have any updates here with our plan? We think that we should solve this problem relatively soon since many users/contributors are getting confused with By solving this problem we will give much more clarity to our users and will see much more adoption when users realise the full potential for the Kubeflow project. cc @kubeflow/kubeflow-steering-committee |
@andreyvelich with the amount of resources we currently have in the @kubeflow/wg-notebooks-leads, I just don't see any way that splitting the repo up will be possible in the short to medium term. We barely have enough contributors to maintain the existing components. Realistically, I can't continue to maintain the notebooks and core components without write access to For example, there are critical issues with 1.8.0 (kubeflow/kubeflow#7453), but as I am unable cherry-pick and cut a |
Even if we get more resources for "core" + "notebooks", we still have to consider the following:
I am not saying we can't split it up, just that there are no clear lines to split down, and we will likely still end up with the core components in |
Also, to help direct people to the right repo for issues, we can use issue templates and make users tick a box saying But as a backup, issues can be transferred between repos by people who have write access to BOTH the source and target repo. |
I understand your frustration around not enough contributors to the existing components, but don't you think if we separate Kubeflow Notebooks in a separate GitHub repo it will be easier for folks to understand where and how to contribute to Kubeflow Notebooks ?
I am not sure if If I remember correctly @kubeflow/wg-notebooks-leads discussed previously that we can remove KFAM.
It's not only about issue template it is more about answering the question Right now given the energy around new Kubeflow components (e.g. Model Registry, Spark Operator) we should work towards:
I saw benefits in both approaches if we want to grow our community. I believe, this first step of migrating Kubeflow Notebooks and Central Dashboard from What do others think about it? |
I think for the time being @thesuperzapper and @kimwnasptd aka the "notebooks" leads just need the write access, independent of the repository splitting. I talked to Kimonas at Kubecon and he will support me to become the third maintainer for kubeflow/kubeflow, but it might take until the end of the year. Then I might be able to help Matthew a bit and improve the maintainer situation. Until then we have to at least make it possible to release Kubeflow 1.9. At the moment Mathew can't even approve workflows for PRs which really stalls the development. |
Hey folks, it's been a minute. I agree with @andreyvelich on the importance of keeping My high level proposal is the following, after reading the comments:
@thesuperzapper I also agree that indeed the lines of what to split is not fully clear, and potentially then raise the question: What is TL;DR: @thesuperzapper let's have a sync to see how we can most painlessly empty the |
But @andreyvelich in the interim, once we provide a plan, we'll really need to have write access to even work on the 1.9 release |
Thank you for your comments @juliusvonkohout @kimwnasptd.
Another solution could be to move it to
That makes sense @kimwnasptd, I am happy to unblock it. Let me get confirmation today form @kubeflow/kubeflow-steering-committee to move this forward. In the meantime @kimwnasptd please can I ask you to create tracking issue in |
@andreyvelich |
The KSC discussed the issues presented in this PR. The short term need for Notebook WG leads to obtain write access to github/kubeflow repo is acknowledged. KSC would like to ask the Notebook WG to work towards the long term solution of moving notebooks to a separate repo. The approval of this PR will be temporarily granted for 3 months, during which time the Notebook WG is asked to:
Please ACK this message if you are in agreement with this decision @thesuperzapper, @kimwnasptd, after which we will unblock this PR. Thanks! - James (on behalf of KSC) |
@kimwnasptd @thesuperzapper Please can you reply on the message above from @james-jwu to move this forward ? |
I have made an issue that we can use to discuss the next steps @james-jwu I am ok with trying to move as much as we can out of the |
Since @thesuperzapper created tracking issue, I am happy to unblock this PR as @james-jwu suggested here: #618 (comment) |
Thank you for this @andreyvelich @james-jwu! |
Any ETA to merge this PR and give @thesuperzapper write access to cut a release for kubeflow/kubeflow? This is blocking Kubeflow 1.9.0-rc0 release at this moment. cc @kubeflow/kubeflow-steering-committee |
Yes, we can merge it, sorry for the delay. |
/lgtm |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: james-jwu, thesuperzapper The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@james-jwu I think someone will need to run the sync script, because I still don't have write access on |
@thesuperzapper this is fixed by @zijianjoy |
Currently, none of the @kubeflow/wg-notebooks-leads have
write
access to thekubeflow/kubeflow
repo.I believe that @kimwnasptd and I are trusted enough to have the additional permissions, and we both agree not to make direct commits to the
master
branch of repo (which can be enforced with a branch-protection rule if the admins would like).Reason 1
This is causing significant problems because we are unable to approve GitHub action runs for new contributors (meaning our CI/CD never runs for these users).
GitHub introduced new security requirements for GitHub actions, and only members with
write
access can approve runs from PRs created by new contributors:Reason 2
We cant manage our own GitHub actions jobs (e.g. canceling hung jobs and re-running them), as this requires write access to the repo.
Reason 3
We cant create release tags for testing versions (or full releases).