diff --git a/content/benefits-pay-perks/benefits-perks/celebrate.md b/content/benefits-pay-perks/benefits-perks/celebrate.md
index 36c082cf4052..7a784fb1eab4 100644
--- a/content/benefits-pay-perks/benefits-perks/celebrate.md
+++ b/content/benefits-pay-perks/benefits-perks/celebrate.md
@@ -188,9 +188,7 @@ Managers are welcome to acknowledge or celebrate teammate life events at each te
Our recommended gifting platform is [Loop & Tie](https://sourcegraph.loopandtie.com/). Loop & Tie offers curated collections of gifts organized by price and shipping location (US and International). Then our teammates get to select the gift they truly want from whichever collection they were gifted. Loop & Tie also offers sustainability and social impact options that allow teammates who don't want to redeem a gift to donate their gift amount ($) toward a charity or environmental support organization.
-Managers must have a Loop & Tie account to send a gift. To create a Loop & Tie account, please reach out to the People team in the #swag slack channel and a current Loop & Tie admin (Kemper or Fabiana) will invite you to create an account.
-
-Once you have an account, here is [how to send a Loop & Tie gift](https://guides.loopandtie.com/knowledge/how-to-send-a-gift-on-loop-tie).
+If you want to send a Loop & Tie gift, please reach out to Kemper and she will facilitate.
**Budget:** All birthday and anniversary gifting will be coming from the _individual’s team budget_. When you’re sending a Loop & Tie gift, you will use credits already in the company Loop & Tie account. Then the People + Finance team will reclass the charges into the correct team budgets on a monthly cadence.
diff --git a/content/benefits-pay-perks/pay-expenses/compensation/total-rewards.md b/content/benefits-pay-perks/pay-expenses/compensation/total-rewards.md
index 41172173e818..40766b1690e6 100644
--- a/content/benefits-pay-perks/pay-expenses/compensation/total-rewards.md
+++ b/content/benefits-pay-perks/pay-expenses/compensation/total-rewards.md
@@ -1 +1,3 @@
# Total Rewards
+
+Moved this content [here](../../../departments/people-talent/total-rewards.md)
diff --git a/content/company-info-and-process/working-at-sourcegraph/teammate-development/index.md b/content/company-info-and-process/working-at-sourcegraph/teammate-development/index.md
index 362604783710..219e69450a40 100644
--- a/content/company-info-and-process/working-at-sourcegraph/teammate-development/index.md
+++ b/content/company-info-and-process/working-at-sourcegraph/teammate-development/index.md
@@ -65,7 +65,7 @@ At Sourcegraph, we have a formal performance (impact) review process that takes
- 1st review period of the year: launches in February
- 2nd review period of the year: launches in August
-The purpose of our semi-annual reviews, which take place via Lattice, is to gather formal feedback from the Teammate, their Manager, and their Peers. The purpose of our semi-annual reviews, which take place via Lattice, is to gather formal feedback from the Teammate, their Manager, and their Peers.
+The purpose of our annual reviews, which take place via Lattice, is to gather formal feedback from the Teammate, their Manager, and their Peers. The purpose of our annual reviews, which take place via Lattice, is to gather formal feedback from the Teammate, their Manager, and their Peers.
Our impact review process is explained in detail [here](../../../departments/people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md)
@@ -88,7 +88,7 @@ We believe that regular feedback and self-reflection are crucial for individual
**Monthly, managers will complete 1 question only:**
-- [visible to teammate] In 2-3 bullets, share feedback with this teammate, including things that are working well and/or areas this teammate can focus on next month.
+- [visible to teammate] In 2-3 bullets, describe 1) what this teammate did well last month and 2) what this teammate can focus on next month.
**At the end of each quarter, managers will complete three questions:**
diff --git a/content/departments/cloud/technical-docs/v2.0/disaster_recovery_process.md b/content/departments/cloud/technical-docs/v2.0/disaster_recovery_process.md
index 05a2d2e3f110..64a059a0e1b7 100644
--- a/content/departments/cloud/technical-docs/v2.0/disaster_recovery_process.md
+++ b/content/departments/cloud/technical-docs/v2.0/disaster_recovery_process.md
@@ -1,4 +1,4 @@
-# Distaster recovery process of a Cloud instance
+# Disaster recovery process of a Cloud instance
SOC2/CI-82
diff --git a/content/departments/data-analytics/cody_analytics.md b/content/departments/data-analytics/cody_analytics.md
index 1963fd2b3f00..cdcc2237f711 100644
--- a/content/departments/data-analytics/cody_analytics.md
+++ b/content/departments/data-analytics/cody_analytics.md
@@ -62,7 +62,7 @@ All retention calculations and charts (except when specifically marked) will use
### Cody Billing DAU
-A billing DAU represents a user who interacts with the Cody product, regardless of intention and result. This is inclusive of a broader set of product usage. This includes pages that provide in-product information about Cody (such as the site-admin Cody page).
+A billing DAU represents a user who interacts with the Cody product, regardless of intention and result. This includes all [product DAU](#cody-product-dau) actions, and a broader set of product usage. For example, users who see Cody autocomplete suggestions (regardless of whether they accept them) and users who see pages that provide in-product information about Cody (such as the site-admin Cody page) are included as billing DAUs.
By default, any events that contain the text “cody” and that come from the Sourcegraph web app or Sourcegraph editor extensions (i.e., event source is `WEB` or `IDEEXTENSION`) are included. We also maintain a deny list of events that are excluded (for example, interactions with CTAs on marketing pages).
diff --git a/content/departments/data-analytics/reports.md b/content/departments/data-analytics/reports.md
index 944535d7bdd4..ed1acec65563 100644
--- a/content/departments/data-analytics/reports.md
+++ b/content/departments/data-analytics/reports.md
@@ -180,6 +180,10 @@ Redash is connected to our BigQuery data warehouse, so you'll be able to query a
- dotcom_events.events_usage: managed instance data
- sourcegraph_analytics.update_checks: pings
- dotcom_events.cody: all cody-specific event data
+- salesforce_data: salesforce data (accouts, leads, campaign)
+- stripe: stripe charges, accounts, invoice, etc data
+- sams: sourcegraph account management system
+- ssc: self-serve-cody
### **Is this for me?**
diff --git a/content/departments/engineering/dev/index.md b/content/departments/engineering/dev/index.md
index 4f4edaa5d498..44ba1237f474 100644
--- a/content/departments/engineering/dev/index.md
+++ b/content/departments/engineering/dev/index.md
@@ -14,7 +14,6 @@
- [Customer Issues](../../technical-success/support/process/engaging-other-teams.md)
- [Incidents](process/incidents/index.md)
- [Pull requests](process/pull-requests.md)
- - [Product documentation](process/product_documentation.md)
- [Continuous releasability](tools/continuous_releasability.md)
- [Releases](process/releases/index.md)
- [Release issue template](https://github.com/sourcegraph/sourcegraph/blob/main/dev/release/templates/release_issue_template.md)
diff --git a/content/departments/engineering/dev/process/deployments/index.md b/content/departments/engineering/dev/process/deployments/index.md
index 8ea2aee0fb0c..57822325cf82 100644
--- a/content/departments/engineering/dev/process/deployments/index.md
+++ b/content/departments/engineering/dev/process/deployments/index.md
@@ -2,20 +2,19 @@
For a complete list of Sourcegraph instances we manage, see our [instances documentation](instances.md).
-- [Deployments](#deployments)
- - [Deployment basics](#deployment-basics)
- - [Images](#images)
- - [Renovate](#renovate)
- - [ArgoCD](#argocd)
- - [Infrastructure](#infrastructure)
- - [deploy-sourcegraph](#deploy-sourcegraph)
- - [Merging changes from deploy-sourcegraph](#merging-changes-from-deploy-sourcegraph)
- - [Relationship between deploy-sourcegraph repositories](#relationship-between-deploy-sourcegraph-repositories)
- - [Merging upstream `deploy-sourcegraph` into `deploy-sourcegraph` forks](#merging-upstream-deploy-sourcegraph-into-deploy-sourcegraph-forks)
- - [Sourcegraph Cloud](#sourcegraph-cloud)
- - [Continuous Deployment Process](#continuous-deployment-process)
- - [Deployment observability](#deployment-observability)
- - [Deployment traces](#deployment-traces)
+- [Deployment basics](#deployment-basics)
+ - [Images](#images)
+ - [Renovate](#renovate)
+ - [ArgoCD](#argocd)
+ - [Infrastructure](#infrastructure)
+- [deploy-sourcegraph](#deploy-sourcegraph)
+ - [Merging changes from deploy-sourcegraph](#merging-changes-from-deploy-sourcegraph)
+- [Relationship between deploy-sourcegraph repositories](#relationship-between-deploy-sourcegraph-repositories)
+ - [Merging upstream `deploy-sourcegraph` into `deploy-sourcegraph` forks](#merging-upstream-deploy-sourcegraph-into-deploy-sourcegraph-forks)
+- [DotCom](#dotcom)
+ - [Continuous Deployment Process](#continuous-deployment-process)
+- [Deployment observability](#deployment-observability)
+ - [Deployment traces](#deployment-traces)
Additional resources:
@@ -37,7 +36,7 @@ Each Sourcegraph service is provided as a Docker image. Every commit to `main` i
When [a new semver release](../releases/index.md) is cut the pipelines, will build a release image with the same tag as the latest [release version](https://github.com/sourcegraph/sourcegraph/tags) as well. These are used by customer deployments.
-For pushing custom images, refer to [building Docker images for specific branches](#building-docker-images-for-a-specific-branch).
+For pushing custom images, see `sg ci docs`.
### Renovate
diff --git a/content/departments/engineering/dev/process/deployments/instances.md b/content/departments/engineering/dev/process/deployments/instances.md
index 799f65f2f357..fafb0160c2e8 100644
--- a/content/departments/engineering/dev/process/deployments/instances.md
+++ b/content/departments/engineering/dev/process/deployments/instances.md
@@ -18,13 +18,15 @@ Also see [playbooks](./playbooks.md) for common actions related to operating our
[](https://buildkite.com/sourcegraph/deploy-sourcegraph-cloud)
-This deployment is also colloquially referred to as 'DotCom' and 'sourcegraph.com'. It is the public deployment available to the public at [sourcegraph.com/search](https://sourcegraph.com/search).
+This deployment is also colloquially referred to as 'DotCom' and 'sourcegraph.com'.
+It is the public deployment available to the public at [sourcegraph.com/search](https://sourcegraph.com/search), and is currently operated by the [Core Services team](../../../teams/core-services/index.md).
`sourcegraph.com` deploys the latest changes from [`sourcegraph/sourcegraph`](https://github.com/sourcegraph/sourcegraph) on a [daily basis](index.md#continuous-deployment-process).
-This deployment also includes our [documentation](https://docs.sourcegraph.com/) and [about](https://about.sourcegraph.com/) sites.
+This deployment **does not** include the [about](https://about.sourcegraph.com/) site and the [new documentation site at sourcegraph.com/docs](https://sourcegraph.com/docs).
+It currently still includes the legacy [docs.sourcegraph.com](https://docs.sourcegraph.com/) site, however.
-> 🐶 For dogfooding changes, use [k8s.sgdev.org](#k8ssgdevorg) instead, which generally receives updates faster.
+> [!NOTE] 🐶 For dogfooding changes, use [sourcegraph.sourcegraph.com](#sourcegraphsourcegraphcom-s2) instead, which generally receives updates faster.
- [DotCom cluster on GCP](https://console.cloud.google.com/kubernetes/clusters/details/us-central1-f/cloud?project=sourcegraph-dev)
```
@@ -34,12 +36,14 @@ This deployment also includes our [documentation](https://docs.sourcegraph.com/)
- [Infrastructure configuration](https://github.com/sourcegraph/infrastructure/tree/main/cloud)
- Alerts: #alerts-cloud and [OpsGenie](../incidents/on_call.md)
- [Playbooks](./playbooks.md#sourcegraphcom)
+- [Observability](../../tools/observability/dotcom.md)
+- [Domain routing rules](https://sourcegraph.sourcegraph.com/github.com/sourcegraph/infrastructure/-/blob/gfe/envs/prod/project/routes.tf)
## k8s.sgdev.org
[](https://buildkite.com/sourcegraph/deploy-sourcegraph-dogfood-k8s-2)
-**NO LONGER PRIMARY DOGFOODING INSTANCE, SEE [S2](#sourcegraphsourcegraphcom-s2) BELOW**
+> [!WARNING] **THIS IS NO LONGER PRIMARY DOGFOODING INSTANCE, SEE [S2](#sourcegraphsourcegraphcom-s2) BELOW**
This deployment is also colloquially referred to as "dogfood", "dogfood-k8s", or just "k8s".
This is the Sourcegraph instance to use for dogfooding changes to Sourcegraph.
diff --git a/content/departments/engineering/dev/process/deployments/kubernetes.md b/content/departments/engineering/dev/process/deployments/kubernetes.md
index 80de3145005c..035bf03c343f 100644
--- a/content/departments/engineering/dev/process/deployments/kubernetes.md
+++ b/content/departments/engineering/dev/process/deployments/kubernetes.md
@@ -1,4 +1,4 @@
-# Kubernetes
+# Working with Kubernetes deployments
This section contains tips and advice for interacting with our Kubernetes deployments (most notably [sourcegraph.com](#sourcegraph-cloud) and [k8s.sgdev.org](#k8s-sgdev-org)).
diff --git a/content/departments/engineering/dev/process/deployments/playbooks.md b/content/departments/engineering/dev/process/deployments/playbooks.md
index cb6e81cb68d0..7c019bb43754 100644
--- a/content/departments/engineering/dev/process/deployments/playbooks.md
+++ b/content/departments/engineering/dev/process/deployments/playbooks.md
@@ -1,27 +1,35 @@
# Playbooks for deployments
-- [Playbooks for deployments](#playbooks-for-deployments)
- - [General](#general)
- - [Debugging](#debugging)
- - [Check what version of Sourcegraph is deployed](#check-what-version-of-sourcegraph-is-deployed)
- - [Sourcegraph.com](#sourcegraphcom)
- - [Deploying to sourcegraph.com](#deploying-to-sourcegraphcom)
- - [Deploying to sourcegraph.com during code freeze](#deploying-to-sourcegraphcom-during-code-freeze)
- - [Manually deploying a service to sourcegraph.com](#manually-deploying-a-service-to-sourcegraphcom)
- - [Rolling back sourcegraph.com](#rolling-back-sourcegraphcom)
- - [Disable Renovate](#disable-renovate)
- - [Backing up & restoring a Cloud SQL instance (production databases)](#backing-up--restoring-a-cloud-sql-instance-production-databases)
- - [Invalidating all user sessions](#invalidating-all-user-sessions)
- - [Accessing sourcegraph.com database](#accessing-sourcegraphcom-database)
- - [Via the CLI](#via-the-cli)
- - [Via BigQuery (for read-only operations)](#via-bigquery-for-read-only-operations)
- - [Restarting docs.sourcegraph.com](#restarting-docssourcegraphcom)
- - [Creating banners for maintenance tasks](#creating-banners-for-maintenance-tasks)
- - [Gitserver disk space related maintenance](#gitserver-disk-space-related-maintenance)
- - [k8s.sgdev.org](#k8ssgdevorg)
- - [Manage users in k8s.sgdev.org](#manage-users-in-k8ssgdevorg)
- - [PostgreSQL](#postgresql)
- - [Cloudflare Configuration](#cloudflare-configuration)
+This page collects playbooks for Sourcegraph deployments managed and operated by the company.
+Refer to [the instances page](./instances.md) for a complete listing.
+
+- [General](#general)
+- [Debugging](#debugging)
+ - [Check what version of Sourcegraph is deployed](#check-what-version-of-sourcegraph-is-deployed)
+- [Sourcegraph.com](#sourcegraphcom)
+ - [Observability](#observability)
+ - [Deploying to sourcegraph.com](#deploying-to-sourcegraphcom)
+ - [Deploying to sourcegraph.com during code freeze](#deploying-to-sourcegraphcom-during-code-freeze)
+ - [Manually deploying a service to sourcegraph.com](#manually-deploying-a-service-to-sourcegraphcom)
+ - [Rolling back sourcegraph.com](#rolling-back-sourcegraphcom)
+ - [Accessing sourcegraph.com database](#accessing-sourcegraphcom-database)
+ - [Connect to dotcom database via command line](#connect-to-dotcom-database-via-command-line)
+ - [Using Cloud SQL Proxy](#using-cloud-sql-proxy)
+ - [Example database queries](#example-database-queries)
+ - [Connect to dotcom database via BigQuery](#connect-to-dotcom-database-via-bigquery)
+ - [Backing up \& restoring a Cloud SQL instance (production databases)](#backing-up--restoring-a-cloud-sql-instance-production-databases)
+ - [Database performance monitoring](#database-performance-monitoring)
+ - [Invalidating all user sessions](#invalidating-all-user-sessions)
+ - [Restarting docs.sourcegraph.com](#restarting-docssourcegraphcom)
+ - [Creating banners for maintenance tasks](#creating-banners-for-maintenance-tasks)
+ - [Gitserver disk space related maintenance](#gitserver-disk-space-related-maintenance)
+ - [Blocked repos](#blocked-repos)
+ - [Outlandishly sized repos](#outlandishly-sized-repos)
+ - [Blocking a repo](#blocking-a-repo)
+- [k8s.sgdev.org](#k8ssgdevorg)
+ - [Manage users in k8s.sgdev.org](#manage-users-in-k8ssgdevorg)
+ - [Accessing k8s.sgdev.org database](#accessing-k8ssgdevorg-database)
+- [Cloudflare Configuration](#cloudflare-configuration)
## General
@@ -29,6 +37,10 @@
See [debugging](./debugging/index.md).
+### Working with Kubernetes deployments
+
+See [Working with Kubernetes deployments](./kubernetes.md)
+
### Check what version of Sourcegraph is deployed
[Install `sg`, the Sourcegraph developer tool](https://github.com/sourcegraph/sourcegraph/blob/main/dev/sg/README.md), and using the [`sg live` command](https://github.com/sourcegraph/sourcegraph/blob/main/dev/sg/README.md#sg-live---see-currently-deployed-version) you can see the version currently deployed for a specific environment:
@@ -39,13 +51,17 @@ sg live
## Sourcegraph.com
-To learn more about this deployment, see [instances](./instances.md#sourcegraph-cloud).
+To learn more about this deployment, see [instances](./instances.md#dotcom).
+
+### Observability
+
+See [Sourcegraph.com observability](../../tools/observability/dotcom.md) for general observability guidance for the instance.
### Deploying to sourcegraph.com
Every commit to the `release` branch (the default branch) on [deploy-sourcegraph-cloud](https://github.com/sourcegraph/deploy-sourcegraph-cloud) deploys the Kubernetes YAML in this repository to our dot-com cluster [in CI](https://buildkite.com/sourcegraph/deploy-sourcegraph-cloud/builds?branch=release) (i.e. if CI is green then the latest config in the `release` branch is deployed).
-Deploys on sourcegraph.com are currently [handled by Renovate](#renovate). The [Renovate dashboard](https://app.renovatebot.com/dashboard#github/sourcegraph/deploy-sourcegraph-cloud) shows logs for previous runs and allows you to predict when the next run will happen.
+Deploys on sourcegraph.com are currently [handled by GitHub Actions](index.md#continuous-deployment-process).
If you want to expedite a deploy, you can manually create and merge a PR that updates the Docker image tags in [deploy-sourcegraph-cloud](https://github.com/sourcegraph/deploy-sourcegraph-cloud). You can find the desired Docker image tags by looking at the output of the Docker build step in [CI on sourcegraph/sourcegraph `main` branch](https://buildkite.com/sourcegraph/sourcegraph/builds?branch=main) or by looking at [Docker Hub](https://hub.docker.com/u/sourcegraph/).
@@ -113,61 +129,142 @@ git push origin release
🚨 You also need to disable auto-deploys to prevent Renovate from automatically merging in image digest updates so that the site doesn't roll-forward.
-### Disable Renovate
+### Accessing sourcegraph.com database
-1. Go to [renovate.json](https://github.com/sourcegraph/deploy-sourcegraph-cloud/blob/release/renovate.json5) and comment out the file.
-1. Ensure that no Renovate PRs are currently pending to update the images [here](https://github.com/sourcegraph/sourcegraph/pulls/app%2Frenovate)
-1. After the incident, revert your commit and uncomment the file.
+Sourcegraph.com utilizes an external HA database in Google Cloud.
+We currently run two separate databases.
+The `sg-cloud` database is the primary database, and the code-intel team uses the `sg-cloud-code-intel` database.
-### Backing up & restoring a Cloud SQL instance (production databases)
+You can directly view the database in [GCP](https://console.cloud.google.com/sql/instances?project=sourcegraph-dev).
-Before any potentially risky operation you should ensure the databases have recent ( < 1 hour) backups. We currently have daily backups enabled.
