Add step-by-step guide on transferring repos into the organization (#68)

nodejs · Dec 18, 2018 · 0f2af76 · 0f2af76
1 parent 08c4051
commit 0f2af76
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 0 deletions.
diff --git a/npm-management.md b/npm-management.md
@@ -0,0 +1,42 @@
+# NPM Management
+
+We have a number of modules under the Node.js Foundation including:
+
+* [citgm](https://github.com/nodejs/citgm)
+* [llnode](https://github.com/nodejs/llnode)
+* [node-gyp](https://github.com/nodejs/node-gyp)
+* [node-inspect](https://github.com/nodejs/node-inspect)
+* [node-report](https://github.com/nodejs/node-report)
+* [readable-stream](https://github.com/nodejs/readable-stream)
+
+We need to make sure that we have continuity in terms of being able to publish
+and update these modules.
+
+We have decided to manage these modules as follows:
+
+* Create a user called [`nodejs-foundation`][] who we always add as one of the
+  collaborators with admin rights and for which the password is maintained by
+  the Build Working Group.
+* We would then add individuals as collaborators who can also publish.
+  Generally, a module push will be done by the additional collaborators.
+  The `nodejs-foundation` user is intended to be used as a backup as opposed
+  to being part of the regular publishing flow.
+* In the cases where collaborators other than `nodejs-foundation`
+  cease to be active, the build workgroup would provide continuity by using the
+  `node-foundation` user to add additional collaborators who would have the
+  ability to push the module. The `node-foundation` user could also be used to
+  remove collaborators if that was ever necessary.
+* The purpose of the `nodejs-foundation` user is not to enable Build
+  Workgroup members to publish npm modules, that should be left to the
+  module collaborators.
+
+This approach is consistent with how npm modules have been managed by a number
+of the companies who are foundation members and reports are that it has worked
+well.
+
+The credentials required for the `nodejs-foundation` user are maintained in
+encrypted form in the [secrets repo][].
+
+
+[`nodejs-foundation`]: https://www.npmjs.com/~nodejs-foundation
+[secrets repo]: https://github.com/nodejs-private/secrets/blob/master/build/test/test_logins.md
diff --git a/transfer-repo-into-the-org.md b/transfer-repo-into-the-org.md
@@ -0,0 +1,61 @@
+# Transferring an existing repository into the organization
+
+## Step 1. Get the repository ready
+
+Ideally, the repository should have the following documents in place:
+
+- `CODE_OF_CONDUCT.md`: it can be a reference to
+  [the Node.js Code of Conduct][coc].
+- `CONTRIBUTING.md`: if there isn't one already, [the contributing guide][]
+  of Node.js core could be a good example. Consider including the Developer's
+  Certificate of Origin section in the document to avoid potential copyright
+  conflicts.
+- `LICENSE`, or other kind of documents that describe the license of
+  the project.
+- `README.md`
+
+## Step 2. Open an issue in the admin repository
+
+The people opening the issue should be a member of the Node.js organization,
+so they can ping the relevant GitHub teams to discuss about the request.
+If the person who want to initiate the request is not a member, they could ask
+an existing member to open the issue, or request to join the organization.
+
+Go to [the issue tracker of the Node.js admin repository][], open an issue
+to request moving the repository into the organization. The issue should include:
+
+- The owner and the name of the repository, and a link to it.
+- What the repository is for, why it should be transferred into the organization.
+- Mentions of `@nodejs/community-committee` and `@nodejs/tsc` so the Community
+  Committee and the Technical Steering Committee members can be notified about
+  the request and weigh in.
+
+See the [Node.js GitHub Organization Management Policy][] on how the request
+are approved.
+
+## Step 3. Transfer the repository
+
+When the request is approved, the owner of the repository can start transferring
+the repository into the Node.js GitHub organization. The person can be made a
+member of the Node.js GitHub organization so they have the necessary permissions
+to complete the transfer.
+
+See [GitHub's documentation on transferring repos][] on how to perform the
+necessary actions.
+
+## Step 4. Manage releases
+
+If the transferred repository has one or more associated npm packages for releases,
+[the Node.js foundation npm account](https://www.npmjs.com/~nodejs-foundation)
+should be added to the list of the npm collaborators of the packages. The account
+is managed by the Node.js Build Working Group and only serves as a safety net.
+The releases should still by done by the original releasers.
+
+See [NPM Management](./npm-management.md) on more about the Node.js foundation
+npm account.
+
+[coc]: https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md
+[GitHub's documentation on transferring repos]: https://help.github.com/articles/about-repository-transfers/
+[Node.js GitHub Organization Management Policy]: https://github.com/nodejs/TSC/blob/master/GitHub-Org-Management-Policy.md#repositories
+[the contributing guide]: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md
+[the issue tracker of the Node.js admin repository]: https://github.com/nodejs/admin/issues