Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up permissions/protections for new community roles #143

Closed
GuySartorelli opened this issue Oct 19, 2023 · 4 comments
Closed

Set up permissions/protections for new community roles #143

GuySartorelli opened this issue Oct 19, 2023 · 4 comments
Labels
type/other
Milestone
Silverstripe CMS 5.3

Comments

@GuySartorelli
Copy link
Member

GuySartorelli commented Oct 19, 2023
edited
Loading

In order to introduce the new reviewer and refiner roles, we need to have some permissions and protections in place.

Epic

Notes

  • We need to decide if we will initially provide access to one repo, multiple repos, or all repos.
    • We only need to add protection rules to the repo(s) we will initially be granting access to. Therefore it might make sense to try it out on a single repo first, make sure the rules work the way we want, and then grant more access when we're happy with it.
  • We may decide to hold off on the refiner role for now and only proceed with the reviewer role until we've seen how that goes. In that case, we only need to do this for the one role for now.

Acceptance Criteria

  • A new group is created for the "refiner" role, with appropriate permissions and access to relevant repos
  • A new group is created for the "reviewer" role, with appropriate permissions and access to relevant repos
  • The permission for all roles are documented in our official documentation and are in-line with our Risk Accessement.
  • Branch protection rules are added to relevant repos as rules set forth in the proposal document
  • The new branch protections only restrict actions for the new roles
    • If any rule can be demonstrated to meaningfully impact the CMS Squad workflow, a conversation is held to decide how to proceed.
  • Any confluence pages or public doc that need to be updated are updated (e.g. steps for creating new repos might need to include adding access for these new groups)

Related card

Note
@GuySartorelli GuySartorelli mentioned this issue Oct 19, 2023
Open
@GuySartorelli GuySartorelli added this to the Silverstripe CMS 5.3 milestone Mar 14, 2024
@GuySartorelli GuySartorelli mentioned this issue Mar 26, 2024
Closed
@maxime-rainville
Copy link
Contributor

We concluded those are the branch and tag protection that should be enabled on all our supported repos.

Branch protection

image

Tag protection

image

@GuySartorelli GuySartorelli self-assigned this Jun 3, 2024
@GuySartorelli
Copy link
Member Author

Note that I won't be adding these roles to the recipes - changes to recipes should really be reviewed by the CMS Squad and/or core committers.

@GuySartorelli
Copy link
Member Author

GuySartorelli commented Jun 5, 2024
edited
Loading

New groups made:

Docs updated in setting up a new github repository page in confluence to reflect the need to add these new groups

Moved Werner from "Triage" group to the new refiners group.
Per conversation with Max, the "Triage" group is not intended for triage - it's intended for giving access to Zenhub, which apparently requires write access.

@GuySartorelli GuySartorelli removed their assignment Jun 5, 2024
@emteknetnz
Copy link
Member

Looks good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/other
Projects
None yet
Milestone
Silverstripe CMS 5.3
Development

No branches or pull requests
3 participants
@maxime-rainville @emteknetnz @GuySartorelli