Skip to content

lanzafame/github-mgmt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

420 Commits
.github
.github
 
 
docs
docs
 
 
files
files
 
 
github
github
 
 
scripts
scripts
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
.sync
.sync
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODEOWNERS
CODEOWNERS
 
 
README.md
README.md
 
 

Repository files navigation

GitHub Management via Terraform

What is it?

This repository is responsible for managing GitHub configuration of filecoin-project organisation as code with Terraform. It was created from github-mgmt-template and it will receive updates from that repository.

IMPORTANT: Having write access to GitHub Management repository can be as powerful as having admin access to the organizations managed by that repository.

NOTE: Because we don't have merge queue functionality enabled for the repository yet, after a merge, wait for the Apply and Update workflows to complete before merging any other PRs.

To learn more, check out:

Tips / FYIs

  • github/filecoin-project.yml is the key file where updates are made to adjust permissions.
  • "github-mgmt" was the old name. The original template repo is now called "github-as-code". We use the terms interchangably in comments/docs.
  • Yes, it's confusing to have a .github and github directory. That is how gitub-mgmt was originally setup an we're living with it. (At least of 2024-09-05, there is no backlog item for cleaning this up.)
  • Not all organization-level roles are assignable through github-mgmt. For example, organization moderators, billing managers, and ecurity managers need to set through the GitHub UI.
  • github-mgmt calls GitHub organization owners as "admins" in filecoin-project.yml. These terms are used interchangably in comments/docs.

Organization Owner SOPs

Below is documentation/expecations filecoin-project owners.

General

  1. Have 2FA enabled on GitHub account
  2. Be part of #filecoin-project-owners FIL Slack private channel

Handling App Installation Requests

  1. Per docs, org owners have to approve these requests.
  2. Pending insallations can be reviewed at https://github.com/organizations/filecoin-project/settings/installations
    • New installation requests also come in via GitHub notificaitons to owners.
  3. Before approving the installation, ensure you have connected directly with the requester to understand their usecase and to ensure we're scoping down app access as much possible. For example, it's better if an app only need access to specific repos than to the whole organization, especially if the app is created by a 3rd party and/or needs write permissions.
  4. After approving, create a "log" of the approval by writing a message in #filecoin-project-owners following this template:

đź“ť App installation log entry
What: what_is_being_requested
Requester: who_is_requesting
Reason: why_the_request_is_being_made
Approver: who_the_approver_is
App Installation Link: https://github.com/organizations/filecoin-project/settings/installations/######

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 80.8%
  • HCL 19.0%
  • JavaScript 0.2%