+To connect to the database, there are two options:
-You can create a backup of a Cloud SQL instance via `gcloud sql backups create --instance=${instance_name} --project=sourcegraph-dev`
+1. [Connect to dotcom database via command line](#connect-to-dotcom-database-via-command-line)
+2. [Connect to dotcom database via BigQuery](#connect-to-dotcom-database-via-bigquery) (read-only access)
-To restore a Cloud SQL instance to a previous revision you can use `gcloud sql backups restore $BACKUP_ID --restore-instance=${instance_name}`
+#### Connect to dotcom database via command line
-You can also perform these commands from the [Google Cloud SQL UI](https://console.cloud.google.com/sql/instances?project=sourcegraph-dev)
+> [!WARNING] Before trying to connect to the dotcom database, you need to:
+>
+> - make an [Entitle request](https://app.entitle.io/) for either the `Sourcegraph Read only access` permission set to get read-only access or `Sourcegraph Dot Com projects` permission set for write access
+> - ensure you have [installed the Google Cloud SDK](https://cloud.google.com/sdk/docs/install) - `sg setup` also handles this for you.
-🚨 You should notify the #dev-ops channel if an situation arises when a restore my be required. It should also be filed in our ops-incident log.
+We utilize the [Google Cloud SDK](https://cloud.google.com/sdk) utility [Cloud SQL Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy) to connect to our production databases. By default, our Cloud SQL databases are not accessible.
-### Invalidating all user sessions
+There are two ways of connecting: either using the `gcloud sql connect` command, which will use the `pgsql` client, or running the `cloud_sql_proxy` on a port locally to utilize your preferred tools.
-If all user sessions need to be invalidated, you can run this on the `frontend` database to force all users to log in again.
+You may use these `gcloud` commands to connect directly to the databases:
-```
-UPDATE users SET invalidated_sessions_at=now(), updated_at=now();
-```
+- Default database (`sg-cloud`) [user passwords](https://start.1password.com/open/i?a=HEDEDSLHPBFGRBTKAKJWE23XX4&v=dnrhbauihkhjs5ag6vszsme45a&i=pjxf64qxwsin4d56xij6vm3gva&h=my.1password.com)
-### Accessing sourcegraph.com database
+ ```sh
+ gcloud beta sql connect --project sourcegraph-dev sg-cloud-732a936743 --user=dev-readonly -d=sg
+ ```
-#### Via the CLI
+- `sg-cloud-code-intel` database [user passwords](https://start.1password.com/open/i?a=HEDEDSLHPBFGRBTKAKJWE23XX4&v=dnrhbauihkhjs5ag6vszsme45a&i=hbgj2dfajwj7cdiifk3zb2h2b4&h=my.1password.com)
-Sourcegraph.com utilizes an external HA database. You will need to connect to it directly. The easiest way to do this is through the `gcloud` cli.
+ ```sh
+ gcloud beta sql connect --project sourcegraph-dev sg-cloud-code-intel-9fc67e507c --user=dev-readonly -d=sg
+ ```
-To connect to the production database:
+If you receive an error while connecting, ensure you have the required permissions through Entitle and re-request them if they have expired.
-```
- gcloud beta sql connect sg-cloud-732a936743 --user=sg -d sg --project sourcegraph-dev
+Go to [Example Queries](#example-database-queries) to continue
+
+##### Using Cloud SQL Proxy
+
+Using `cloud_sql_proxy` allows you to connect to the database with any client of your choice.
+Install the Cloud SQL proxy by running this command with `gcloud`:
+
+```sh
+gcloud components install cloud_sql_proxy
```
-However, if you want to use any other SQL client, you'll have to run the [`cloud_sql_proxy`](https://cloud.google.com/sql/docs/postgres/connect-admin-proxy#install) utility, which authenticates with you local `gcloud` credentials automatically.
+To get started, run the `cloud_sql_proxy` against our production instance:
+```sh
+cloud_sql_proxy -instances=sourcegraph-dev:us-central1:sg-cloud-732a936743=tcp:5555
```
- cloud_sql_proxy -instances=sourcegraph-dev:us-central1:sg-cloud-732a936743=tcp:5555
+
+Now, in a new terminal, run the command below. The database will be running on `localhost:5555`
+
+```sh
+export PGPASSWORD='<$PASSWORD>'
+psql -h localhost -p 5555 -d sg -U 'dev-readonly'
```
-Once the proxy connects successfully, you can use any client to connect to the local `5555` port (you can choose any other port you want).
+Note, that to connect to `localhost:5555` you still need to supply the postgres password stored in 1Password (mentioned above).
+
+##### Example database queries
+
+> [!WARNING] 🔥 **You are directly interfacing with the production database.**
+> If you are unsure of any commands, please reach out in #discuss-dev-ops or #chat-dev.
+> Please prefer using a readonly user.
+
+- See all fields on a table (ie the `repo` table)
-The password of the sg user is in our shared 1Password under [Google Cloud SQL](https://team-sourcegraph.1password.com/vaults/dnrhbauihkhjs5ag6vszsme45a/allitems/svfiw4vcbxhhbobpl442olyebu)
+ ```psql
+ \d+ repo
+ ```
-#### Via BigQuery (for read-only operations)
+- See the total number of rows in the `repo` table
+
+ ```psql
+ SELECT COUNT(*) FROM repo;
+ ```
+
+#### Connect to dotcom database via BigQuery
You can also query the production database via BigQuery as an external data source.
+Using BigQuery, if you want to run the query:
+
+```psql
+SELECT name::text,created_at::text FROM repo LIMIT 5;
+```
+
+against the Prod CloudSQL database, you need to run the following in [BigQuery console](https://console.cloud.google.com/bigquery?sq=527047051561:67f2616f4acb4b7cb3639e4a97e2f4aa):
+
+```psql
+SELECT * FROM EXTERNAL_QUERY("sourcegraph-dev.us.sg-cloud", "SELECT name::text,created_at::text FROM repo LIMIT 5;");
+```
+
+Note that here, we are passing the PostgreSQL query in the second parameter to `EXTERNAL_QUERY`.
See an [example query](https://console.cloud.google.com/bigquery?sq=527047051561:bfa7c7e57f884d209f261d15e4610229) to get started.
-**Note**: This method only permits read-only access
+> [!NOTE] This method only permits read-only access. For write access, try [connecting to the dotcom database via command line](#connect-to-dotcom-database-via-command-line).
+
+### Backing up & restoring a Cloud SQL instance (production databases)
+
+Before any potentially risky operation you should ensure the databases have recent ( < 1 hour) backups. We currently have daily backups enabled.
+
+You can create a backup of a Cloud SQL instance via `gcloud sql backups create --instance=${instance_name} --project=sourcegraph-dev`
+
+To restore a Cloud SQL instance to a previous revision you can use `gcloud sql backups restore $BACKUP_ID --restore-instance=${instance_name}`
+
+You can also perform these commands from the [Google Cloud SQL UI](https://console.cloud.google.com/sql/instances?project=sourcegraph-dev)
+
+> [!WARNING] 🚨 You should notify the #dev-ops channel if an situation arises when a restore my be required. It should also be filed in our ops-incident log.
+
+### Database performance monitoring
+
+We run a PgHero deployment as well you can use to analyze slow queries and overall database performance.
+
+```sh
+kubectl port-forward -n monitoring deploy/pghero 8080:8080
+```
+
+And then navigate to http://localhost:8080 to view the dashboard
+
+See additional Postgres tips in our [incident docs](../incidents/playbooks/index.md#postgreSQL-database-problems)
+
+### Invalidating all user sessions
+
+If all user sessions need to be invalidated, you can run this on the `frontend` database to force all users to log in again.
+
+```psql
+UPDATE users SET invalidated_sessions_at=now(), updated_at=now();
+```
### Restarting docs.sourcegraph.com
@@ -317,9 +414,13 @@ To create an account on [k8s.sgdev.org](https://k8s.sgdev.org), log in with your
To promote a user to site admin (required to make configuration changes), use the admin user credentials available in 1password (titled `k8s.sgdev.org admin user`) to log in to [k8s.sgdev.org](https://k8s.sgdev.org), and go to the [users page](https://k8s.sgdev.org/site-admin/users) to promote the desired user.
-## PostgreSQL
+### Accessing k8s.sgdev.org database
+
+This instance is run completely on Kubernetes, including its Postgres databases.
-See [PostgreSQL](./postgresql.md)
+1. First, [connect to the cluster](./instances.md#k8ssgdevorg).
+2. Then you can port-forward the pgsql deployment: `kubectl port-forward -n dogfood-k8s pgsql-0 8080:5432`
+3. Then access it locally: `pgcli -h localhost -p 8080 -d sg -U 'sg'`
## Cloudflare Configuration
diff --git a/content/departments/engineering/dev/process/deployments/postgresql.md b/content/departments/engineering/dev/process/deployments/postgresql.md
index 9f22812e47c5..428d55bfe5f7 100644
--- a/content/departments/engineering/dev/process/deployments/postgresql.md
+++ b/content/departments/engineering/dev/process/deployments/postgresql.md
@@ -2,113 +2,12 @@
For deployments other than Cloud and Sourcegraph.com please use the information [here](https://docs.sourcegraph.com/admin/faq#how-do-i-access-the-sourcegraph-database) to access the database.
-## Sourcegraph.com specific
-
-We currently run two separate databases. The `sg-cloud` database is the primary database, and the code-intel team uses the `sg-cloud-code-intel`.
-
-You can also directly view the database in [GCP](https://console.cloud.google.com/sql/instances?project=sourcegraph-dev).
-
-We utilize the [Google Cloud SDK](https://cloud.google.com/sdk) utility [Cloud SQL Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy) to connect to our production databases. By default, our Cloud SQL databases are not accessible.
-
-There are two ways of connecting: either using the `gcloud beta sql connect` command, which will use the `pgsql` client, or running the `cloud_sql_proxy` on a port locally to utilize your preferred tools.
-
-For read-only access, there is also an option of using [BigQuery](https://console.cloud.google.com/bigquery?sq=527047051561:67f2616f4acb4b7cb3639e4a97e2f4aa) and their `EXTERNAL_QUERY` syntax.
-
-Using BigQuery, if you want to run a query
-
-```
-SELECT name::text,created_at::text FROM repo LIMIT 5;
-```
-
-against the Prod CloudSQL database, you need to run
-
-```
-SELECT * FROM EXTERNAL_QUERY("sourcegraph-dev.us.sg-cloud", "SELECT name::text,created_at::text FROM repo LIMIT 5;");
-```
-
-in the BigQuery editor (passing the PostgreSQL query in the second parameter to EXTERNAL_QUERY).
-
-### Connecting to Postgres
-
-#### Install the command line tools
-
-If you didn't yet, [install Google Cloud SDK](https://cloud.google.com/sdk/docs/install). Ensure, that `gcloud` command is reachable on your path.
-
-Install the Cloud SQL proxy by running this command with `gcloud`:
-
-```
- gcloud components install cloud_sql_proxy
-```
-
-#### Request permission using Entitle
-
-Request the "Sourcegraph Dot Com projects" bundle using Entitle to ensure you have the correct GCP permissions to access the databases.
-
-#### Command line only use (pgsql)
+> [!WARNING] **This page is deprecated** - please refer to and contribute to the [deployments playbooks](../deployments/playbooks.md) instead.
-You may use these gcloud commands to connect directly to the databases:
-
-- Default db {[Password](https://start.1password.com/open/i?a=HEDEDSLHPBFGRBTKAKJWE23XX4&v=dnrhbauihkhjs5ag6vszsme45a&i=pjxf64qxwsin4d56xij6vm3gva&h=my.1password.com)}
- ```
- gcloud beta sql connect --project sourcegraph-dev sg-cloud-732a936743 --user=dev-readonly -d=sg
- ```
-- Code intel db {[Password](https://start.1password.com/open/i?a=HEDEDSLHPBFGRBTKAKJWE23XX4&v=dnrhbauihkhjs5ag6vszsme45a&i=hbgj2dfajwj7cdiifk3zb2h2b4&h=my.1password.com)}
-
- ```
- gcloud beta sql connect --project sourcegraph-dev sg-cloud-code-intel-9fc67e507c --user=dev-readonly -d=sg
- ```
-
-If you receive an error while connecting, ensure you have the required permissions through Entitle and re-request them if they have expired.
-
-Go to [Example Queries](#example-queries) to continue
-
-#### Proxy for advanced use
-
-Run the `cloud_sql_proxy` against our production instance
-
-```
- cloud_sql_proxy -instances=sourcegraph-dev:us-central1:sg-cloud-732a936743=tcp:5555
-```
-
-Now, in a new terminal, run the command below. The database will be running on `localhost:5555`
-
-```
- export PGPASSWORD='<$PASSWORD>'
- psql -h localhost -p 5555 -d sg -U 'dev-readonly'
-```
-
-Note, that to connect to `localhost:5555` you still need to supply the postgres password stored in 1Password (mentioned above).
-
-### Example queries
-
-> 🔥 You are directly interfacing with the production database. If you are unsure of any commands, please reach out in #dev-chat or #dev-ops.
-> Please prefer using the readonly user `frontend-dev`
-
-- See all fields on a table (ie the `repo` table)
- ```
- \d+ repo
- ```
-- See the total number of rows in the `repo` table
- ```
- SELECT COUNT(*) FROM repo;
- ```
-
-### Performance monitoring
-
-We run a PgHero deployment as well you can use to analyze slow queries and overall database performance.
-
-```
- kubectl port-forward -n monitoring deploy/pghero 8080:8080
-```
-
-And then navigate to http://localhost:8080 to view the dashboard
+## Sourcegraph.com specific
-See additional Postgres tips in our [incident docs](../incidents/playbooks/index.md#postgreSQL-database-problems)
+Refer to [deployments playbooks: Accessing sourcegraph.com database](./playbooks.md#accessing-sourcegraphcom-database)
## Dogfood specific
-[Dogfood](https://k8s.sgdev.org) runs Sourcegraph completely on Kubernetes.
-
-1. First, [connect to the cluster](./instances.md#k8ssgdevorg).
-2. Then you can port-forward the pgsql deployment: `kubectl port-forward -n dogfood-k8s pgsql-0 8080:5432`
-3. Then access it locally: `pgcli -h localhost -p 8080 -d sg -U 'sg'`
+Refer to [deployments playbooks: Accessing k8s.sgdev.org database](./playbooks.md#accessing-k8ssgdevorg-database)
diff --git a/content/departments/engineering/dev/process/incidents/playbooks/ci.md b/content/departments/engineering/dev/process/incidents/playbooks/ci.md
index 17c43f9a9198..90db78c521a3 100644
--- a/content/departments/engineering/dev/process/incidents/playbooks/ci.md
+++ b/content/departments/engineering/dev/process/incidents/playbooks/ci.md
@@ -106,7 +106,6 @@ In order to handle problems with the CI, the following elements are necessary:
#### Actions
1. Identify the error in common with the recent builds on [Buildkite](https://buildkite.com/sourcegraph/sourcegraph/builds?branch=main).
- - 💡 See [How to use loki here](#actions-4)
1. Find the build where the problem appeared for the first time.
- 💡 Often it's the first build that became red, but check that the error is the same to be sure.
1. Is this an external failure or an internal one?
diff --git a/content/departments/engineering/dev/process/index.md b/content/departments/engineering/dev/process/index.md
index 5dc185fc3242..943f36d56db2 100644
--- a/content/departments/engineering/dev/process/index.md
+++ b/content/departments/engineering/dev/process/index.md
@@ -6,7 +6,6 @@
- [Engineering Ownership](engineering_ownership.md)
- [External Contributions](external_contributions.md)
- [Licenses](licenses.md)
-- [Product documentation](product_documentation.md)
- [Tracking issues](tracking_issues.md)
- [Pull-Request compliance and requirements](pullrequest-compliance.md)
- [Contributor License Agreement](contributor-license-agreement.md)
diff --git a/content/departments/engineering/dev/process/product_documentation.md b/content/departments/engineering/dev/process/product_documentation.md
deleted file mode 100644
index eb56e69f7ce3..000000000000
--- a/content/departments/engineering/dev/process/product_documentation.md
+++ /dev/null
@@ -1,113 +0,0 @@
-# Product documentation
-
-These guidelines are for contributing documentation to the [sourcegraph repository](https://github.com/sourcegraph/sourcegraph/tree/main/doc). See [editing the handbook](../../../../handbook/editing/index.md) for how to contribute handbook content.
-
-## Contributing
-
-Whenever a feature is changed, updated, introduced, or [deprecated](../../../product/process/prioritize_and_build/deprecation_process.md), the pull request introducing these changes must be accompanied by the documentation (either updating existing ones or creating new ones).
-
-The developer who made the code change is also [responsible](../roles/index.md#software-engineer) for writing the initial documentation for new features and updating the documentation for changes to existing features. This includes updating [the changelog as well](https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/blob/CHANGELOG.md). At the pace Sourcegraph evolves, this is the only way to keep the docs up to date.
-
-For documentation changes that introduce new HTML/CSS/JS patterns to the docs site, the author should tag `@frontend-devs` as an additional reviewer on the pull request.
-
-The [changelog](https://github.com/sourcegraph/sourcegraph/blob/main/CHANGELOG.md) should also be updated for any changes that impact the user.
-
-It's the [responsibility of the Product Manager](../../../product/roles/index.md#product-manager) to ensure all features are shipped with documentation (i.e., that nothing slips through), whether is a small or big change.
-
-We use the [monthly release blog post](https://about.sourcegraph.com/blog) as a changelog checklist to ensure everything is documented.
-
-### Local development of documentation only
-
-For local development of documentation, clone the main [sourcegraph repository](https://github.com/sourcegraph/sourcegraph/tree/main/). The development environment for Sourcegraph, detailed in [Getting started with developing Sourcegraph](https://github.com/sourcegraph/sourcegraph/blob/main/doc/dev/local_development.md), is not required.
-
-After saving any changes or updates, documentation can be previewed locally with the following commands:
-
-```
-cd sourcegraph
-./dev/docsite.sh -config doc/docsite.json serve -http=localhost:5080
-```
-
-Make sure that `Go` is installed locally. You can follow the steps [here →](https://go.dev/doc/install)
-
-Navigate the browser to [https://localhost:5080](https://localhost:5080) to view the documentation.
-
-## Best practices
-
-Best practices for writing documentation.
-
-### Naming and linking documentation pages
-
-1. Every page in a directory should be linked to from its parent page (index.md in that directory), unless the document is designed to be [standalone](#standalone-documents).
-1. Every new document should be cross-linked to its related documentation, and linked from its topic-related index, when it exists.
-1. Always cross-link to `.md` files, including the file extension, so that the docs are browsable as-is (e.g., in GitHub's file browser).
-1. When you create a new directory, always start with an `index.md` file. Don't use another file name and don't create `README.md` files.
-1. Don't use special chars and spaces, or capital letters in file names, directory names, branch names, and anything that generates a path.
-1. When creating a new document, and it has more than one word in its name, use underscores instead of spaces or dashes (`-`). For example, a proper name would be `import_projects_from_github.md`.
-
-### Images and binary assets
-
-For large images and other binary assets, upload them to the `sourcegraph-assets` Google Cloud Storage bucket instead with `gsutil cp -a public-read local/path/to/myasset.png gs://sourcegraph-assets/` (and refer to them as `https://sourcegraphstatic.com/myasset.png`). For a more detailed instructions visit [this page](../../../../handbook/editing/handbook-images-video.md).
-
-**Important: make sure to use [ImageOptim.app](https://imageoptim.com/mac) to reduce the size of the images before uploading, since large images degrade page loading speed.**
-
-### Administration documentation
-
-This advice currently pertains to [Sourcegraph administration documentation](https://docs.sourcegraph.com/admin).
-
-- Try to avoid repeating information. Instead, find the most relevant home for a piece of information, and link to it from where you want it so that the information can be easily found and referenced from other places.
- - e.g. [Deployments playbooks](deployments/playbooks.md), [Managed instances operations](../../../cloud/technical-docs/index.md), [Docker Compose operations guides](https://docs.sourcegraph.com/admin/install/docker-compose/operations)
-- Instead of adding an FAQ item, try to add the information in a more agnostic format to the relevant documents first, so that it can easily be found and referenced from other places.
- - e.g. instead of "How do I do X when Y for Z?", try "Do X" with a section for "Y" situation in the relevant documents for "Z"
- - If a FAQ item still feels prudent, link to the guide from the FAQ instead of repeating the information.
-- Try to avoid creating new pages. This makes information easier to discover, reference, and maintain (keep up to date).
- - If a new guide or overview is going to be too long to be added to a page, try to distill its components into smaller "operations" that can be added elsewhere, or see if there are documentation that can be referenced instead.
-
-#### Deployment documentation
-
-Deployment documentation should be structured as follows:
-
-- `admin/install/X/...`
- - "Sourcegraph with X" (`admin/install/X/index.md`). Includes:
- - Installation (`#installation`): how to install Sourcegraph with this method. Can link out to separate guide(s) where appropriate.
- - This gets featured here because a customer will likely only encounter installation once.
- - Similarly, "Migration to X" (`admin/install/X/migrate.md`) should be in its own page because a customer will likely only encounter it once.
- - About (`#about`): links to background info, some basic ideas, etc.
