[Proposal] Community management with Peribolos #158
Description
Proposal
Community, Membership, and Repository management is complex on its own.
With a growing community, keeping an overview gets harder and harder.
Instead of relying on manual actions, I recommend switching to a GitOps approach, utilizing Peribolos.
Peribolos offers a great variety of settings and can be used to manage organization management, team assignments, and repository permissions.
Peribolos is developed and used by Kubernetes and is a good fit for OpenFeature.
What do we want?
- We want to have an easy and trackable way of assigning different permissions to members of our organization.
- We want to have a straightforward approach with little to no duplication or too many points to edit alignment
- We want to organize our members in teams with certain aspects.
- We don't want to assign permissions per individual but on a team basis, so if you want specific permissions, you're part of a certain team.
- We want to group repositories for teams, aka one team is responsible for multiple repositories - to reduce maintenance efforts
- We also want to have overlapping teams for repositories, as there might be the need to separate some access
Permission structure
Organization Level
First, we do have roles on organizational level like:
Owners
Members
With respective permissions
Repository Level
Additionally, if you are part of the organizational level, you can also be one of those roles just for the repository or repository group:
Repo-Admin
Repo-Maintainer
Repo-Approver
Proposal
Ultimately, we can setup the repo permissions for each repository, which means a lot of duplicated configuration effort, but grouping would be easier and way better to handle.
Furthermore, it would represent the community structure in a better manner.
Theoretically, we could group the repository as follow (naive proposal)
- sdk
- java
- javascript
- .net
- go
- php
- ruby
- python
- rust
- education
- org
- utils
- cloud native
As the configuration file for this structure would be already quite big and cover a lot of duplication
I propose consolidating this into a leaner structure with an automatic merge (like Kubernetes is doing https://github.com/kubernetes/org) tailored to our needs. We will have our Directory per organization we manage and a subdirectory per group containing the necessary information.
The org.yaml will contain basic information about the organization, such as general membership, description, etc.
Also it will contain a group for Community maintainers
The group configuration will contain the following structure, eg. for java
repos: # the repositories belonging to this team
- java-sdk
- java-sdk-contrib
approvers: # list of users who are approvers for this group and its repos (GitHub Permission: triage)
maintainers: # list of users who are maintainers for this group and its repos (GitHub Permission: maintain)
admins: # list of users who are admsin for this group and its repos (GitHub Permission: admin)Our merger will then take all this information to generate the configuration and apply it via GitHub Action to the defined organizations.