- - "Operations guides for Sourcegraph with X" (`admin/install/X/operations.md`). This page should be the go-to page for "I need to do something with my X deployment".
- - See [administration documentation best practices](#administration-documentation).
- - When creating documentation for X, reference these guides instead of repeating.
- - Anything that is not specific to X deployment method should be added to the relevant product documentation instead and linked.
- - Upgrade and configuration documentation should be included here, because unlike installation and upgrades customers will need them often.
-
-Example: [Sourcegraph with Docker Compose](https://docs.sourcegraph.com/admin/install/docker-compose).
-
-## Tips and tricks
-
-### Standalone documents
-
-By default, an error will be raised if a documentation page is not linked to, as we want it to be discovered by readers and indexed by search engines. If the need arises for a page to be standalone and not linked to (e.g., you've moved the page's contents but don't want to break external inbound links), add the following YAML front matter content to the top of the page:
-
-```yaml
----
-ignoreDisconnectedPageCheck: true
----
-```
-
-YAML front matter is optional and is used for adding page metadata that can be used by document processors such as docsite and static site generators.
-
-### SEO
-
-Similarly, SEO metadata can be provided individually for every document, which will help our documentation page to raise its search rank. Every one of them are totally optional.
-
-```yaml
----
-title: 'Deploying with Kubernetes'
-description: 'A step by step guide to deploying in a Kubernetes environment'
-category: 'Deployment'
-type: 'article'
-imageURL: 'https://storage.googleapis.com/sourcegraph-assets/blog/Show%20Us%20Your%20Calendar%20Images/Show%20Us%20Your%20Calendar%20Hero.png'
-tags:
- - Kubernetes
- - Deployments
- - How to
----
-```
diff --git a/content/departments/engineering/dev/process/releases/index.md b/content/departments/engineering/dev/process/releases/index.md
index 6e371c224c08..055a17361b51 100644
--- a/content/departments/engineering/dev/process/releases/index.md
+++ b/content/departments/engineering/dev/process/releases/index.md
@@ -10,21 +10,21 @@ This document describes how we release Sourcegraph.
### Release Schedule
-As of March 2024, Sourcegraph releases features monthly ([see RFC 864](https://docs.google.com/document/d/1vZmRx6k-OUpSgrAJ9ovu4qfzrExQDXzWiBYv9XbGEZM/edit?usp=sharing)) The 2024 schedule is as follows (version numbers are subject to change):
+As of April 2024, Sourcegraph releases features monthly ([see RFC 864](https://docs.google.com/document/d/1vZmRx6k-OUpSgrAJ9ovu4qfzrExQDXzWiBYv9XbGEZM/edit?usp=sharing)) The 2024 schedule is as follows (**version numbers are subject to change**):
| Version | Feature Freeze Date | Code Freeze Date | Release Date | Release Kind |
| ------- | ------------------- | ---------------- | ----------------- | ------------ |
| 5.3.0 | February 1, 2024 | February 9, 2024 | February 15, 2024 | Minor |
| 5.3.1 | N/A | N/A | February 21, 2024 | Patch |
| 5.3.2 | N/A | N/A | March 8, 2024 | Patch |
-| 5.3.x | N/A | N/A | March 20, 2024 | Patch |
-| 5.3.x | N/A | N/A | April 5, 2024 | Monthly |
+| 5.3.3 | N/A | N/A | March 20, 2024 | Patch |
+| 5.3.x | N/A | April 3, 2024 | April 5, 2024 | Monthly |
| 5.3.x | N/A | N/A | April 22, 2024 | Patch |
-| 5.3.x | N/A | N/A | May 6, 2024 | Monthly |
+| 5.3.x | N/A | May 2, 2024 | May 6, 2024 | Monthly |
| 5.3.x | N/A | N/A | May 20, 2024 | Patch |
-| 5.3.x | N/A | N/A | June 5, 2024 | Monthly |
+| 5.3.x | N/A | June 3, 2024 | June 5, 2024 | Monthly |
| 5.3.x | N/A | N/A | June 20, 2024 | Patch |
-| 5.3.x | N/A | N/A | July 6, 2024 | Monthly |
+| 5.3.x | N/A | July 3, 2024 | July 5, 2024 | Monthly |
| 5.3.x | N/A | N/A | July 22, 2024 | Patch |
These releases **may** require [manual migration steps](https://sourcegraph.com/docs/admin/updates).
@@ -42,16 +42,12 @@ The following are general guidelines for selecting release dates:
- **Day 20**: Patch release
We chose _day 5_ to avoid holidays and other events at the beginning of the month, such as new quarterly review meetings and discussions. However, on some
-occassions these days fall on Friday or the weekend, so we generall consider the following criteria in the event the schedule above fall on a Friday or the weekend:
+occassions these days fall on Friday or the weekend, so we generally consider the following criteria in the event the schedule above fall on a Friday or the weekend:
1. Pick the next working day that isn't a Friday. This gives time for release prep.
-A release refers to a minor or major version increase of Sourcegraph (e.g. 3.0.0 -> 3.1.0).
-
### Patch releases
-A _patch release_ refers to a patch version increase of Sourcegraph (e.g. `3.0.0` -> `3.0.1`).
-
Generally speaking patches will only include bug fixes for previously released features. In some occasions we may release improvements to address issues that may not technically a bug fix, and in some occasions we may backport features provided they are:
1. Behind a feature flag
@@ -67,7 +63,7 @@ We will also release patches out of band from the schedule above if there are ur
#### Requesting a patch
-1. Reach out to the `@release-team` on #discuss-release-ship.
+1. Reach out to the `@release-team` on #discuss-releases.
## Key concepts and components
@@ -83,44 +79,41 @@ Release captain responsibilities are currently owned by the [Release Team](../..
### Release tooling
-`sg release` is the tool used to create releases.
+`sg` is the tool used to create releases.
### Release branches
-Each major and minor release of [Sourcegraph](https://github.com/sourcegraph/sourcegraph) has a long lived release branch (e.g. `3.0`, `3.1`).
-Individual releases are tagged from these release branches (e.g. `v3.0.0-rc.1`, `v3.0.0`, `v3.0.1-rc.1`, and `v3.0.1` would be tagged from the `3.0` release branch).
+The release process uses a release branching model. Monthly releases are created from the `main` branch and are usually contained in a long lived release branch (e.g `5.3.270`, `6.2.205`).
+Individual releases associated with the monthly release are tagged from these release branches.
To avoid confusion between tags and branches:
-- Tags are always the full semantic version with a leading `v` (e.g. `v2.10.0`)
-- Branches are always the dot-separated major/minor versions with no leading `v` (e.g. `2.10`).
-
-Development always happens on `main` and changes are cherry-picked onto release branch as necessary **with the approval of the release captain**.
+- Tags are always the full semantic version with a leading `v` (e.g. `v5.3.207`)
+- Branches are always the dot-separated major/minor/patch versions with no leading `v` (e.g. `5.3.207`).
#### Example
Here is an example git commit history:
-1. The release captain creates the `3.0` release branch at commit `B`.
-1. The release captain tags the release candidate `v3.0.0-rc.1` at commit `B`.
-1. A feature is committed to `main` in commit `C`. It will not ship in `3.0`.
-1. An issue is found in the release candidate and a fix is committed to `main` in commit `D`.
-1. The release captain cherry-picks `D` from `main` into `3.0`.
+1. For a monthly release, the release captain creates the `5.3.207` release branch at commit `B`. This branch is cut from `main`.
+1. The release captain tags the release `v5.3.207` at commit `B`.
+1. A feature is committed to `main` in commit `C`. It will not ship in the next patch release from the `5.3.207` branch.
+1. An issue is found in the release and a fix is committed to `main` in commit `D`.
+1. The fix is backported into the `5.3.207` release branch and it'll be part of the next patch release `5.3.405.
1. The release captain tags `v3.0.0` on the `3.0` release branch.
1. Development continues on `main` with commits `E`, `F`, `G`, `H`.
-1. Commit `F` fixes a critical bug that impacts 3.0, so it is cherry-picked onto the `3.0` release branch and `v3.0.1` is tagged.
-1. The release captain (different person) for 3.1 creates the `3.1` release branch at commit `H` and a new release cycle begins.
-1. Commit `J` fixes a critical bug that impacts both 3.0 and 3.1, so it is cherry-picked into both `3.0` and `3.1` release branches and new releases are tagged (`v3.0.2`, `v3.1.2`).
+1. The release captain (different person) for `5.3.427` creates the `5.3.427` release branch at commit `H` and a new monthly release cycle begins.
```text
A---B---C---D---E---F---G---H---I---J---K---L (main branch)
\ \
- \ `---v3.1.0-rc.1---I'---v3.1.0---J'---v3.1.2 (3.1 release branch)
+ \ `---v5.3.427 (5.3.427 monthly release branch)
\
- `---v3.0.0-rc.1---D'---v3.0.0---F'---v3.0.1---J'---v3.0.2 (3.0 release branch)
+ `---v5.3.207---D'---v5.3.405 patch release (5.3.207 monthly release branch)
```
-> [!NOTE] cherry-picks can be automated using the backporting tool by adding the `backport ` label to the PR (merged into `main`) that is being cherry-picked (e.g. `backport 5.0`).
+> [!NOTE] cherry-picks can be automated using the backporting tool by adding the `backport ` label to the PR (merged into `main`) that is being cherry-picked (e.g. `backport 5.0`)
+> or using the `sg backport` command that's part of the [sg] CLI.
### Issues
@@ -142,7 +135,7 @@ The release captain has unlimited power to make changes to the release branch to
#### Non-blocking
-Most issues are non-blocking. Fixes to non-blocking issues can be fixed in `main` by the code owner who can then `git cherry-pick` those commits into the release branch with the approval of the release captain. Alternatively, broken features can be reverted out of the release branch or disabled via feature flags if they aren't ready or are too buggy.
+Most issues are non-blocking. Fixes to non-blocking issues can be fixed in `main` by the code owner who can then backport those commits into the release branch with the approval of the release captain. Alternatively, broken features can be reverted out of the release branch or disabled via feature flags if they aren't ready or are too buggy.
### CHANGELOG.md
@@ -166,6 +159,20 @@ Cody client extensions, such as the VS Code extension, need to maintain backward
Why only back to 5.0 instead of our standard policy of latest version and previous major version? That will eventually be our policy. However, since Cody was new to 5.0.0, it's a necessary exception to that policy.
+## FAQ
+
+**Q: Do I need to backport my PRs for it to be included in a monthly release?**
+
+A: No, you don't. Monthly releases are cut from `main`, so once your PR is merged into `main` it'll be included in the next monthly release.
+
+**Q: How do I get my bug fix into a patch release?**
+
+A: You'll need to backport it into the branch of the latest monthly release. This will be in the format `..`.
+
+**Q: How do I find out if a bug fix made it into the last release?**
+
+A: The changelog will be the source of truth for this.
+
[patch release request]: https://github.com/sourcegraph/sourcegraph/issues/new?assignees=&labels=team%2Fdistribution%2Cpatch-release-request&template=request_patch_release.md&title=
[revert poor onboarding ux change]: https://github.com/sourcegraph/sourcegraph/issues/30197
[release-config.jsonc]: https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/blob/dev/release/release-config.jsonc
diff --git a/content/departments/engineering/dev/tools/observability/dotcom.md b/content/departments/engineering/dev/tools/observability/dotcom.md
index fdfe2d7d9e0d..8100e807d39e 100644
--- a/content/departments/engineering/dev/tools/observability/dotcom.md
+++ b/content/departments/engineering/dev/tools/observability/dotcom.md
@@ -1,58 +1,42 @@
# Sourcegraph.com observability
-We provide some tooling to make [Sourcegraph.com](../../process/deployments/instances.md#sourcegraph-cloud) easier to monitor and observe. This includes observability for relevant critical infrastructure such as our [CI/CD pipelines](#ci-logs).
+We provide some tooling to make [Sourcegraph.com instance](../../process/deployments/instances.md#dotcom) easier to monitor and observe.
For general observability development, please refer to the [observability development documentation](https://docs.sourcegraph.com/dev/background-information/observability) instead, which includes links to useful how-to guides.
> [!NOTE] Looking for _how to monitor Sourcegraph?_ See the [observability documentation](https://docs.sourcegraph.com/admin/observability).
-## Monitoring
+## Metrics and alerting
For metrics and alerting, see the [Sourcegraph monitoring guide](./monitoring.md).
-## Grafana Cloud
+## Logging
-We have a Grafana Cloud instance at [sourcegraph.grafana.net](https://sourcegraph.grafana.net/). Accounts are automatically provisioned by logging in with GSuite oAuth. Quick links:
+Service logs are available in GCP logging in the `sourcegraph-dev` project.
+The quick-and-easy way is to go to the [GCP console workloads page](https://console.cloud.google.com/kubernetes/workload/overview?project=sourcegraph-dev), select the workload of interest, and head over to the "Logs" tab.
-- [Explore logs](https://sourcegraph.grafana.net/explore?orgId=1&left=%5B%22now-1h%22,%22now%22,%22grafanacloud-sourcegraph-logs%22,%7B%22refId%22:%22A%22,%22expr%22:%22%7Bdeploy%3D%5C%22sourcegraph%5C%22%7D%22%7D%5D)
-- [Explore traces](https://sourcegraph.grafana.net/explore?orgId=1&left=%5B%22now-1h%22,%22now%22,%22grafanacloud-sourcegraph-traces%22,%7B%22refId%22:%22A%22%7D%5D)
-- [CI dashboard](https://sourcegraph.grafana.net/d/iBBWbxFnk/ci?orgId=1)
+Sourcegraph service logs [follow a standardized JSON format](https://sourcegraph.com/docs/admin/observability/logs#logs) - you can use [this Logs Explorer view](https://cloudlogging.app.goo.gl/WXpyV1uSzDWnLMg7A) which is preconfigured with important attributes extracted to the log summary line, and uncomment the `labels.k8s-pod/app` filter to target your workload of choice.
+The resulting log filter should look something like this:
-### Logs
-
-Logs in Grafana Cloud is provided by [Grafana Loki](https://grafana.com/oss/loki/), a logs aggregation system that uses a PromQL-like query language called [LogQL](https://grafana.com/docs/loki/latest/logql/).
-
-Loki allows you to easily query for logs, filter for fields within structured logs, and even generate metrics from logs. The [official LogQL documentation](https://grafana.com/docs/loki/latest/logql/) provides a complete reference, or you can refer to [this cheatsheet](https://megamorf.gitlab.io/cheat-sheets/loki/) for a brief overview.
-
-#### Cloud logs
-
-The Loki instance in Grafana Cloud is currently configured to ingest logs from Sourcegraph.com pushed from [`grafana-agent`'s Loki configuration](https://github.com/sourcegraph/deploy-sourcegraph-cloud/blob/release/configure/grafana-agent/grafana-agent.ConfigMap.yaml#L58). To query these, you can start with a LogQL query like:
-
-```logql
-{deploy="sourcegraph",app="sourcegraph-frontend"}
- | logfmt
- | lvl="warn"
+```none
+labels.k8s-pod/app="sourcegraph-frontend"
+resource.type="k8s_container"
+resource.labels.project_id="sourcegraph-dev"
+resource.labels.location="us-central1-f"
+resource.labels.cluster_name="cloud"
+resource.labels.namespace_name="prod"
```
-#### CI logs
-
-The `sourcegraph/sourcegraph` CI pipeline also [uploads pipeline logs using `sg` to Loki](https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/blob/enterprise/dev/upload-build-logs.sh).
-These uploads only happen for _failed builds_ on `main` - we do not publish data for successful builds or branch builds (for those, you can refer to our [build traces](https://docs.sourcegraph.com/dev/background-information/ci/development#pipeline-command-tracing)).
-To query logs, you can start with a [LogQL query](#logs) like:
+You can also use `kubectl` to work with service log output in the command line - see the [Kubernetes guide](../../process/deployments/kubernetes.md) to get started.
-```logql
-{app="buildkite",branch="main",state="failed"}
- |~ "FAILED:"
-```
+## Tracing
-Also refer to the [CI dashboard](https://sourcegraph.grafana.net/d/iBBWbxFnk/ci?orgId=1), which is a set of graphs based on the contents of uploaded logs, for more examples—just select a panel and click "Explore" to see the underlying query.
+Traces are available in [Cloud Trace](https://console.cloud.google.com/traces/list?project=sourcegraph-dev) and an [in-cluster Jaeger deployment](https://sourcegraph.com/-/debug/jaeger/).
+The latter is only accessible with site admin permissions - see [Site-admin access to internal instances](../../../../security/admin-access-internal-instances.md).
-A demo is also available that demonstrates one of the most common use cases of this functionality, assessing [flakes](https://docs.sourcegraph.com/dev/background-information/ci#flakes): [how to find out if a build is a recurring flake](https://www.loom.com/share/58cedf44d44c45a292f650ddd3547337).
+Trace spans meeting certain criteria are also exported to [Honeycomb](https://ui.honeycomb.io/sourcegraph) via our OpenTelemetry Collector deployment - see [`otel-collector.ConfigMap.yaml`](https://github.com/sourcegraph/deploy-sourcegraph-cloud/blob/release/base/otel-collector/otel-collector.ConfigMap.yaml) for our current configuration.
-Additional resources:
-
-- [CI observability](https://docs.sourcegraph.com/dev/background-information/ci/development#observability)
-- [CI playbook](../../process/incidents/playbooks/ci.md)
+Also refer to [how to use traces](https://sourcegraph.com/docs/admin/observability/tracing#how-to-use-traces).
## Cloudflare
@@ -64,12 +48,8 @@ This section gives a quick overview of how to access Cloudflare analytics, and h
Cloudflare Analytics provides a somewhat [limited](https://developers.cloudflare.com/analytics/graphql-api/limits) API for retrieving monitoring data. Note that you can only retrieve relatively recent data, and have a limited number of operations.
-### Tools
-
Cloudflare recommends using [GraphiQL](https://www.electronjs.org/apps/graphiql), a lightweight electron app, to interface with their API due to its relative ease of use. Configuration instructions are [here](https://developers.cloudflare.com/analytics/graphql-api/getting-started). The auth key and email can be found [here](https://github.com/sourcegraph/infrastructure/blob/main/dns/providers.tf). The tool also helps enumerate the available parameters, and is quite useful for exploring the API.
-### Available data
-
The Cloudflare API mainly contains network layer information about communications to and from the service. The entire list of datasets is enumerated [here](https://developers.cloudflare.com/analytics/graphql-api/features/data-sets). For an example, the number of requests and page views per minute, along with the number of unique accessors can be found with the following query. Note that the results are ordered by `datetimeMinute_ASC`, since the default response ordering does not rely on time.
```{
@@ -91,3 +71,10 @@ viewer {
}
}
```
+
+### Cloudflare logs in Elasticsearch
+
+Cloudflare logs are streamed to an Elasticsearch deployment managed by the Security team.
+Reach out to #discuss-security to provision access.
+
+See [the Cloudflare logs reference](https://developers.cloudflare.com/logs/reference/) and related pages for documentation on various fields.
diff --git a/content/departments/engineering/dev/tools/observability/index.md b/content/departments/engineering/dev/tools/observability/index.md
index c530b94befc8..98fee93a952f 100644
--- a/content/departments/engineering/dev/tools/observability/index.md
+++ b/content/departments/engineering/dev/tools/observability/index.md
@@ -10,7 +10,9 @@ For general observability development, please refer to the [observability develo
- [Sourcegraph monitoring guide](monitoring.md)
- [Monitoring pillars](monitoring_pillars.md)
- [Monitoring architecture](./monitoring_architecture.md)
+- **Managed Services** (e.g. accounts.sourcegraph.com, telemetry-gateway.sourcegraph.com, etc.): refer to [Managed Services infrastructure (go/msp-ops)](../../../managed-services/index.md)
+- **Cody Gateway**: refer to [Cody Gateway (go/cody-gateway)](../../../teams/cody/cody-gateway/index.md)
-### Learning more
+## Learning more
Are you interested in observability? Check out the [recommended learning resources](learning_resources.md) to pick up what modern observability is and its benefits.
diff --git a/content/departments/engineering/dev/tools/observability/monitoring.md b/content/departments/engineering/dev/tools/observability/monitoring.md
index 4ea9d3d3d16c..e698bbde8b6c 100644
--- a/content/departments/engineering/dev/tools/observability/monitoring.md
+++ b/content/departments/engineering/dev/tools/observability/monitoring.md
@@ -94,7 +94,7 @@ To learn more, reference the [dashboard generator documentation](https://github.
Once the dashboard is ready to be shipped to customers, we will need to port it to the [monitoring generator](https://docs.sourcegraph.com/dev/background-information/observability/monitoring-generator) to be included in our next Sourcegraph release.
Custom dashboards cannot be added to the `sourcegraph/grafana` except through the generator.
-You can use a [local Grafana](#connecting-grafana-to-a-remote-prometheus-instance) or the Cloud Grafana to create a new dashboard and once its ready, export it by following these steps:
+You can use a [local Grafana](https://sourcegraph.com/docs/dev/how-to/monitoring_local_dev#grafana) or the Cloud Grafana to create a new dashboard and once its ready, export it by following these steps:
- Open "Dashboard Settings" (top right cog).
- Select "JSON Model".
diff --git a/content/departments/engineering/managed-services/cloud-ops.md b/content/departments/engineering/managed-services/cloud-ops.md
index 5cb1e4903d84..89e35c899ff6 100644
--- a/content/departments/engineering/managed-services/cloud-ops.md
+++ b/content/departments/engineering/managed-services/cloud-ops.md
@@ -3,15 +3,15 @@
This document describes operational guidance for Cloud Ops Dashboard infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
@@ -19,7 +19,7 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
| PROPERTY | DETAILS |
| ------------ | -------------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`cloud-ops`](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-ops/service.yaml) |
+| Service ID | `cloud-ops` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-ops/service.yaml)) |
| Owners | **cloud** |
| Service kind | Cloud Run service |
| Environments | [prod](#prod) |
@@ -30,22 +30,23 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
### prod
-| PROPERTY | DETAILS |
-| -------------- | -------------------------------------------------------------------------------------------------- |
-| Project ID | [`cloud-ops-prod-dd32`](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) |
-| Category | **internal** |
-| Resources | [prod Redis](#prod-redis) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cloud-ops-prod-dd32) |
-| Sentry | [`cloud-ops-prod`](https://sourcegraph.sentry.io/projects/cloud-ops-prod/) |
-| Domain | [cloud-ops.sgdev.org](https://cloud-ops.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | -------------------------------------------------------------------------------------------------- |
+| Project ID | [`cloud-ops-prod-dd32`](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) |
+| Category | **internal** |
+| Resources | [prod Redis](#prod-redis) |
+| Slack notifications | [#alerts-cloud-ops-prod](https://sourcegraph.slack.com/archives/alerts-cloud-ops-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cloud-ops-prod-dd32) |
+| Errors | [Sentry `cloud-ops-prod`](https://sourcegraph.sentry.io/projects/cloud-ops-prod/) |
+| Domain | [cloud-ops.sgdev.org](https://cloud-ops.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -53,10 +54,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Cloud Ops Dashboard prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cloud-ops-prod-dd32) |
+| PROPERTY | DETAILS |
+| -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cloud-ops-prod-dd32) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cloud-ops-prod-dd32) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=cloud-ops-prod-dd32) |
+| Service errors | [Sentry `cloud-ops-prod`](https://sourcegraph.sentry.io/projects/cloud-ops-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/managed-services/cloud-relay.md b/content/departments/engineering/managed-services/cloud-relay.md
new file mode 100644
index 000000000000..7fa79a3eda00
--- /dev/null
+++ b/content/departments/engineering/managed-services/cloud-relay.md
@@ -0,0 +1,93 @@
+# Cloud Relay infrastructure operations
+
+
+
+This document describes operational guidance for Cloud Relay infrastructure.
+This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
+
+> [!IMPORTANT]
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
+
+If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
+
+## Service overview
+
+| PROPERTY | DETAILS |
+| ------------ | ---------------------------------------------------------------------------------------------------------------------------- |
+| Service ID | `cloud-relay` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-relay/service.yaml)) |
+| Owners | **cloud** |
+| Service kind | Cloud Run service |
+| Environments | [prod](#prod) |
+| Docker image | `us-central1-docker.pkg.dev/control-plane-5e9ee072/docker/cloud-relay` |
+| Source code | [`https://github.com/sourcegraph/cloud-relay` - `.`](https://https://github.com/sourcegraph/cloud-relay/tree/HEAD/.) |
+
+## Environments
+
+### prod
+
+| PROPERTY | DETAILS |
+| ------------------- | ---------------------------------------------------------------------------------------------------- |
+| Project ID | [`cloud-relay-prod-bd4c`](https://console.cloud.google.com/run?project=cloud-relay-prod-bd4c) |
+| Category | **internal** |
+| Resources | |
+| Slack notifications | [#alerts-cloud-relay-prod](https://sourcegraph.slack.com/archives/alerts-cloud-relay-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cloud-relay-prod-bd4c) |
+| Errors | [Sentry `cloud-relay-prod`](https://sourcegraph.sentry.io/projects/cloud-relay-prod/) |
+| Domain | [cloud-relay.sgdev.org](https://cloud-relay.sgdev.org) |
+| Cloudflare WAF | ✅ |
+
+MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
+
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+
+For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
+
+#### prod Cloud Run
+
+The Cloud Relay prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
+
+| PROPERTY | DETAILS |
+| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cloud-relay-prod-bd4c) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cloud-relay-prod-bd4c) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=cloud-relay-prod-bd4c) |
+| Service errors | [Sentry `cloud-relay-prod`](https://sourcegraph.sentry.io/projects/cloud-relay-prod/) |
+
+You can also use `sg msp` to quickly open a link to your service logs:
+
+```bash
+sg msp logs cloud-relay prod
+```
+
+#### prod Terraform Cloud
+
+This service's configuration is defined in [`sourcegraph/managed-services/services/cloud-relay/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/cloud-relay/service.yaml), and `sg msp generate cloud-relay prod` generates the required infrastructure configuration for this environment in Terraform.
+Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration.
+You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc).
+
+> [!NOTE]
+> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general:
+>
+> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving
+> - check TFC workspaces for infrastructure provisioning or configuration issues
+
+To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19).
+The "Managed Services Platform Operator" team has access to all MSP TFC workspaces.
+
+> [!WARNING]
+> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**.
+> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation.
+
+The Terraform Cloud workspaces for this service environment are [grouped under the `msp-cloud-relay-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-cloud-relay-prod), or you can use:
+
+```bash
+sg msp tfc view cloud-relay prod
+```
diff --git a/content/departments/engineering/managed-services/cody-analytics.md b/content/departments/engineering/managed-services/cody-analytics.md
index 2a0743c98e00..bd510d0840b9 100644
--- a/content/departments/engineering/managed-services/cody-analytics.md
+++ b/content/departments/engineering/managed-services/cody-analytics.md
@@ -3,49 +3,50 @@
This document describes operational guidance for Cody Analytics infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
## Service overview
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------ |
-| Service ID | [`cody-analytics`](https://github.com/sourcegraph/managed-services/blob/main/services/cody-analytics/service.yaml) |
-| Owners | **cody-strat** |
-| Service kind | Cloud Run service |
-| Environments | [dev](#dev), [prod](#prod) |
-| Docker image | `us-central1-docker.pkg.dev/sourcegraph-dev/cody-analytics/service` |
-| Source code | [`github.com/sourcegraph/cody-analytics` - `.`](https://github.com/sourcegraph/cody-analytics/tree/HEAD/.) |
+| PROPERTY | DETAILS |
+| ------------ | ---------------------------------------------------------------------------------------------------------------------------------- |
+| Service ID | `cody-analytics` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/cody-analytics/service.yaml)) |
+| Owners | **cody-strat** |
+| Service kind | Cloud Run service |
+| Environments | [dev](#dev), [prod](#prod) |
+| Docker image | `us-central1-docker.pkg.dev/sourcegraph-dev/cody-analytics/service` |
+| Source code | [`github.com/sourcegraph/cody-analytics` - `.`](https://github.com/sourcegraph/cody-analytics/tree/HEAD/.) |
## Environments
### dev
-| PROPERTY | DETAILS |
-| -------------- | ------------------------------------------------------------------------------------------------------ |
-| Project ID | [`cody-analytics-dev-bd34`](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) |
-| Category | **test** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cody-analytics-dev-bd34) |
-| Sentry | [`cody-analytics-dev`](https://sourcegraph.sentry.io/projects/cody-analytics-dev/) |
-| Domain | [cody-analytics.sgdev.org](https://cody-analytics.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | ------------------------------------------------------------------------------------------------------ |
+| Project ID | [`cody-analytics-dev-bd34`](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) |
+| Category | **test** |
+| Resources | |
+| Slack notifications | [#alerts-cody-analytics-dev](https://sourcegraph.slack.com/archives/alerts-cody-analytics-dev) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cody-analytics-dev-bd34) |
+| Errors | [Sentry `cody-analytics-dev`](https://sourcegraph.sentry.io/projects/cody-analytics-dev/) |
+| Domain | [cody-analytics.sgdev.org](https://cody-analytics.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
@@ -53,10 +54,12 @@ For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
The Cody Analytics dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-dev-bd34) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-dev-bd34) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-dev-bd34) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=cody-analytics-dev-bd34) |
+| Service errors | [Sentry `cody-analytics-dev`](https://sourcegraph.sentry.io/projects/cody-analytics-dev/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -91,22 +94,23 @@ sg msp tfc view cody-analytics dev
### prod
-| PROPERTY | DETAILS |
-| -------------- | ------------------------------------------------------------------------------------------------------- |
-| Project ID | [`cody-analytics-prod-da5a`](https://console.cloud.google.com/run?project=cody-analytics-prod-da5a) |
-| Category | **external** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cody-analytics-prod-da5a) |
-| Sentry | [`cody-analytics-prod`](https://sourcegraph.sentry.io/projects/cody-analytics-prod/) |
-| Domain | [cody-analytics.sourcegraph.com](https://cody-analytics.sourcegraph.com) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | ------------------------------------------------------------------------------------------------------- |
+| Project ID | [`cody-analytics-prod-da5a`](https://console.cloud.google.com/run?project=cody-analytics-prod-da5a) |
+| Category | **external** |
+| Resources | |
+| Slack notifications | [#alerts-cody-analytics-prod](https://sourcegraph.slack.com/archives/alerts-cody-analytics-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=cody-analytics-prod-da5a) |
+| Errors | [Sentry `cody-analytics-prod`](https://sourcegraph.sentry.io/projects/cody-analytics-prod/) |
+| Domain | [cody-analytics.sourcegraph.com](https://cody-analytics.sourcegraph.com) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| GCP project read access | [Read-only Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -114,10 +118,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Cody Analytics prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-prod-da5a) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-prod-da5a) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=cody-analytics-prod-da5a) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=cody-analytics-prod-da5a) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=cody-analytics-prod-da5a) |
+| Service errors | [Sentry `cody-analytics-prod`](https://sourcegraph.sentry.io/projects/cody-analytics-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/managed-services/entitler.md b/content/departments/engineering/managed-services/entitler.md
index 66422fdd376e..2ee718faca2b 100644
--- a/content/departments/engineering/managed-services/entitler.md
+++ b/content/departments/engineering/managed-services/entitler.md
@@ -3,15 +3,15 @@
This document describes operational guidance for Entitler infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
@@ -19,7 +19,7 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
| PROPERTY | DETAILS |
| ------------ | --------------------------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`entitler`](https://github.com/sourcegraph/managed-services/blob/main/services/entitler/service.yaml) |
+| Service ID | `entitler` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/entitler/service.yaml)) |
| Owners | **security** |
| Service kind | Cloud Run service |
| Environments | [prod](#prod) |
@@ -30,22 +30,23 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
### prod
-| PROPERTY | DETAILS |
-| -------------- | ------------------------------------------------------------------------------------------------- |
-| Project ID | [`entitler-prod-0516`](https://console.cloud.google.com/run?project=entitler-prod-0516) |
-| Category | **internal** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=entitler-prod-0516) |
-| Sentry | [`entitler-prod`](https://sourcegraph.sentry.io/projects/entitler-prod/) |
-| Domain | [entitler.sgdev.org](https://entitler.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | ------------------------------------------------------------------------------------------------- |
+| Project ID | [`entitler-prod-0516`](https://console.cloud.google.com/run?project=entitler-prod-0516) |
+| Category | **internal** |
+| Resources | |
+| Slack notifications | [#alerts-entitler-prod](https://sourcegraph.slack.com/archives/alerts-entitler-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=entitler-prod-0516) |
+| Errors | [Sentry `entitler-prod`](https://sourcegraph.sentry.io/projects/entitler-prod/) |
+| Domain | [entitler.sgdev.org](https://entitler.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -53,10 +54,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Entitler prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=entitler-prod-0516) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=entitler-prod-0516) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=entitler-prod-0516) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=entitler-prod-0516) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=entitler-prod-0516) |
+| Service errors | [Sentry `entitler-prod`](https://sourcegraph.sentry.io/projects/entitler-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/managed-services/gatekeeper.md b/content/departments/engineering/managed-services/gatekeeper.md
index 0c8811c75cac..b5260584cfa2 100644
--- a/content/departments/engineering/managed-services/gatekeeper.md
+++ b/content/departments/engineering/managed-services/gatekeeper.md
@@ -3,47 +3,48 @@
This document describes operational guidance for Cody Gatekeeper infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
## Service overview
-| PROPERTY | DETAILS |
-| ------------ | ---------------------------------------------------------------------------------------------------------- |
-| Service ID | [`gatekeeper`](https://github.com/sourcegraph/managed-services/blob/main/services/gatekeeper/service.yaml) |
-| Owners | **cody-services** |
-| Service kind | Cloud Run job |
-| Environments | [prod](#prod) |
-| Docker image | `us.gcr.io/sourcegraph-dev/abuse-ban-bot` |
-| Source code | [`github.com/sourcegraph/abuse-ban-bot` - `.`](https://github.com/sourcegraph/abuse-ban-bot/tree/HEAD/.) |
+| PROPERTY | DETAILS |
+| ------------ | -------------------------------------------------------------------------------------------------------------------------- |
+| Service ID | `gatekeeper` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/gatekeeper/service.yaml)) |
+| Owners | **cody-services** |
+| Service kind | Cloud Run job |
+| Environments | [prod](#prod) |
+| Docker image | `us.gcr.io/sourcegraph-dev/abuse-ban-bot` |
+| Source code | [`github.com/sourcegraph/abuse-ban-bot` - `.`](https://github.com/sourcegraph/abuse-ban-bot/tree/HEAD/.) |
## Environments
### prod
-| PROPERTY | DETAILS |
-| ---------- | --------------------------------------------------------------------------------------------------- |
-| Project ID | [`gatekeeper-prod-1c93`](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) |
-| Category | **internal** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=gatekeeper-prod-1c93) |
-| Sentry | [`gatekeeper-prod`](https://sourcegraph.sentry.io/projects/gatekeeper-prod/) |
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------- |
+| Project ID | [`gatekeeper-prod-1c93`](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) |
+| Category | **internal** |
+| Resources | |
+| Slack notifications | [#alerts-gatekeeper-prod](https://sourcegraph.slack.com/archives/alerts-gatekeeper-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=gatekeeper-prod-1c93) |
+| Errors | [Sentry `gatekeeper-prod`](https://sourcegraph.sentry.io/projects/gatekeeper-prod/) |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -51,10 +52,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Cody Gatekeeper prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run job](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_job%22;summaryFields=labels%252F%2522run.googleapis.com%252Fexecution_name%2522,jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=gatekeeper-prod-1c93) |
+| PROPERTY | DETAILS |
+| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run job](https://console.cloud.google.com/run/jobs?project=gatekeeper-prod-1c93) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_job%22;summaryFields=labels%252F%2522run.googleapis.com%252Fexecution_name%2522,jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=gatekeeper-prod-1c93) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=gatekeeper-prod-1c93) |
+| Service errors | [Sentry `gatekeeper-prod`](https://sourcegraph.sentry.io/projects/gatekeeper-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/managed-services/index.md b/content/departments/engineering/managed-services/index.md
index b9a7c8e1b97d..bd828e30b181 100644
--- a/content/departments/engineering/managed-services/index.md
+++ b/content/departments/engineering/managed-services/index.md
@@ -3,12 +3,12 @@
-These pages contain generated operational guidance for the infrastructure of [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md) services.
-This includes information about each service, configured environments, Entitle requests, common tasks, monitoring, etc.
+These pages contain generated operational guidance for the infrastructure of the 12 [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md) services (across 18 environments) currently in operation at Sourcegraph.
+This includes information about each service, configured environments, Entitle requests, common tasks, monitoring, custom documentation provided by service operators, and so on.
In addition to service-specific guidance, [General guidance](#general-guidance) is also available.
MSP is owned by [Core Services](../teams/core-services/index.md), but individual teams are responsible for the services they operate on the platform.
@@ -29,6 +29,13 @@ Managed Services Platform services owned by `Customer Support`:
Managed Services Platform services owned by `cloud`:
- [Cloud Ops Dashboard](./cloud-ops.md)
+- [Cloud Relay](./cloud-relay.md)
+
+## cody-plg
+
+Managed Services Platform services owned by `cody-plg`:
+
+- [Self-Serve Cody](./sams.md)
## cody-services
@@ -48,7 +55,7 @@ Managed Services Platform services owned by `core-services`:
- [MSP Testbed](./msp-testbed.md)
- [Pings Service](./pings.md)
-- [Sourcegraph Accounts](./sams.md)
+- [Sourcegraph Accounts](./sourcegraph-accounts.md)
- [Telemetry Gateway](./telemetry-gateway.md)
## dev-experience
diff --git a/content/departments/engineering/managed-services/msp-testbed.md b/content/departments/engineering/managed-services/msp-testbed.md
index b639c9b794c6..f47416c213c2 100644
--- a/content/departments/engineering/managed-services/msp-testbed.md
+++ b/content/departments/engineering/managed-services/msp-testbed.md
@@ -3,15 +3,15 @@
This document describes operational guidance for MSP Testbed infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
@@ -19,32 +19,40 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
| PROPERTY | DETAILS |
| ------------ | -------------------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`msp-testbed`](https://github.com/sourcegraph/managed-services/blob/main/services/msp-testbed/service.yaml) |
+| Service ID | `msp-testbed` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/msp-testbed/service.yaml)) |
| Owners | **core-services** |
| Service kind | Cloud Run service |
| Environments | [test](#test), [robert](#robert) |
| Docker image | `us.gcr.io/sourcegraph-dev/msp-example` |
| Source code | [`github.com/sourcegraph/sourcegraph` - `cmd/msp-example`](https://github.com/sourcegraph/sourcegraph/tree/HEAD/cmd/msp-example) |
+
+
+This is a test environment used by the Core Services team for experimenting with MSP infrastructure changes.
+Each Core Services teammate generally focuses their experiments on an individual environment of this service.
+
## Environments
### test
-| PROPERTY | DETAILS |
-| ---------- | --------------------------------------------------------------------------------------------------------------------------------- |
-| Project ID | [`msp-testbed-test-77589aae45d0`](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) |
-| Category | **test** |
-| Resources | [test Redis](#test-redis), [test PostgreSQL instance](#test-postgresql-instance), [test BigQuery dataset](#test-bigquery-dataset) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=msp-testbed-test-77589aae45d0) |
-| Sentry | [`msp-testbed-test`](https://sourcegraph.sentry.io/projects/msp-testbed-test/) |
-| Domain | [msp-testbed.sgdev.org](https://msp-testbed.sgdev.org) |
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`msp-testbed-test-77589aae45d0`](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) |
+| Category | **test** |
+| Resources | [test Redis](#test-redis), [test PostgreSQL instance](#test-postgresql-instance), [test BigQuery dataset](#test-bigquery-dataset) |
+| Slack notifications | [#alerts-msp-testbed-test](https://sourcegraph.slack.com/archives/alerts-msp-testbed-test) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=msp-testbed-test-77589aae45d0) |
+| Errors | [Sentry `msp-testbed-test`](https://sourcegraph.sentry.io/projects/msp-testbed-test/) |
+| Domain | [msp-testbed.sgdev.org](https://msp-testbed.sgdev.org) |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [test Terraform Cloud](#test-terraform-cloud).
@@ -52,10 +60,12 @@ For Terraform Cloud access, see [test Terraform Cloud](#test-terraform-cloud).
The MSP Testbed test service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=msp-testbed-test-77589aae45d0) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=msp-testbed-test-77589aae45d0) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=msp-testbed-test-77589aae45d0) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=msp-testbed-test-77589aae45d0) |
+| Service errors | [Sentry `msp-testbed-test`](https://sourcegraph.sentry.io/projects/msp-testbed-test/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -76,6 +86,9 @@ sg msp logs msp-testbed test
| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=msp-testbed-test-77589aae45d0) |
| Databases | `primary` |
+> [!NOTE]
+> The [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
```bash
@@ -121,22 +134,23 @@ sg msp tfc view msp-testbed test
### robert
-| PROPERTY | DETAILS |
-| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| Project ID | [`msp-testbed-robert-7be9`](https://console.cloud.google.com/run?project=msp-testbed-robert-7be9) |
-| Category | **test** |
-| Resources | [robert Redis](#robert-redis), [robert PostgreSQL instance](#robert-postgresql-instance), [robert BigQuery dataset](#robert-bigquery-dataset) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=msp-testbed-robert-7be9) |
-| Sentry | [`msp-testbed-robert`](https://sourcegraph.sentry.io/projects/msp-testbed-robert/) |
-| Domain | [msp-testbed-robert.sgdev.org](https://msp-testbed-robert.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`msp-testbed-robert-7be9`](https://console.cloud.google.com/run?project=msp-testbed-robert-7be9) |
+| Category | **test** |
+| Resources | [robert Redis](#robert-redis), [robert PostgreSQL instance](#robert-postgresql-instance), [robert BigQuery dataset](#robert-bigquery-dataset) |
+| Slack notifications | [#alerts-msp-testbed-robert](https://sourcegraph.slack.com/archives/alerts-msp-testbed-robert) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=msp-testbed-robert-7be9) |
+| Errors | [Sentry `msp-testbed-robert`](https://sourcegraph.sentry.io/projects/msp-testbed-robert/) |
+| Domain | [msp-testbed-robert.sgdev.org](https://msp-testbed-robert.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [robert Terraform Cloud](#robert-terraform-cloud).
@@ -144,10 +158,12 @@ For Terraform Cloud access, see [robert Terraform Cloud](#robert-terraform-cloud
The MSP Testbed robert service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=msp-testbed-robert-7be9) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=msp-testbed-robert-7be9) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=msp-testbed-robert-7be9) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=msp-testbed-robert-7be9) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=msp-testbed-robert-7be9) |
+| Service errors | [Sentry `msp-testbed-robert`](https://sourcegraph.sentry.io/projects/msp-testbed-robert/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -168,6 +184,9 @@ sg msp logs msp-testbed robert
| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=msp-testbed-robert-7be9) |
| Databases | `primary` |
+> [!NOTE]
+> The [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
```bash
diff --git a/content/departments/engineering/managed-services/pings.md b/content/departments/engineering/managed-services/pings.md
index 779fa0455817..c7b7d2785362 100644
--- a/content/departments/engineering/managed-services/pings.md
+++ b/content/departments/engineering/managed-services/pings.md
@@ -3,15 +3,15 @@
This document describes operational guidance for Pings Service infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
@@ -19,7 +19,7 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
| PROPERTY | DETAILS |
| ------------ | -------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`pings`](https://github.com/sourcegraph/managed-services/blob/main/services/pings/service.yaml) |
+| Service ID | `pings` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/pings/service.yaml)) |
| Owners | **core-services** |
| Service kind | Cloud Run service |
| Environments | [prod](#prod) |
@@ -30,21 +30,22 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
### prod
-| PROPERTY | DETAILS |
-| ---------- | ------------------------------------------------------------------------------------------------------ |
-| Project ID | [`pings-prod-2f4f73edf1db`](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) |
-| Category | **external** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=pings-prod-2f4f73edf1db) |
-| Sentry | [`pings-prod`](https://sourcegraph.sentry.io/projects/pings-prod/) |
-| Domain | [pings.sourcegraph.com](https://pings.sourcegraph.com) |
+| PROPERTY | DETAILS |
+| ------------------- | ------------------------------------------------------------------------------------------------------ |
+| Project ID | [`pings-prod-2f4f73edf1db`](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) |
+| Category | **external** |
+| Resources | |
+| Slack notifications | [#alerts-pings-prod](https://sourcegraph.slack.com/archives/alerts-pings-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=pings-prod-2f4f73edf1db) |
+| Errors | [Sentry `pings-prod`](https://sourcegraph.sentry.io/projects/pings-prod/) |
+| Domain | [pings.sourcegraph.com](https://pings.sourcegraph.com) |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| GCP project read access | [Read-only Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -52,10 +53,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Pings Service prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=pings-prod-2f4f73edf1db) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=pings-prod-2f4f73edf1db) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=pings-prod-2f4f73edf1db) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=pings-prod-2f4f73edf1db) |
+| Service errors | [Sentry `pings-prod`](https://sourcegraph.sentry.io/projects/pings-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/managed-services/releaseregistry.md b/content/departments/engineering/managed-services/releaseregistry.md
index f3d52a95f2f3..8be65099210e 100644
--- a/content/departments/engineering/managed-services/releaseregistry.md
+++ b/content/departments/engineering/managed-services/releaseregistry.md
@@ -3,49 +3,50 @@
This document describes operational guidance for Release Registry infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
## Service overview
-| PROPERTY | DETAILS |
-| ------------ | -------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`releaseregistry`](https://github.com/sourcegraph/managed-services/blob/main/services/releaseregistry/service.yaml) |
-| Owners | **dev-experience** |
-| Service kind | Cloud Run service |
-| Environments | [prod](#prod), [dev](#dev) |
-| Docker image | `us.gcr.io/sourcegraph-dev/releaseregistry` |
-| Source code | [`github.com/sourcegraph/releaseregistry` - `.`](https://github.com/sourcegraph/releaseregistry/tree/HEAD/.) |
+| PROPERTY | DETAILS |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
+| Service ID | `releaseregistry` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/releaseregistry/service.yaml)) |
+| Owners | **dev-experience** |
+| Service kind | Cloud Run service |
+| Environments | [prod](#prod), [dev](#dev) |
+| Docker image | `us.gcr.io/sourcegraph-dev/releaseregistry` |
+| Source code | [`github.com/sourcegraph/releaseregistry` - `.`](https://github.com/sourcegraph/releaseregistry/tree/HEAD/.) |
## Environments
### prod
-| PROPERTY | DETAILS |
-| -------------- | -------------------------------------------------------------------------------------------------------- |
-| Project ID | [`releaseregistry-prod-5421`](https://console.cloud.google.com/run?project=releaseregistry-prod-5421) |
-| Category | **test** |
-| Resources | [prod PostgreSQL instance](#prod-postgresql-instance) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=releaseregistry-prod-5421) |
-| Sentry | [`releaseregistry-prod`](https://sourcegraph.sentry.io/projects/releaseregistry-prod/) |
-| Domain | [releaseregistry.sourcegraph.com](https://releaseregistry.sourcegraph.com) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | -------------------------------------------------------------------------------------------------------- |
+| Project ID | [`releaseregistry-prod-5421`](https://console.cloud.google.com/run?project=releaseregistry-prod-5421) |
+| Category | **test** |
+| Resources | [prod PostgreSQL instance](#prod-postgresql-instance) |
+| Slack notifications | [#alerts-releaseregistry-prod](https://sourcegraph.slack.com/archives/alerts-releaseregistry-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=releaseregistry-prod-5421) |
+| Errors | [Sentry `releaseregistry-prod`](https://sourcegraph.sentry.io/projects/releaseregistry-prod/) |
+| Domain | [releaseregistry.sourcegraph.com](https://releaseregistry.sourcegraph.com) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -53,10 +54,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Release Registry prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=releaseregistry-prod-5421) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=releaseregistry-prod-5421) |
+| PROPERTY | DETAILS |
+| -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=releaseregistry-prod-5421) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=releaseregistry-prod-5421) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=releaseregistry-prod-5421) |
+| Service errors | [Sentry `releaseregistry-prod`](https://sourcegraph.sentry.io/projects/releaseregistry-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -71,6 +74,9 @@ sg msp logs releaseregistry prod
| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=releaseregistry-prod-5421) |
| Databases | `releaseregistry` |
+> [!NOTE]
+> The [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
```bash
@@ -108,22 +114,23 @@ sg msp tfc view releaseregistry prod
### dev
-| PROPERTY | DETAILS |
-| -------------- | ------------------------------------------------------------------------------------------------------- |
-| Project ID | [`releaseregistry-dev-6bac`](https://console.cloud.google.com/run?project=releaseregistry-dev-6bac) |
-| Category | **test** |
-| Resources | [dev PostgreSQL instance](#dev-postgresql-instance) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=releaseregistry-dev-6bac) |
-| Sentry | [`releaseregistry-dev`](https://sourcegraph.sentry.io/projects/releaseregistry-dev/) |
-| Domain | [releaseregistry.sgdev.org](https://releaseregistry.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | ------------------------------------------------------------------------------------------------------- |
+| Project ID | [`releaseregistry-dev-6bac`](https://console.cloud.google.com/run?project=releaseregistry-dev-6bac) |
+| Category | **test** |
+| Resources | [dev PostgreSQL instance](#dev-postgresql-instance) |
+| Slack notifications | [#alerts-releaseregistry-dev](https://sourcegraph.slack.com/archives/alerts-releaseregistry-dev) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=releaseregistry-dev-6bac) |
+| Errors | [Sentry `releaseregistry-dev`](https://sourcegraph.sentry.io/projects/releaseregistry-dev/) |
+| Domain | [releaseregistry.sgdev.org](https://releaseregistry.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
@@ -131,10 +138,12 @@ For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
The Release Registry dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=releaseregistry-dev-6bac) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=releaseregistry-dev-6bac) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=releaseregistry-dev-6bac) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=releaseregistry-dev-6bac) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=releaseregistry-dev-6bac) |
+| Service errors | [Sentry `releaseregistry-dev`](https://sourcegraph.sentry.io/projects/releaseregistry-dev/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -149,6 +158,9 @@ sg msp logs releaseregistry dev
| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=releaseregistry-dev-6bac) |
| Databases | `releaseregistry` |
+> [!NOTE]
+> The [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
```bash
diff --git a/content/departments/engineering/managed-services/sams.md b/content/departments/engineering/managed-services/sams.md
index bdfcd62ac0e6..8281609f0098 100644
--- a/content/departments/engineering/managed-services/sams.md
+++ b/content/departments/engineering/managed-services/sams.md
@@ -1,62 +1,65 @@
-# Sourcegraph Accounts infrastructure operations
+# Self-Serve Cody infrastructure operations
-This document describes operational guidance for Sourcegraph Accounts infrastructure.
+This document describes operational guidance for Self-Serve Cody infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
## Service overview
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Service ID | [`sams`](https://github.com/sourcegraph/managed-services/blob/main/services/sams/service.yaml) |
-| Owners | **core-services** |
-| Service kind | Cloud Run service |
-| Environments | [dev](#dev), [prod](#prod) |
-| Docker image | `us-central1-docker.pkg.dev/sourcegraph-dev/sams/accounts-server` |
-| Source code | [`github.com/sourcegraph/accounts.sourcegraph.com` - `cmd/accounts-server`](https://github.com/sourcegraph/accounts.sourcegraph.com/tree/HEAD/cmd/accounts-server) |
+| PROPERTY | DETAILS |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Service ID | `sams` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/sams/service.yaml)) |
+| Owners | **cody-plg** |
+| Service kind | Cloud Run service |
+| Environments | [dev](#dev), [prod](#prod) |
+| Docker image | `us-central1-docker.pkg.dev/sourcegraph-dev/sams/accounts-server` |
+| Source code | [`github.com/sourcegraph/self-serve-cody` - `cmd/accounts-server`](https://github.com/sourcegraph/self-serve-cody/tree/HEAD/cmd/accounts-server) |
## Environments
### dev
-| PROPERTY | DETAILS |
-| -------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| Project ID | [`sams-dev-bfec`](https://console.cloud.google.com/run?project=sams-dev-bfec) |
-| Category | **test** |
-| Resources | [dev Redis](#dev-redis), [dev PostgreSQL instance](#dev-postgresql-instance), [dev BigQuery dataset](#dev-bigquery-dataset) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=sams-dev-bfec) |
-| Sentry | [`sams-dev`](https://sourcegraph.sentry.io/projects/sams-dev/) |
-| Domain | [accounts.sgdev.org](https://accounts.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`sams-dev-bfec`](https://console.cloud.google.com/run?project=sams-dev-bfec) |
+| Category | **test** |
+| Resources | [dev Redis](#dev-redis), [dev PostgreSQL instance](#dev-postgresql-instance), [dev BigQuery dataset](#dev-bigquery-dataset) |
+| Slack notifications | [#alerts-sams-dev](https://sourcegraph.slack.com/archives/alerts-sams-dev) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=sams-dev-bfec) |
+| Errors | [Sentry `sams-dev`](https://sourcegraph.sentry.io/projects/sams-dev/) |
+| Domain | [cody.sgdev.org](https://cody.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
#### dev Cloud Run
-The Sourcegraph Accounts dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
+The Self-Serve Cody dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sams-dev-bfec) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sams-dev-bfec) |
+| PROPERTY | DETAILS |
+| -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sams-dev-bfec) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sams-dev-bfec) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=sams-dev-bfec) |
+| Service errors | [Sentry `sams-dev`](https://sourcegraph.sentry.io/projects/sams-dev/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -77,6 +80,9 @@ sg msp logs sams dev
| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=sams-dev-bfec) |
| Databases | `accounts`, `cody_management` |
+> [!NOTE]
+> The [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
```bash
@@ -122,33 +128,36 @@ sg msp tfc view sams dev
### prod
-| PROPERTY | DETAILS |
-| -------------- | --------------------------------------------------------------------------------------------------------------------------------- |
-| Project ID | [`sams-prod-ywuz`](https://console.cloud.google.com/run?project=sams-prod-ywuz) |
-| Category | **external** |
-| Resources | [prod Redis](#prod-redis), [prod PostgreSQL instance](#prod-postgresql-instance), [prod BigQuery dataset](#prod-bigquery-dataset) |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=sams-prod-ywuz) |
-| Sentry | [`sams-prod`](https://sourcegraph.sentry.io/projects/sams-prod/) |
-| Domain | [accounts.sourcegraph.com](https://accounts.sourcegraph.com) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`sams-prod-ywuz`](https://console.cloud.google.com/run?project=sams-prod-ywuz) |
+| Category | **external** |
+| Resources | [prod Redis](#prod-redis), [prod PostgreSQL instance](#prod-postgresql-instance), [prod BigQuery dataset](#prod-bigquery-dataset) |
+| Slack notifications | [#alerts-sams-prod](https://sourcegraph.slack.com/archives/alerts-sams-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=sams-prod-ywuz) |
+| Errors | [Sentry `sams-prod`](https://sourcegraph.sentry.io/projects/sams-prod/) |
+| Domain | [cody.sourcegraph.com](https://cody.sourcegraph.com) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| GCP project read access | [Read-only Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
#### prod Cloud Run
-The Sourcegraph Accounts prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
+The Self-Serve Cody prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sams-prod-ywuz) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sams-prod-ywuz) |
+| PROPERTY | DETAILS |
+| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sams-prod-ywuz) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sams-prod-ywuz) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=sams-prod-ywuz) |
+| Service errors | [Sentry `sams-prod`](https://sourcegraph.sentry.io/projects/sams-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -169,6 +178,9 @@ sg msp logs sams prod
| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=sams-prod-ywuz) |
| Databases | `accounts`, `cody_management` |
+> [!NOTE]
+> The [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
```bash
diff --git a/content/departments/engineering/managed-services/sourcegraph-accounts.md b/content/departments/engineering/managed-services/sourcegraph-accounts.md
new file mode 100644
index 000000000000..60846dfb068e
--- /dev/null
+++ b/content/departments/engineering/managed-services/sourcegraph-accounts.md
@@ -0,0 +1,225 @@
+# Sourcegraph Accounts infrastructure operations
+
+
+
+This document describes operational guidance for Sourcegraph Accounts infrastructure.
+This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
+
+> [!IMPORTANT]
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
+
+If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
+
+## Service overview
+
+| PROPERTY | DETAILS |
+| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Service ID | `sourcegraph-accounts` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/service.yaml)) |
+| Owners | **core-services** |
+| Service kind | Cloud Run service |
+| Environments | [dev](#dev), [prod](#prod) |
+| Docker image | `us-central1-docker.pkg.dev/sourcegraph-dev/sourcegraph-accounts/accounts-server` |
+| Source code | [`github.com/sourcegraph/sourcegraph-accounts` - `cmd/accounts-server`](https://github.com/sourcegraph/sourcegraph-accounts/tree/HEAD/cmd/accounts-server) |
+
+## Environments
+
+### dev
+
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`sourcegraph-accounts-dev-csvc`](https://console.cloud.google.com/run?project=sourcegraph-accounts-dev-csvc) |
+| Category | **test** |
+| Resources | [dev Redis](#dev-redis), [dev PostgreSQL instance](#dev-postgresql-instance), [dev BigQuery dataset](#dev-bigquery-dataset) |
+| Slack notifications | [#alerts-sourcegraph-accounts-dev](https://sourcegraph.slack.com/archives/alerts-sourcegraph-accounts-dev) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=sourcegraph-accounts-dev-csvc) |
+| Errors | [Sentry `sourcegraph-accounts-dev`](https://sourcegraph.sentry.io/projects/sourcegraph-accounts-dev/) |
+| Domain | [accounts.sgdev.org](https://accounts.sgdev.org) |
+| Cloudflare WAF | ✅ |
+
+MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
+
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+
+For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
+
+#### dev Cloud Run
+
+The Sourcegraph Accounts dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
+
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sourcegraph-accounts-dev-csvc) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sourcegraph-accounts-dev-csvc) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=sourcegraph-accounts-dev-csvc) |
+| Service errors | [Sentry `sourcegraph-accounts-dev`](https://sourcegraph.sentry.io/projects/sourcegraph-accounts-dev/) |
+
+You can also use `sg msp` to quickly open a link to your service logs:
+
+```bash
+sg msp logs sourcegraph-accounts dev
+```
+
+#### dev Redis
+
+| PROPERTY | DETAILS |
+| -------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Memorystore Redis instances](https://console.cloud.google.com/memorystore/redis/instances?project=sourcegraph-accounts-dev-csvc) |
+
+#### dev PostgreSQL instance
+
+| PROPERTY | DETAILS |
+| --------- | ----------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=sourcegraph-accounts-dev-csvc) |
+| Databases | `accounts` |
+
+> [!NOTE]
+> The [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
+To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
+
+```bash
+# For read-only access
+sg msp pg connect sourcegraph-accounts dev
+
+# For write access - use with caution!
+sg msp pg connect -write-access sourcegraph-accounts dev
+```
+
+#### dev BigQuery dataset
+
+| PROPERTY | DETAILS |
+| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Dataset Project | `sourcegraph-accounts-dev-csvc` |
+| Dataset ID | `sourcegraph_accounts` |
+| Tables | [`user_emails`](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/user_emails.bigquerytable.json), [`events`](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/events.bigquerytable.json) |
+
+#### dev Terraform Cloud
+
+This service's configuration is defined in [`sourcegraph/managed-services/services/sourcegraph-accounts/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/service.yaml), and `sg msp generate sourcegraph-accounts dev` generates the required infrastructure configuration for this environment in Terraform.
+Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration.
+You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc).
+
+> [!NOTE]
+> If you are looking for service logs, see the [dev Cloud Run](#dev-cloud-run) section instead. In general:
+>
+> - check service logs ([dev Cloud Run](#dev-cloud-run)) if your service has gone down or is misbehaving
+> - check TFC workspaces for infrastructure provisioning or configuration issues
+
+To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19).
+The "Managed Services Platform Operator" team has access to all MSP TFC workspaces.
+
+> [!WARNING]
+> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**.
+> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation.
+
+The Terraform Cloud workspaces for this service environment are [grouped under the `msp-sourcegraph-accounts-dev` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-sourcegraph-accounts-dev), or you can use:
+
+```bash
+sg msp tfc view sourcegraph-accounts dev
+```
+
+### prod
+
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`sourcegraph-accounts-prod-csvc`](https://console.cloud.google.com/run?project=sourcegraph-accounts-prod-csvc) |
+| Category | **external** |
+| Resources | [prod Redis](#prod-redis), [prod PostgreSQL instance](#prod-postgresql-instance), [prod BigQuery dataset](#prod-bigquery-dataset) |
+| Slack notifications | [#alerts-sourcegraph-accounts-prod](https://sourcegraph.slack.com/archives/alerts-sourcegraph-accounts-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=sourcegraph-accounts-prod-csvc) |
+| Errors | [Sentry `sourcegraph-accounts-prod`](https://sourcegraph.sentry.io/projects/sourcegraph-accounts-prod/) |
+| Domain | [accounts.sourcegraph.com](https://accounts.sourcegraph.com) |
+| Cloudflare WAF | ✅ |
+
+MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
+
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| GCP project read access | [Read-only Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+
+For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
+
+#### prod Cloud Run
+
+The Sourcegraph Accounts prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
+
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=sourcegraph-accounts-prod-csvc) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=sourcegraph-accounts-prod-csvc) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=sourcegraph-accounts-prod-csvc) |
+| Service errors | [Sentry `sourcegraph-accounts-prod`](https://sourcegraph.sentry.io/projects/sourcegraph-accounts-prod/) |
+
+You can also use `sg msp` to quickly open a link to your service logs:
+
+```bash
+sg msp logs sourcegraph-accounts prod
+```
+
+#### prod Redis
+
+| PROPERTY | DETAILS |
+| -------- | ---------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Memorystore Redis instances](https://console.cloud.google.com/memorystore/redis/instances?project=sourcegraph-accounts-prod-csvc) |
+
+#### prod PostgreSQL instance
+
+| PROPERTY | DETAILS |
+| --------- | ------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud SQL instances](https://console.cloud.google.com/sql/instances?project=sourcegraph-accounts-prod-csvc) |
+| Databases | `accounts` |
+
+> [!NOTE]
+> The [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) is required for BOTH read-only and write access to the database.
+
+To connect to the PostgreSQL instance in this environment, use `sg msp` in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository:
+
+```bash
+# For read-only access
+sg msp pg connect sourcegraph-accounts prod
+
+# For write access - use with caution!
+sg msp pg connect -write-access sourcegraph-accounts prod
+```
+
+#### prod BigQuery dataset
+
+| PROPERTY | DETAILS |
+| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Dataset Project | `sourcegraph-accounts-prod-csvc` |
+| Dataset ID | `sourcegraph_accounts` |
+| Tables | [`user_emails`](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/user_emails.bigquerytable.json), [`events`](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/events.bigquerytable.json) |
+
+#### prod Terraform Cloud
+
+This service's configuration is defined in [`sourcegraph/managed-services/services/sourcegraph-accounts/service.yaml`](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/service.yaml), and `sg msp generate sourcegraph-accounts prod` generates the required infrastructure configuration for this environment in Terraform.
+Terraform Cloud (TFC) workspaces specific to each service then provisions the required infrastructure from this configuration.
+You may want to check your service environment's TFC workspaces if a Terraform apply fails (reported via GitHub commit status checks in the [`sourcegraph/managed-services`](https://github.com/sourcegraph/managed-services) repository, or in #alerts-msp-tfc).
+
+> [!NOTE]
+> If you are looking for service logs, see the [prod Cloud Run](#prod-cloud-run) section instead. In general:
+>
+> - check service logs ([prod Cloud Run](#prod-cloud-run)) if your service has gone down or is misbehaving
+> - check TFC workspaces for infrastructure provisioning or configuration issues
+
+To access this environment's Terraform Cloud workspaces, you will need to [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) and then [request Entitle access to membership in the "Managed Services Platform Operator" TFC team](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjM2MDAiLCJqdXN0aWZpY2F0aW9uIjoiSlVTVElGSUNBVElPTiBIRVJFIiwicm9sZUlkcyI6W3siaWQiOiJiMzg3MzJjYy04OTUyLTQ2Y2QtYmIxZS1lZjI2ODUwNzIyNmIiLCJ0aHJvdWdoIjoiYjM4NzMyY2MtODk1Mi00NmNkLWJiMWUtZWYyNjg1MDcyMjZiIiwidHlwZSI6InJvbGUifV19).
+The "Managed Services Platform Operator" team has access to all MSP TFC workspaces.
+
+> [!WARNING]
+> You **must [log in to Terraform Cloud](https://app.terraform.io/app/sourcegraph) before making your Entitle request**.
+> If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation.
+
+The Terraform Cloud workspaces for this service environment are [grouped under the `msp-sourcegraph-accounts-prod` tag](https://app.terraform.io/app/sourcegraph/workspaces?tag=msp-sourcegraph-accounts-prod), or you can use:
+
+```bash
+sg msp tfc view sourcegraph-accounts prod
+```
diff --git a/content/departments/engineering/managed-services/support-integration.md b/content/departments/engineering/managed-services/support-integration.md
index 6d092f5d5dbe..42666a143df6 100644
--- a/content/departments/engineering/managed-services/support-integration.md
+++ b/content/departments/engineering/managed-services/support-integration.md
@@ -3,49 +3,50 @@
This document describes operational guidance for Support Integration infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
## Service overview
-| PROPERTY | DETAILS |
-| ------------ | ---------------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`support-integration`](https://github.com/sourcegraph/managed-services/blob/main/services/support-integration/service.yaml) |
-| Owners | **Customer Support** |
-| Service kind | Cloud Run service |
-| Environments | [prod](#prod) |
-| Docker image | `index.docker.io/sourcegraph/support-integration` |
-| Source code | [`github.com/sourcegraph/support-integration` - `.`](https://github.com/sourcegraph/support-integration/tree/HEAD/.) |
+| PROPERTY | DETAILS |
+| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| Service ID | `support-integration` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/support-integration/service.yaml)) |
+| Owners | **Customer Support** |
+| Service kind | Cloud Run service |
+| Environments | [prod](#prod) |
+| Docker image | `index.docker.io/sourcegraph/support-integration` |
+| Source code | [`github.com/sourcegraph/support-integration` - `.`](https://github.com/sourcegraph/support-integration/tree/HEAD/.) |
## Environments
### prod
-| PROPERTY | DETAILS |
-| -------------- | ------------------------------------------------------------------------------------------------------------- |
-| Project ID | [`support-integration-prod-549b`](https://console.cloud.google.com/run?project=support-integration-prod-549b) |
-| Category | **internal** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=support-integration-prod-549b) |
-| Sentry | [`support-integration-prod`](https://sourcegraph.sentry.io/projects/support-integration-prod/) |
-| Domain | [support-integration.sgdev.org](https://support-integration.sgdev.org) |
-| Cloudflare WAF | ✅ |
+| PROPERTY | DETAILS |
+| ------------------- | ------------------------------------------------------------------------------------------------------------- |
+| Project ID | [`support-integration-prod-549b`](https://console.cloud.google.com/run?project=support-integration-prod-549b) |
+| Category | **internal** |
+| Resources | |
+| Slack notifications | [#alerts-support-integration-prod](https://sourcegraph.slack.com/archives/alerts-support-integration-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=support-integration-prod-549b) |
+| Errors | [Sentry `support-integration-prod`](https://sourcegraph.sentry.io/projects/support-integration-prod/) |
+| Domain | [support-integration.sgdev.org](https://support-integration.sgdev.org) |
+| Cloudflare WAF | ✅ |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiNzg0M2MxYWYtYzU2MS00ZDMyLWE3ZTAtYjZkNjY0NDM4MzAzIiwidGhyb3VnaCI6Ijc4NDNjMWFmLWM1NjEtNGQzMi1hN2UwLWI2ZDY2NDQzODMwMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Internal Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZTEyYTJkZDktYzY1ZC00YzM0LTlmNDgtMzYzNTNkZmY0MDkyIiwidGhyb3VnaCI6ImUxMmEyZGQ5LWM2NWQtNGMzNC05ZjQ4LTM2MzUzZGZmNDA5MiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -53,10 +54,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Support Integration prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=support-integration-prod-549b) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=support-integration-prod-549b) |
+| PROPERTY | DETAILS |
+| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=support-integration-prod-549b) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=support-integration-prod-549b) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=support-integration-prod-549b) |
+| Service errors | [Sentry `support-integration-prod`](https://sourcegraph.sentry.io/projects/support-integration-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/managed-services/telemetry-gateway.md b/content/departments/engineering/managed-services/telemetry-gateway.md
index 48820f0d6af4..2065556b82d3 100644
--- a/content/departments/engineering/managed-services/telemetry-gateway.md
+++ b/content/departments/engineering/managed-services/telemetry-gateway.md
@@ -3,15 +3,15 @@
This document describes operational guidance for Telemetry Gateway infrastructure.
This service is operated on the [Managed Services Platform (MSP)](../teams/core-services/managed-services/platform.md).
> [!IMPORTANT]
-> If this is your first time here, you should follow the [sourcegraph/managed-services README](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to set up the prerequisite tooling.
+> If this is your first time here, you must follow the [sourcegraph/managed-services 'Tooling setup' guide](https://github.com/sourcegraph/managed-services/blob/main/README.md) as well to clone the service definitions repository and set up the prerequisite tooling.
If you need assistance with MSP infrastructure, reach out to the [Core Services](../teams/core-services/index.md) team in #discuss-core-services.
@@ -19,32 +19,63 @@ If you need assistance with MSP infrastructure, reach out to the [Core Services]
| PROPERTY | DETAILS |
| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------- |
-| Service ID | [`telemetry-gateway`](https://github.com/sourcegraph/managed-services/blob/main/services/telemetry-gateway/service.yaml) |
+| Service ID | `telemetry-gateway` ([specification](https://github.com/sourcegraph/managed-services/blob/main/services/telemetry-gateway/service.yaml)) |
| Owners | **core-services** |
| Service kind | Cloud Run service |
| Environments | [dev](#dev), [prod](#prod) |
| Docker image | `index.docker.io/sourcegraph/telemetry-gateway` |
| Source code | [`github.com/sourcegraph/sourcegraph` - `cmd/telemetry-gateway`](https://github.com/sourcegraph/sourcegraph/tree/HEAD/cmd/telemetry-gateway) |
+
+
+The Telemetry Gateway service is the service that ingests [telemetry v2 events](https://sourcegraph.com/doc/dev/background-information/telemetry) from all Sourcegraph instances, as well as other managed services.
+
+- For Sourcegraph instances that prior to 5.2.0, no events are exported to Telemetry Gateway, though legacy mechanisms may exist, e.g. for Cloud instances.
+- As of 5.2.0, [certain flags can be configured](https://docs.sourcegraph.com/dev/background-information/telemetry#enabling-telemetry-export) to export events that have been instrumented with the new APIs to Telemetry Gateway.
+- As of 5.2.1, for existing licenses, export is enabled by default for Cody events only - for new licenses, export is enabled for all events. Some license tags can be configured to disable telemetry export in various degrees - see the original [Telemetry Export rollout plan](https://docs.google.com/document/d/1Z1Yp7G61WYlQ1B4vO5-mIXVtmvzGmD7PqYHNBQV-2Ik/edit).
+
+For discussion around telemetry V2 adoption, please reach out to #wg-v2-telemetry.
+For discussion around the Telemetry Gateway service, please reach out to #discuss-core-services.
+For more information, also see:
+
+- Service API: [`telemetrygateway.proto`](https://github.com/sourcegraph/sourcegraph/blob/main/internal/telemetrygateway/v1/telemetrygateway.proto)
+- [Docs: Admin: Telemetry](https://sourcegraph.com/docs/admin/telemetry#telemetry)
+- [Docs: Dev: Background Information: Telemetry](https://sourcegraph.com/docs/dev/background-information/telemetry)
+- [Docs: Dev: How to set up Telemetry Gateway locally](https://sourcegraph.com/docs/dev/how-to/telemetry_gateway)
+
+### Querying events
+
+Please reach out to #discuss-analytics for assistance in querying the dataset - Telemetry Gateway only handles ingestion and forwarding data to pipelines operated by the Data Analytics team.
+
+### Debugging missing Sourcegraph instance events
+
+1. Check for a license tag on the instance's license that disables events - see the original [Telemetry Export rollout plan](https://docs.google.com/document/d/1Z1Yp7G61WYlQ1B4vO5-mIXVtmvzGmD7PqYHNBQV-2Ik/edit).
+ 1. Note that [`external_url` export](https://github.com/sourcegraph/sourcegraph/pull/59014) was not added until 5.2.6+ - finding events for older instances require searching events by instance ID.
+2. Check for pings, as that mechanism has not changed, and validate that the instance is is on 5.2.1+
+3. If the above don't reveal anything, reach out to #discuss-core-services for further debugging at the Telemetry Gateway level.
+
## Environments
### dev
-| PROPERTY | DETAILS |
-| ---------- | --------------------------------------------------------------------------------------------------------- |
-| Project ID | [`telemetry-gateway-dev-0050`](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) |
-| Category | **test** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-dev-0050) |
-| Sentry | [`telemetry-gateway-dev`](https://sourcegraph.sentry.io/projects/telemetry-gateway-dev/) |
-| Domain | [telemetry-gateway.sgdev.org](https://telemetry-gateway.sgdev.org) |
+| PROPERTY | DETAILS |
+| ------------------- | --------------------------------------------------------------------------------------------------------- |
+| Project ID | [`telemetry-gateway-dev-0050`](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) |
+| Category | **test** |
+| Resources | |
+| Slack notifications | [#alerts-telemetry-gateway-dev](https://sourcegraph.slack.com/archives/alerts-telemetry-gateway-dev) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-dev-0050) |
+| Errors | [Sentry `telemetry-gateway-dev`](https://sourcegraph.sentry.io/projects/telemetry-gateway-dev/) |
+| Domain | [telemetry-gateway.sgdev.org](https://telemetry-gateway.sgdev.org) |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges. Test environments may have less stringent requirements.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| GCP project read access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| GCP project read access | [Read-only Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiZGY3NWJkNWMtYmUxOC00MjhmLWEzNjYtYzlhYTU1MGIwODIzIiwidGhyb3VnaCI6ImRmNzViZDVjLWJlMTgtNDI4Zi1hMzY2LWM5YWE1NTBiMDgyMyIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Engineering Projects' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjIxNjAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYzJkMTUwOGEtMGQ0ZS00MjA1LWFiZWUtOGY1ODg1ZGY3ZDE4IiwidGhyb3VnaCI6ImMyZDE1MDhhLTBkNGUtNDIwNS1hYmVlLThmNTg4NWRmN2QxOCIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
@@ -52,10 +83,12 @@ For Terraform Cloud access, see [dev Terraform Cloud](#dev-terraform-cloud).
The Telemetry Gateway dev service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-dev-0050) |
+| PROPERTY | DETAILS |
+| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-dev-0050) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-dev-0050) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=telemetry-gateway-dev-0050) |
+| Service errors | [Sentry `telemetry-gateway-dev`](https://sourcegraph.sentry.io/projects/telemetry-gateway-dev/) |
You can also use `sg msp` to quickly open a link to your service logs:
@@ -90,21 +123,22 @@ sg msp tfc view telemetry-gateway dev
### prod
-| PROPERTY | DETAILS |
-| ---------- | ---------------------------------------------------------------------------------------------------------- |
-| Project ID | [`telemetry-gateway-prod-acae`](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) |
-| Category | **external** |
-| Resources | |
-| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-prod-acae) |
-| Sentry | [`telemetry-gateway-prod`](https://sourcegraph.sentry.io/projects/telemetry-gateway-prod/) |
-| Domain | [telemetry-gateway.sourcegraph.com](https://telemetry-gateway.sourcegraph.com) |
+| PROPERTY | DETAILS |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- |
+| Project ID | [`telemetry-gateway-prod-acae`](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) |
+| Category | **external** |
+| Resources | |
+| Slack notifications | [#alerts-telemetry-gateway-prod](https://sourcegraph.slack.com/archives/alerts-telemetry-gateway-prod) |
+| Alerts | [GCP monitoring](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-prod-acae) |
+| Errors | [Sentry `telemetry-gateway-prod`](https://sourcegraph.sentry.io/projects/telemetry-gateway-prod/) |
+| Domain | [telemetry-gateway.sourcegraph.com](https://telemetry-gateway.sourcegraph.com) |
MSP infrastructure access needs to be requested using Entitle for time-bound privileges.
-| ACCESS | ENTITLE REQUEST TEMPLATE |
-| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GCP project read access | [Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
-| GCP project write access | [Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| ACCESS | ENTITLE REQUEST TEMPLATE |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| GCP project read access | [Read-only Entitle request for the 'Managed Services ' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiYTQ4OWM2MDktNTBlYy00ODAzLWIzZjItMzYzZGJhMTgwMWJhIiwidGhyb3VnaCI6ImE0ODljNjA5LTUwZWMtNDgwMy1iM2YyLTM2M2RiYTE4MDFiYSIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
+| GCP project write access | [Write access Entitle request for the 'Managed Services' folder](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkVOVEVSIEpVU1RJRklDQVRJT04gSEVSRSIsInJvbGVJZHMiOlt7ImlkIjoiODQzNTYxNzktZjkwMi00MDVlLTlhMTQtNTY3YTY1NmM5MzdmIiwidGhyb3VnaCI6Ijg0MzU2MTc5LWY5MDItNDA1ZS05YTE0LTU2N2E2NTZjOTM3ZiIsInR5cGUiOiJyb2xlIn1dfQ%3D%3D) |
For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
@@ -112,10 +146,12 @@ For Terraform Cloud access, see [prod Terraform Cloud](#prod-terraform-cloud).
The Telemetry Gateway prod service implementation is deployed on [Google Cloud Run](https://cloud.google.com/run).
-| PROPERTY | DETAILS |
-| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) |
-| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-prod-acae) |
+| PROPERTY | DETAILS |
+| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Console | [Cloud Run service](https://console.cloud.google.com/run?project=telemetry-gateway-prod-acae) |
+| Service logs | [GCP logging](https://console.cloud.google.com/logs/query;query=resource.type%20%3D%20%22cloud_run_revision%22%20-logName%3D~%22logs%2Frun.googleapis.com%252Frequests%22;summaryFields=jsonPayload%252FInstrumentationScope,jsonPayload%252FBody,jsonPayload%252FAttributes%252Ferror:false:32:end?project=telemetry-gateway-prod-acae) |
+| Service traces | [Cloud Trace](https://console.cloud.google.com/traces/list?project=telemetry-gateway-prod-acae) |
+| Service errors | [Sentry `telemetry-gateway-prod`](https://sourcegraph.sentry.io/projects/telemetry-gateway-prod/) |
You can also use `sg msp` to quickly open a link to your service logs:
diff --git a/content/departments/engineering/product-planning.md b/content/departments/engineering/product-planning.md
index 4042a55bf9ff..b1cca99f9113 100644
--- a/content/departments/engineering/product-planning.md
+++ b/content/departments/engineering/product-planning.md
@@ -4,92 +4,200 @@
## Product-Focused Planning
-Each planning cycle (currently quarterly), the overall goals come from the exec
-team to make sure we're driving towards the destination we've set for ourselves
-as a company in our strategy and roadmap.
+Our product planning and execution strategy is designed to align with the
+company's strategic objectives, marketing goals, and feedback from our
+customers. Planning is continuous with quarterly check-ins.
-It's the product teams – engineering and product together – that have the
+It’s the EPD teams – product, engineering, and design together – that have the
expertise, context and pride of ownership to be best suited to propose the
-highest impact work that fits those goals. And they're the team that can do
-the correct [eng scoping](#engineer-scoping).
-
-Per-team planning reviews are where we come together to ensure we're happy with
-where we're headed at each planning cycle. TPMs will pull together reviews for
-each team each planning cycle to include interested members of the exec team,
-the leads of the product team (at least the EPD triad) and other interested
-stakeholders. A planning review will consist of content to cover at least the
-following topics:
-
-- **Retrospective:** How well did we do in accomplishing our goals from last Q?
- What data do you have to support those conclusions?
-- **Status:** How well is the product serving the needs of our customers and the
- business? How well have you hit your metrics targets?
-- **Plans:** What work is being proposed for this planning cycle, how does it meet
- the business goals and how does it serve the needs of our customers? What
- data are you using to drive your planning? Have you done the high-level
- [eng scoping](#engineer-scoping) to give you confidence that your team will be
- able to get the P0 work done in the time?
-- **Success Metrics:** what KPIs and targets have you set to measure the success
- of this work?
-- **Risks/Open Questions/Needs:** What are the biggests risks? What are the
- mitigations? What guidance would you like from the exec team? Do you
- have everything you need to be successful?
-- **Excluded:** What alternatives have you rejected for this Q and why? Will they
- be on the team's roadmap for the future?
-
-The purpose of the planning review is for each product team to present their
-proposed work for that cycle and to hear feedback from the exec team as to whether
-there is agreement about the direction and tasks that the product team's proposals
-or whether adjustments need to be made. At the end of a review, the execs and
-the product team will either be in alignment about the work to do done that cycle
-or another review meeting will be scheduled to follow up until there is alignment.
-
-Note, not every team will have work to do that applies to every goal every
-quarter. Likewise, not every work item is expected to meet a strategic goal.
-
-## Review Effectiveness
-
-Some tips for having an effective review:
-
-- **Make sure the priorities for your work is clear** -- what's Must Have (P0),
- Want To Have (P1) and Nice To Have (P2)? What could get cut?
-- **Make sure the customer (internal and/or external) impact is clear** -- if
- we do this work, what's going to be the value to the customer?
-- **Make sure the business impact is clear** -- if we do this work, how does that
- help us achieve our strategic goals?
-- In addition to ensuring that the EPD team is aligned before heading into the
- review, **try to get as much alignment with execs ahead of time as possible.**
-
-I've noticed that the teams the follow this tips have a smoother review process.
-
-## Engineer Scoping
-
-For any launch, we have a finite amount of time and a finite number of engineers.
-Before the PFP review, EPD should have done a high level assessment to ensure a
-high level of confidence in the P0 items in the work plan.
-
-After the team's plan has been approved, EPD's detailed planning should include
-an "eng scoping" exercise, i.e.
-
-1. What is the eng effort associated with each of the P0 and P1 items, e.g. 2
- days or 3 weeks or ...? [Here's an example of one such exercise.](https://docs.google.com/spreadsheets/d/1adlwcMWHIpDGioBkE9LUdLMHxprtxhh_WSZqxu6Iyxs/edit#gid=0)
-1. Given the priorities and the eng effort required for each item, where do we
- draw the line of what we can accomplish for our launch? Ideally it includes all
- of the P0s. If it doesn't, we have to mitigate.
-1. Mitigate the implications of the where the line between what we need (P0s),
- what we want (P1s) and our actual eng effort. Can we get all of the P0s in?
- If not, then what do we do? Continue cutting scope? Slip the release?
-
-The eng scoping work is the difference between eyeballing a list of requirements
-and hoping we can get them all done and actually having some confidence that
-we can accomplish what we want. And if we can't, we want to know that ASAP so
-we can cut scope for our release.
-
-## Priorities
-
-To make sure we're talking about the same thing as we assign priorities to the
-items in our plans, we've adopted the following convention:
-
-- P0: Committed
-- P1: Stretch
-- P2: Uncommitted
+highest impact work that fits those goals. And they’re the team that can do the
+correct eng scoping.
+
+### Planning Process
+
+Planning is continuous, guided by the [company's strategic
+objectives](https://docs.google.com/document/d/1Ju2SwpRCcIAC65kCu60QM8rnsn8YDTmkNAKO5xkl0ZY/edit#heading=h.ev1rhjc47atd),
+[product
+strategy](https://docs.google.com/document/d/1VxVbjskzTB4m9mvm3w5xtmFRDTxj1e5N3yEftEH2Nsw/edit#heading=h.mj1qne1whw0t),
+marketing goals, feedback from our customers, especially [GTM-tracked product
+gaps](https://sourcegraph2020.lightning.force.com/lightning/r/Report/00O3t000006WZklEAG/view?reportFilters=%5B%7B%22operator%22%3A%22equals%22%2C%22value%22%3A%22Cody%22%2C%22column%22%3A%22Product_Gap_Submission__c.Product_Category__c%22%7D%5D),
+and internal needs (e.g., scalability, reliability, performance, security).
+
+We expect that the rough distribution of work will be about 50% based on the
+strategic objectives (which drive our marketing launches). The other 50% of the
+work will come bottoms up from customer feedback and internal needs. Across all
+of this work, aim to keep Enterprise focused work at 20% or less as per our
+“feature conveyor belt.”
+
+Work items from these input sources are divided into three categories:
+
+- **Work In Progress (WIP):** Already started. WIP has specified target dates, based on the work's scope and requirements.
+ - By default, WIP should not be interrupted.
+- **Next queue:** A short (max 5) ordered list of planned work without target dates. This work should represent the team’s most important upcoming work, across all categories.
+ - This can be reordered or added to (up to the limit) without notification of stakeholders but no approval needed. Removing items requires approval from stakeholders for that item, Head of Product, and Head of Eng.
+- **Backlog:** An unordered set of work with no associated target or commitment dates.
+
+New work items are triaged into one of these three categories (see the FAQ for details).
+
+Work can have two types of dates:
+
+- **Target dates:** Set only for Work In Progress. Gives stakeholders a rough idea of when the work might be delivered.
+ - Can be changed by the team at will, giving the team flexibility to adjust based on trade-offs between date and scope.
+- **Commitment dates:** Set for work with external-to-EPD commitments. Work can be committed without yet being started.
+ - Changing a commitment date requires approval from the stakeholders involved.
+
+### Quarterly Check-ins
+
+Per-team check-ins are where we come together to ensure we’re aware of progress
+and aligned with direction. The purpose of the planning review is for each team
+to present their progress, a snapshot of their planned work, and get feedback
+from the exec team.
+
+A planning review will consist of content to cover at least the following
+topics:
+
+- Retrospective:
+ - How well did we do in accomplishing our goals since last quarter?
+ - What data supports those conclusions?
+- Status:
+ - How well is the product serving the needs of our customers and the business?
+ - How well have you hit your metrics targets?
+- Plan snapshot:
+ - What are your external commitments? What is the current Work In Progress? What work items are Next?
+ - How does this work meet our business goals and how does it serve the needs of our customers?
+ - What data are you using to drive your planning?
+ - Have you done the high-level eng scoping to give you confidence that your team will be able to get committed work done by the committed date?
+ - Note, not every team will have work that applies to every goal. Likewise, not every work item is expected to meet a strategic goal.
+- Success Metrics:
+ - What KPIs and targets have you set to measure the success of this work?
+- Risks/Open Questions/Needs:
+ - What are the biggests risks? What are the mitigations?
+ - What guidance would you like from the exec team?
+ - Do you have everything you need to be successful?
+- Excluded:
+ - What items in your Backlog are just below the line?
+ - What requests to your team have you decided not to put on your Backlog at all?
+
+TPMs will schedule reviews for each team throughout the quarter to include
+interested members of the exec team, the leads of the product team (at least the
+EPD triad) and other interested stakeholders. At the end of a review, the execs
+and the product team will either be in alignment or the team will address the
+concerns and schedule a follow-up (repeat as needed).
+
+## FAQ
+
+**Q: How do we prioritize work without the planning process?**
+
+A: When prioritizing work (new or backlogged), the team should go through the following process:
+
+- Does this work have an external commitment date? When does the work need to be started to meet that commitment date?
+ - Changing a commitment date or the scope of a commitment requires buy in from the relevant stakeholders.
+- Should this work interrupt Work In Progress?
+ - Default answer is no! Interrupting Work In Progress should occur only for unavoidably urgent work like an incident or a commitment with a date outside of our control.
+- If it shouldn’t interrupt Work In Progress, should it go in the Next queue? If so, where?
+ - If the Next queue gets longer than 5 items, the team will have to remove work items to ensure that the team is focused on a small set of top priorities. When items are removed from the Next queue, stakeholders should be informed.
+- If it’s not Next, add it to the Backlog (or close as won’t fix).
+
+**Q: Where does new work come from?**
+
+Strategic goals and product roadmap
+
+- The product roadmap evolves based on customer needs, the competitive landscape, and customer feedback. The Product team owns the [product roadmap](https://docs.google.com/document/d/1XehlyVYzyUP7jClMJB7NV-RyKyI4X14zkQ2N8Us4Q48/edit#heading=h.3yu1a6dm5wpq), and PMs are responsible for working roadmap updates into team plans.
+
+Marketing goals
+
+- Marketing moments should deliver a cohesive and impactful set of features that support the marketing narrative. When Marketing wants to plan a marketing moment, they will coordinate with Product to adjust the [product roadmap](https://docs.google.com/document/d/1XehlyVYzyUP7jClMJB7NV-RyKyI4X14zkQ2N8Us4Q48/edit#heading=h.3yu1a6dm5wpq) 3-6 months before the planned event. They will specify a commitment date that provides sufficient lead time for Marketing to integrate the completed work into their narrative.
+
+Customer Feedback and GTM Requests
+
+- Product Managers are responsible for aggregating customer feedback across different channels and working it into the [product roadmap](https://docs.google.com/document/d/1XehlyVYzyUP7jClMJB7NV-RyKyI4X14zkQ2N8Us4Q48/edit#heading=h.3yu1a6dm5wpq) and team plans (small customer feedback items do not need to be in the roadmap). (This will be aided by ongoing investments to make Salesforce Product Gaps more self-serve.)
+
+Internal needs
+
+- Engineering, Product, and Design teammates will have items that need to be addressed to meet foundational goals such as scalability, reliability, performance, and security. This includes ongoing maintenance, architectural improvements, and polishing of existing features.
+
+**Q: What prevents teams from letting scope creep and never shipping?**
+
+A: Teams will need to give quarterly updates on their progress at the check-ins.
+This is one mechanism for incentivizing teams to break work into smaller,
+shippable chunks.
+
+We’ll also need teams to incorporate the idea of [stepping
+stones](https://medium.com/@jamesacowling/stepping-stones-not-milestones-e6be0073563f)
+into their planning process: how do we break large projects into smaller, more
+manageable chunks that are “shippable and stoppable”. That is, pieces that can
+be shipped independently and which also add value such that even if the larger
+project were to stop, the project still delivered value.
+
+**Q: If planning is rolling, how do we know we’re working on the most important things?**
+
+A: The Product Managers own the Next queue for each team and are responsible for
+making sure that it’s aligned with the [company’s strategic
+objectives](https://docs.google.com/document/d/1Ju2SwpRCcIAC65kCu60QM8rnsn8YDTmkNAKO5xkl0ZY/edit#heading=h.ev1rhjc47atd)
+and [product
+strategy](https://docs.google.com/document/d/1VxVbjskzTB4m9mvm3w5xtmFRDTxj1e5N3yEftEH2Nsw/edit#heading=h.mj1ķne1whw0t).
+If the PMs are concerned that a team does not have enough high impact work (or
+too much!), they are responsible for working with leadership and EMs to figure
+out how to better align the team with our strategic goals.
+
+**Q: What is the source of truth for plans? How do we keep leadership informed and aligned?**
+
+For high level checks, the quarterly check-ins will inform and align.
+
+The [product
+roadmap](https://docs.google.com/document/d/1XehlyVYzyUP7jClMJB7NV-RyKyI4X14zkQ2N8Us4Q48/edit#heading=h.3yu1a6dm5wpq)
+is the source of truth of teams’ work (although it doesn’t include internally
+focused team work or smaller customer feedback work items). Over time, the TPM
+team will develop processes so that leadership can go to a known location in our
+issue tracker and understand what work is in progress, what’s up next, target
+dates, and commitment dates. (We intentionally do not provide centralized
+visibility into the backlog.)
+
+**Q: When do changes need to be communicated? Do changes need to be approved?**
+
+All changes should be passively communicated through updating the [product
+roadmap](https://docs.google.com/document/d/1XehlyVYzyUP7jClMJB7NV-RyKyI4X14zkQ2N8Us4Q48/edit#heading=h.3yu1a6dm5wpq)
+or, eventually, the issue tracker. Only some changes need to be actively
+communicated to leadership and stakeholders.
+
+For WIP:
+
+- Dropped work: Must be communicated and approved
+- Updated target date, has commitment date: Must be communicated and approved
+- Updated target date, no commitment date:
+ - If the target was within the next month, must be communicated.
+ - If the target was further out, update, with active communication as needed
+- Newly started work: Update, with active communication as needed.
+
+For Next queue work:
+
+- Dropped work: Must be communicated and approved
+- Added work: Update, with active communication as needed
+- Order changed: Update, with active communication as needed
+
+Beyond this, any work that is at risk, even if it doesn’t trigger any changes,
+should be communicated to at least
+[#epd-planning](https://sourcegraph.slack.com/archives/C04SCUER62C) or in a PFP
+sync.
+
+**Q: When does eng scoping happen?**
+
+When work becomes WIP, before setting a target date, EPD should do a high level
+assessment to ensure a high level of confidence in the target date. As work
+progresses, teams should continue to refine target dates.
+
+Eng scoping is the difference between eyeballing a list of requirements and
+hoping we can get them all done and having confidence that we can accomplish
+what we want. And if we can’t, we want to know that ASAP so we can break it into
+smaller [stepping
+stones](https://medium.com/@jamesacowling/stepping-stones-not-milestones-e6be0073563f),
+adjust dates, or cut scope.
+
+**Q: What are tips for effective quarterly check-ins?**
+
+A: Some tips for having an effective review:
+
+- Make sure the priorities for your work are clear – what’s Must Have (P0), Want To Have (P1) and Nice To Have (P2)? What could get cut?
+- Make sure the customer (internal and/or external) impact is clear – if we do this work, what’s the value to the customer?
+- Make sure the business impact is clear: how does this work help us achieve our strategic goals?
+- In addition to ensuring that the EPD team is aligned before heading into the review, try to get as much alignment with execs ahead of time as possible.
diff --git a/content/departments/engineering/teams/core-services/managed-services/pings.md b/content/departments/engineering/teams/core-services/managed-services/pings.md
index f32a833542b8..953c161c0d79 100644
--- a/content/departments/engineering/teams/core-services/managed-services/pings.md
+++ b/content/departments/engineering/teams/core-services/managed-services/pings.md
@@ -21,21 +21,12 @@ For local development, please refer to its [README](https://github.com/sourcegra
> [!NOTE]
> To get access to most resources, you’ll need to [request infrastructure access](#infrastructure-access).
-
-Here is a list of useful quick links:
-
-- [Terraform Cloud workspaces](https://app.terraform.io/app/sourcegraph/workspaces?project=prj-7gzvzKCGcKupiA4s)
-- [Cloud Run service (metrics overview)](https://console.cloud.google.com/run/detail/us-central1/pings/metrics?project=pings-prod-2f4f73edf1db)
-- [Service logs](https://cloudlogging.app.goo.gl/JMmBSAbEceh6onpj8)
-- [GCP alerts](https://console.cloud.google.com/monitoring/alerting?project=pings-prod-2f4f73edf1db)
-- [GCP errors](https://console.cloud.google.com/errors?project=pings-prod-2f4f73edf1db)
-- [GCP Cloud Profiler](https://console.cloud.google.com/profiler/pings?project=pings-prod-2f4f73edf1db)
+>
+> Refer to [Pings infrastructure (go/msp-ops/pings)](../../../managed-services/pings.md) for our new MSP-generated guidance.
### Infrastructure access
-The following Entitle requests are needed to get access to Pings service infrastructure:
-
-- [GCP Project - MSP Service Editor](https://app.entitle.io/request?targetType=resource&duration=43200&justification=TODO&integrationId=134476cb-0bd6-4c6d-a89f-e1550988bdd7&resourceId=d94da8c3-76eb-451a-9cbb-973ac3bc44b1&roleId=8b60a711-976c-4e56-9f8b-cb2c989faca4&grantMethodId=8b60a711-976c-4e56-9f8b-cb2c989faca4)
+Refer to [Pings infrastructure (go/msp-ops/pings)](../../../managed-services/pings.md) for Entitle requests that are needed to get access to Pings service infrastructure:
### Deployment
diff --git a/content/departments/engineering/teams/core-services/managed-services/telemetry-gateway.md b/content/departments/engineering/teams/core-services/managed-services/telemetry-gateway.md
index 7a7b7c5b1b5d..88cf43c2ae16 100644
--- a/content/departments/engineering/teams/core-services/managed-services/telemetry-gateway.md
+++ b/content/departments/engineering/teams/core-services/managed-services/telemetry-gateway.md
@@ -1,83 +1,3 @@
# Telemetry Gateway
-The Telemetry Gateway service is the service that ingests [telemetry v2 events](https://docs.sourcegraph.com/dev/background-information/telemetry) from all Sourcegraph instances, and is available at `telemetry-gateway.sourcegraph.com`.
-
-- As of 5.2.0, [certain flags can be configured](https://docs.sourcegraph.com/dev/background-information/telemetry#enabling-telemetry-export) to export events that have been instrumented with the new APIs to Telemetry Gateway.
-- For Sourcegraph instances that prior to 5.2.0, no events are exported.
- A [custom mechanism did exist for exporting events specifically from Cloud instances](https://docs.sourcegraph.com/dev/background-information/data-usage-pipeline) based on individual service agreements with customers - the new telemetry events will supersede this mechanism.
-
-> NOTE: There is now a generated operations reference for the MSP-based Telemetry Gateway service in [Telemetry Gateway infrastructure](../../../managed-services/telemetry-gateway.md), generated by `sg msp operations` - as the generated docs improve, some content from this page will be migrated away.
-
-## Service images
-
-Source code for Telemetry Gateway service is in [sourcegraph/sourcegraph/cmd/telemetry-gateway](https://github.com/sourcegraph/sourcegraph/tree/main/cmd/telemetry-gateway).
-The image gets built the same way as any other Sourcegraph service, i.e. with `insiders`, the standard `main`-branch and `main-dry-run` tags.
-
-## Local development
-
-For local development, please refer to its [How to set up Telemetry Gateway locally](https://docs.sourcegraph.com/dev/how-to/telemetry_gateway).
-
-## Operations
-
-> [!NOTE]
-> To get access to most resources, you’ll need to [request infrastructure access](#infrastructure-access).
-
-Here is a list of useful quick links:
-
-- Prod instance: `telemetry-gateway.sourcegraph.com` - currently only accepts real Sourcegraph licenses.
- - [Terraform Cloud workspaces](https://app.terraform.io/app/sourcegraph/workspaces?project=prj-9XNnACvkeM1VWteC)
- - [Cloud Run service (metrics overview)](https://console.cloud.google.com/run/detail/us-central1/telemetry-gateway/metrics?project=telemetry-gateway-prod-acae)
- - [Service logs](https://cloudlogging.app.goo.gl/kficDmGcZdMJHPQL9)
- - [GCP alerts](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-prod-acae)
- - [GCP errors](https://console.cloud.google.com/errors?project=telemetry-gateway-prod-acae)
-- Dev instance: `telemetry-gateway.sgdev.org` - currently only accepts `dev-private` licenses.
- - [Terraform Cloud workspaces](https://app.terraform.io/app/sourcegraph/workspaces?project=prj-nxL7Ti7x8xp6oZTU)
- - [Cloud Run service (metrics overview)](https://console.cloud.google.com/run/detail/us-central1/telemetry-gateway/metrics?project=telemetry-gateway-dev-0050)
- - [Service logs](https://cloudlogging.app.goo.gl/4oVGWGz1FQKVt5vm9)
- - [GCP alerts](https://console.cloud.google.com/monitoring/alerting?project=telemetry-gateway-dev-0050)
- - [GCP errors](https://console.cloud.google.com/errors?project=telemetry-gateway-dev-0050)
-
-### Infrastructure access
-
-The following Entitle requests are needed to get access to Telemetry Gateway service infrastructure:
-
-- [GCP Project - MSP Service Editor](https://app.entitle.io/request?targetType=resource&duration=43200&justification=TODO&integrationId=134476cb-0bd6-4c6d-a89f-e1550988bdd7&resourceId=271c1799-6172-4099-8fe1-b186ac05aa06&roleId=b1bc8eac-3893-4847-a4a0-16dadb068bf2&grantMethodId=b1bc8eac-3893-4847-a4a0-16dadb068bf2)
-
-All engineers should have access to the dev project by default.
-
-### Deployment
-
-The Telemetry Gateway service infrastructure is defined in [`sourcegraph/managed-services/services/telemetry-gateway`](https://github.com/sourcegraph/managed-services/tree/main/services/telemetry-gateway) utilizing [Managed Services Platform](./platform.md).
-
-#### Modify deployment manifest
-
-> [!WARNING]
-> Due to the early-stage shape of Managed Services Platforms, we have yet to roll out standardized playbook. Please reach out to #team-core-services for modifying the deployment manifest. Instructions in this section are generally assumed with an upfront setup.
-
-To modify the deployment manifest:
-
-1. Update `service.yaml` file
-1. Anywhere in the repository, run `sg msp generate telemetry-gateway prod`
-1. Stage changes and make a pull request
-1. The Terraform Cloud rolls out changes
-
-#### Use a different image tag
-
-To specify a Docker image tag other than the default, update the `service.yaml`:
-
-```diff
- - id: prod
- ...
- deploy:
- type: manual
-+ manual:
-+ tag: 218287_2023-05-10_5.0-5bd03cd18e71
-```
-
-### Observability
-
-> [!NOTE] More stuff coming soon on this front
-
-#### Metrics
-
-The deployment's [Cloud Run metrics overview page](https://console.cloud.google.com/run/detail/us-central1/telemetry-gateway/metrics?project=telemetry-gateway-prod-acae) provides basic observability into the service provided out-of-the-box by Cloud Run, such as instance count and resource utilization.
+Please refer to the [Telemetry Gateway infrastructure (go/msp-ops/telemetry-gateway)](../../../managed-services/telemetry-gateway.md) page.
diff --git a/content/departments/engineering/teams/core-services/sams/index.md b/content/departments/engineering/teams/core-services/sams/index.md
index 5e34104c527e..e50728f8bcba 100644
--- a/content/departments/engineering/teams/core-services/sams/index.md
+++ b/content/departments/engineering/teams/core-services/sams/index.md
@@ -30,57 +30,34 @@ Here is a list of security measures that are notable to systems integrating with
## Service images
-Images are published to a private image repository, [`us-central1-docker.pkg.dev/sourcegraph-dev/sams/accounts-server`](https://console.cloud.google.com/artifacts/docker/sourcegraph-dev/us-central1/sams/accounts-server?project=sourcegraph-dev), on every commit in `main` using the `insiders` tag. To pull down the published images locally, you need to [request access via Entitle](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IlB1bGwgZG93biBkZXYgaW1hZ2VzIiwicm9sZUlkcyI6W3siaWQiOiJhM2ZmNTQ1ZC0zZGVmLTQxY2ItYjJiNy1lMTM2MDM5Y2YwZGYiLCJ0aHJvdWdoIjoiYTNmZjU0NWQtM2RlZi00MWNiLWIyYjctZTEzNjAzOWNmMGRmIiwidHlwZSI6InJvbGUifV19).
+Images are published to a private image repository, [`us-central1-docker.pkg.dev/sourcegraph-dev/sourcegraph-accounts/accounts-server`](https://console.cloud.google.com/artifacts/docker/sourcegraph-dev/us-central1/sourcegraph-accounts/accounts-server?project=sourcegraph-dev), on every commit in `main` using the `insiders` tag. To pull down the published images locally, you need to [request access via Entitle](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IlB1bGwgZG93biBkZXYgaW1hZ2VzIiwicm9sZUlkcyI6W3siaWQiOiJhM2ZmNTQ1ZC0zZGVmLTQxY2ItYjJiNy1lMTM2MDM5Y2YwZGYiLCJ0aHJvdWdoIjoiYTNmZjU0NWQtM2RlZi00MWNiLWIyYjctZTEzNjAzOWNmMGRmIiwidHlwZSI6InJvbGUifV19).
-Publishing resources are [provisioned in `sourcegraph/infrastructure`](https://github.com/sourcegraph/infrastructure/tree/main/managed-services/sams-publishing-pipeline).
+Publishing resources are [provisioned in `sourcegraph/infrastructure`](https://github.com/sourcegraph/infrastructure/tree/main/managed-services/sourcegraph-accounts-publishing-pipeline).
## Operations
> [!NOTE]
-> To get access to most resources, you’ll need to [request infrastructure access](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjQzMjAwIiwianVzdGlmaWNhdGlvbiI6IlRPRE8iLCJyb2xlSWRzIjpbeyJpZCI6IjBiZGZlOTlmLWZlMjYtNDdlMC04NTk2LWYzODUyNTVhOGQ0MSIsInRocm91Z2giOiIwYmRmZTk5Zi1mZTI2LTQ3ZTAtODU5Ni1mMzg1MjU1YThkNDEiLCJ0eXBlIjoicm9sZSJ9XX0%3D).
-
-Here is a list of useful quick links:
-
-- Production instance (https://accounts.sourcegraph.com)
- - [Terraform Cloud workspaces](https://app.terraform.io/app/sourcegraph/workspaces?project=prj-qWcQcoN16iA6rMfe)
- - [Cloud Run (metrics overview)](https://console.cloud.google.com/run/detail/us-central1/sams-prod-us-central1/metrics?project=sams-prod-ywuz)
- - [Cloud SQL (system insights)](https://console.cloud.google.com/sql/instances/postgresql-e03b/system-insights?project=sams-prod-ywuz)
- - [Memorystore (monitoring)](https://console.cloud.google.com/memorystore/redis/locations/us-central1/instances/redis/details/monitoring?project=sams-prod-ywuz)
- - [GCP alerts](https://console.cloud.google.com/monitoring/alerting?project=sams-prod-ywuz)
- - [GCP errors](https://console.cloud.google.com/errors;service=;version=?project=sams-prod-ywuz)
-- Testing instance (https://accounts.sgdev.org)
- - [Terraform Cloud workspaces](https://app.terraform.io/app/sourcegraph/workspaces?project=prj-XWBtUm77JJRXddoZ)
- - [Cloud Run (metrics overview)](https://console.cloud.google.com/run/detail/us-central1/sams-dev-us-central1/metrics?project=sams-dev-bfec)
- - [Cloud SQL (system insights)](https://console.cloud.google.com/sql/instances/postgresql-e03b/system-insights?project=sams-dev-bfec)
- - [Memorystore (monitoring)](https://console.cloud.google.com/memorystore/redis/locations/us-central1/instances/redis/details/monitoring?project=sams-dev-bfec)
- - [GCP alerts](https://console.cloud.google.com/monitoring/alerting?project=sams-dev-bfec)
- - [GCP errors](https://console.cloud.google.com/errors;service=;version=?project=sams-dev-bfec)
-
-For standard infrastructure operations, see [Sourcegraph Accounts infrastructure operations](../../../managed-services/sams.md).
+> To get access to most resources, you’ll need to [request infrastructure access](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjQzMjAwIiwianVzdGlmaWNhdGlvbiI6IlRPRE8iLCJyb2xlSWRzIjpbeyJpZCI6ImRlMjdlNzIzLTVmMzMtNDg3My1hNzA1LWM3MzBkOGQxMjFiYyIsInRocm91Z2giOiJkZTI3ZTcyMy01ZjMzLTQ4NzMtYTcwNS1jNzMwZDhkMTIxYmMiLCJ0eXBlIjoicm9sZSJ9XX0%3D).
-For common service operations, see [Sourcegraph Accounts operators cheat sheet](https://github.com/sourcegraph/accounts.sourcegraph.com/wiki/Operators-Cheat-Sheet).
-
-### Infrastructure access
-
-The following Entitle requests are needed to get access to SAMS service infrastructure:
+For standard infrastructure operations, see [Sourcegraph Accounts infrastructure operations](../../../managed-services/sourcegraph-accounts.md).
-- [GCP Project - MSP Service Editor](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IlRPRE8iLCJyb2xlSWRzIjpbeyJpZCI6IjBiZGZlOTlmLWZlMjYtNDdlMC04NTk2LWYzODUyNTVhOGQ0MSIsInRocm91Z2giOiIwYmRmZTk5Zi1mZTI2LTQ3ZTAtODU5Ni1mMzg1MjU1YThkNDEiLCJ0eXBlIjoicm9sZSJ9XX0%3D)
+For common service operations, see [Sourcegraph Accounts operators cheat sheet](https://github.com/sourcegraph/accounts.sourcegraph.com/wiki/Operators-Cheat-Sheet).
### Deployments
-The SAMS service infrastructure is defined in [`sourcegraph/managed-services/services/sams`](https://github.com/sourcegraph/managed-services/tree/main/services/sams) utilizing [Managed Services Platform](../managed-services/platform.md).
+The SAMS service infrastructure is defined in [`sourcegraph/managed-services/services/sourcegraph-accounts`](https://github.com/sourcegraph/managed-services/tree/main/services/sourcegraph-accounts) utilizing [Managed Services Platform](../managed-services/platform.md).
#### Update deployment secrets
-- For production instance (https://accounts.sourcegraph.com), all secrets are stored in an isolated [GCP project `sams-prod-ywuz-secrets`](https://console.cloud.google.com/home/dashboard?project=sams-prod-ywuz-secrets).
- 1. Make an [Entitle request](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IkFkZCBzZWNyZXRzIiwicm9sZUlkcyI6W3siaWQiOiJjMDAwYTk5Ny0xZDJkLTRkNTktOGZhZi00MjU0MzRhYWE4YTAiLCJ0aHJvdWdoIjoiYzAwMGE5OTctMWQyZC00ZDU5LThmYWYtNDI1NDM0YWFhOGEwIiwidHlwZSI6InJvbGUifV19) to grant access to the project.
- 1. Add/update the secrets in the [GSM](https://console.cloud.google.com/security/secret-manager?project=sams-prod-ywuz-secrets).
- 1. Make a pull request to add/update the secrets references under the `id: prod > secretEnv` section in the [`service.yaml` file](https://github.com/sourcegraph/managed-services/blob/main/services/sams/service.yaml).
+- For production instance (https://accounts.sourcegraph.com), all secrets are stored in the same GCP project `sourcegraph-accounts-prod-csvc`.
+ 1. Make an [Entitle request](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjQzMjAwIiwianVzdGlmaWNhdGlvbiI6IlRPRE8iLCJyb2xlSWRzIjpbeyJpZCI6ImRlMjdlNzIzLTVmMzMtNDg3My1hNzA1LWM3MzBkOGQxMjFiYyIsInRocm91Z2giOiJkZTI3ZTcyMy01ZjMzLTQ4NzMtYTcwNS1jNzMwZDhkMTIxYmMiLCJ0eXBlIjoicm9sZSJ9XX0%3D) to grant access to the project.
+ 1. Add/update the secrets in the [GSM](https://console.cloud.google.com/security/secret-manager?project=sourcegraph-accounts-prod-csvc).
+ 1. Make a pull request to add/update the secrets references under the `id: prod > secretEnv` section in the [`service.yaml` file](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/service.yaml).
1. Once the pull request is merged, roll out a new deployment to pick up the changes to the secrets.
-- For testing instance (https://accounts.sgdev.org), all secrets are stored in a shared [GCP project `sourcegraph-dev`](https://console.cloud.google.com/home/dashboard?project=sourcegraph-dev).
+- For testing instance (https://accounts.sgdev.org), all secrets are stored in a shared GCP project `sourcegraph-dev`.
1. Make an [Entitle request](https://app.entitle.io/request?data=eyJkdXJhdGlvbiI6IjEwODAwIiwianVzdGlmaWNhdGlvbiI6IlVwZGF0ZSBTQU1TIHNlY3JldHMiLCJyb2xlSWRzIjpbeyJpZCI6IjAzOGYwNjQ4LTllNWYtNDAyMC1hOGNiLTE0NWJmNzQzZjQ2YiIsInRocm91Z2giOiIwMzhmMDY0OC05ZTVmLTQwMjAtYThjYi0xNDViZjc0M2Y0NmIiLCJ0eXBlIjoicm9sZSJ9XX0%3D) to grant access to the project.
1. Add/update the secrets in the [GSM](https://console.cloud.google.com/security/secret-manager?project=sourcegraph-dev). Because this is shared project, make sure to prefix all secrets with `SAMS_` to avoid naming collisions.
- 1. Make a pull request to add/update the secrets references under the `id: dev > secretEnv` section in the [`service.yaml` file](https://github.com/sourcegraph/managed-services/blob/main/services/sams/service.yaml).
+ 1. Make a pull request to add/update the secrets references under the `id: dev > secretEnv` section in the [`service.yaml` file](https://github.com/sourcegraph/managed-services/blob/main/services/sourcegraph-accounts/service.yaml).
1. Once the pull request is merged, roll out a new deployment to pick up the changes to the secrets.
#### Modify deployment manifest
@@ -91,30 +68,27 @@ The SAMS service infrastructure is defined in [`sourcegraph/managed-services/ser
To modify the deployment manifest:
1. Update `service.yaml` file
-1. In the repository root, run `sg msp generate sams prod`
+1. In the repository root, run `sg msp generate sourcegraph-accounts prod`
1. Stage changes and make a pull request
1. The Terraform Cloud rolls out changes
#### Re-deploy the same manifest
-Go to the ["Deploy revision" page](https://console.cloud.google.com/run/deploy/us-central1/sams-prod-us-central1?project=sams-prod-ywuz) of the Cloud Run service and click **DEPLOY** (bottom of the page) without changing any configuration. This will also happen whenever a Terraform change happens to the "cloudrun" stack.
+Go to the ["Deploy revision" page](https://console.cloud.google.com/run/deploy/us-central1/sourcegraph-accounts-prod-us-central1?project=sourcegraph-accounts-prod-csvc) of the Cloud Run service and click **DEPLOY** (bottom of the page) without changing any configuration. This will also happen whenever a Terraform change happens to the "cloudrun" stack.
### Observability
-> [!NOTE]
-> To get access to most resources, you’ll need to [request infrastructure access](#infrastructure-access).
-
#### Alerting
Alerts are sent to Sentry and then forwarded to Slack:
-- #alerts-sams-dev for accounts.sgdev.org
-- #alerts-sams-prod for accounts.sourcegraph.com
+- #alerts-sourcegraph-accounts-dev for accounts.sgdev.org
+- #alerts-sourcegraph-accounts-prod for accounts.sourcegraph.com
#### Metrics
-The deployment's [Cloud Run metrics overview page](https://console.cloud.google.com/run/detail/us-central1/sams-prod-us-central1/metrics?project=sams-prod-ywuz) provides basic observability into the service provided out-of-the-box by Cloud Run, such as instance count and resource utilization.
+The deployment's [Cloud Run metrics overview page](https://console.cloud.google.com/run/detail/us-central1/sourcegraph-accounts-prod-us-central1/metrics?project=sourcegraph-accounts-prod-csvc) provides basic observability into the service provided out-of-the-box by Cloud Run, such as instance count and resource utilization.
## Development
-The source code and CI are located in the [sourcegraph/sams](https://github.com/sourcegraph/sams) GitHub repository.
+The source code and CI are located in the [sourcegraph/sourcegraph-accounts](https://github.com/sourcegraph/sourcegraph-accounts) GitHub repository.
diff --git a/content/departments/finance/index.md b/content/departments/finance/index.md
index f28bcc8fc77e..646f31c39b74 100644
--- a/content/departments/finance/index.md
+++ b/content/departments/finance/index.md
@@ -61,6 +61,8 @@ A fiscal year is a one-year period that corporations like Sourcegraph use for ac
[GTM Operations Review](Gtmopsreview.md)
+[Multi-sku ARR recognition methodology](multi-sku-arr.md)
+
## FY25 Budget
The FY25 Budget was communicated, and approved, by the Board, at January 28, 2024. You can see the details of the plan [Here](https://docs.google.com/presentation/d/1XhiwfiF5cKH3wFYH8XPkwO-V3ys01ScZBwTnlkWFczI/edit#slide=id.g241b8d53608_0_648).
diff --git a/content/departments/finance/multi-sku-arr.md b/content/departments/finance/multi-sku-arr.md
new file mode 100644
index 000000000000..3f286a5bef55
--- /dev/null
+++ b/content/departments/finance/multi-sku-arr.md
@@ -0,0 +1,59 @@
+## Multi-SKU ARR Recognition
+
+In line with the Company's Cody + Search strategy, Finance believes it is important to introduce a multi-SKU ARR recognition guidance. Multi-SKU ARR recognition provides more granular insights into product performance, aids in customer segmentation, supports revenue optimization, and boosts investor confidence. By documenting and following this guidance, the company ensures accurate financial reporting, effective decision-making, and sustainable growth in the competitive market landscape.
+
+Currently, we are categorizing enterprise ARR into four buckets:
+
+- Professional Services ARR
+- Platform or Recurring Fee ARR
+- Software ARR
+- Code Search ARR
+- Cody ARR
+
+Note: If we change methodologies, we will do so only in SFDC or a system of record. The ARR tracker does not scale for multi-product ARR recognition.
+
+### Professional Services ARR Recognition
+
+When calculating ARR recognition by SKU, we will apply discounting for software + services purchases according to the following rules:
+
+- Discounts are first applied against all one-time/non-recurring revenue. E.g., implementation fees.
+- Discounts are then applied proportionally against all included SKUs based on list prices.
+ - Example: the customer was buying $100k (list price) of software and $50k (list price) of recurring services, but they were only paying $135k (i.e., they got a 10% discount), then we would record it and report it as $90k of software ARR and $45k of services ARR — 10% off of each product at list price.
+
+Note: Professional services must have their own line item(s) to get ARR recognition. If professional services are clearly outlined in terms of SKU name(s), quantity and price, the value should be excluded or carved from Search & Cody ARR.
+
+### Platform Fee ARR Recognition
+
+Platform fees or any other ongoing fee charged to the customer will also impact the value of ARR, and will be applied directly to platform fee SKU. If for example the customer was buying $100K of Code Search Enterprise, but we also charged them a $10K Platform Fee, then we would record it and report it as $110K of total software ARR: $10k as Platform Fee ARR and $110k as Code Search Enterprise ARR.
+
+### Software (Code Search & Cody) ARR Recognition
+
+#### Only Code Search OR Cody
+
+Cody-only or Code Search-only deals are perhaps the most straightforward in which 100% of the seat quantity times price is attributable to Cody or Code Search, respectively.
+
+#### Code Intelligence Platform
+
+Code Intelligence platform deals are less straightforward in terms of product ARR allocation, given the standalone list prices for Search ($588) & Cody ($228) added together ($816) are greater than the Code AI list price ($708). Finance’s recommendation is to keep the same percent allocation of the standalone prices added together.
+
+For Code Intelligence Platform:
+
+- Cody ARR percent allocation for each unit at Code Intelligence Platform list price equals $288 / ($228 + $588) = 28%
+- Search ARR percent allocation for each unit at Code Intelligence Platform list price equals $588 / ($228 + $588) = 72%
+
+For Code Intelligence Platform (Cody BYOK):
+
+- Cody ARR percent allocation for each unit at Code Intelligence Platform list price equals $180 / ($180 + $588) = 23%
+- Search ARR percent allocation for each unit at Code Intelligence Platform list price equals $588 / ($228 + $588) = 77%
+
+#### Cody and Search but seats differ
+
+If Search seats & Cody seats differ, then, the Code Intelligence allocation does not apply. 100% of the seat quantity times price is attributable to Cody or Code Search, assuming we have factored in PS (including one-time fees) & platform fees.
+
+Cross-sell deals may not specify Code Intelligence Platform, as the contract is reflecting the purchase of Search or Cody. The recognition will operate as if the contract has Code Intelligence Platform if all products have the same seat count. If the seats differ, then 100% of the seat quantity times price is attributable to Cody or Code Search, assuming we have factored in PS (including one-time fees) & platform fees.
+
+#### Other Software notes
+
+If the product is listed as beta,then we will not recognize product-level ARR even if there is a clearly defined seat quantity and price (annual)
+
+It is likely (especially in the context of repricing) that a deal will have an increase in Cody ARR that corresponds to a reduction in Search ARR. However, this may have a net zero effect in overall contract churn.
diff --git a/content/departments/marketing/process/index.md b/content/departments/marketing/process/index.md
index b114de2b00e4..7d0d82e372b0 100644
--- a/content/departments/marketing/process/index.md
+++ b/content/departments/marketing/process/index.md
@@ -1,5 +1,6 @@
# Marketing Processes
+- [Sourcegraph Documentation](product_documentation.md)
- [Adding screenshots and recordings](adding_screenshots_screen_recording.md)
- [Messaging](messaging.md)
- [Personas](personas.md)
diff --git a/content/departments/marketing/process/product_documentation.md b/content/departments/marketing/process/product_documentation.md
new file mode 100644
index 000000000000..3e798780ad21
--- /dev/null
+++ b/content/departments/marketing/process/product_documentation.md
@@ -0,0 +1,157 @@
+# Product documentation
+
+These guidelines are for contributing documentation to the [sourcegraph repository](https://github.com/sourcegraph/docs).
+
+## Contributing
+
+Whenever a feature is changed, updated, introduced, or deprecated, the pull request introducing these changes must be accompanied by the documentation (either updating existing ones or creating new ones).
+
+The developer who made the code change is also responsible for writing the initial documentation for new features and updating the documentation for changes to existing features. This includes updating [the changelog as well](https://github.com/sourcegraph/docs/blob/main/docs/CHANGELOG.mdx). At the pace Sourcegraph evolves, this is the only way to keep the docs up to date.
+
+For docs PRs, the author should tag `@maedahbatool` from the docs team as an additional reviewer on the pull request.
+
+The [changelog](https://github.com/sourcegraph/docs/blob/main/docs/CHANGELOG.mdx) should also be updated for any changes that impact the user.
+
+It's the responsibility of the Product Manager to ensure all features are shipped with documentation (i.e., that nothing slips through), whether is a small or big change.
+
+## Docs repo local setup
+
+We've recently rearchitectured our docs tech stack — powered by Next.js, TailwindCSS and deployed on Vercel. This guide will walk you through the process of contributing to our documentation using the new tech stack.
+
+### Get started
+
+To get started with this template, clone this repository to your local machine using the following command:
+
+```sh
+git clone https://github.com/sourcegraph/docs.git sourcegraph-docs
+```
+
+Navigate to the project directory by typing the following command in your terminal:
+
+```sh
+cd sourcegraph-docs
+```
+
+Before the dependencies are install make sure your local machine has the following versions of `node` and `pnpm`:
+
+- node: `v20.8.1`
+- pnpm: `8.13.1`
+
+**Note**: If you have `asdf` available you can install the above versions for only this repository by running the following command from your terminal in the root folder:
+
+```sh
+asdf install
+```
+
+Now that the base requirements of the project have been satisfied, we can install the required dependencies to run the development server!
+
+```sh
+pnpm install
+```
+
+Next, run the development server:
+
+```sh
+pnpm run dev
+```
+
+Finally, open [`http://localhost:3000`](http://localhost:3000) in your browser to view the website.
+
+## Writing and contributing to Sourcegraph Docs
+
+To add new or update existing docs content. Create a new branch and checkout by via:
+
+```sh
+git switch -c BRANCH_NAME_HERE
+```
+
+### Folder structure
+
+The folder structure is exactly the same here. All the docs reside within the `/docs` folder. Here you'll find separate folders for every docs section like `cody`, `code_search`, `cli`, etc.
+
+- Navigate to the relevant relevant section for your contribution
+- If you're adding a new page, create a new MDX file (e.g., `my-new-page.mdx`) in the appropriate folder
+
+### Using MDX
+
+We use MDX for our documentation, which allows you to seamlessly integrate JSX (React components) within Markdown. Write your content using standard markdown syntax. For example,
+
+```
+
+# This is heading 1
+
+This is an introductory paragraph.
+
+## This is heading 2
+
+### This is heading 3
+
+These are the details for heading three. And this how you add an image.
+
+
+
+This is how you add a [demo-link](https://sourcegraph.com/)
+
+- This is a bullet 1
+- This is bullet 2
+- This is bullet 3
+```
+
+### Including React Components
+
+The only difference with this new stack is its ability to use React components. We have a set of reusable React components located in the `src/components` directory. These components are designed to enhance the user experience and maintain consistency across our documentation.
+
+For example the cards layout appears by using the `` component that can add `note`, `info`, or `warning` notices in docs.
+
+
+
+You can use this component within your content as follows:
+
+```js
+Cody is currently in Beta for all users.
+```
+
+This snippet creates a single `` titled as "Get Cody". You can add as many cards you want while filling out all the relevant details.
+
+Here are the list of all the supported components we have:
+
+- ``
+- ``
+- ``
+- ``
+
+For a better docs experience we'll continue adding more components in future.
+
+### Adding a link
+
+To add a `link` to any docs page, use the following routing syntax: `[Link text](path-to-link)`.
+
+- Do not include `/docs` in the link paths. The base URL will be `sourcegraph.com/docs`
+- There should be **no file extension** in the path name
+
+For example, if you want to link to the Cody Quickstart somewhere in the Code Search docs, you should use:
+
+```markdown
+- This is a link to [Cody Quickstart](/cody/quickstart) in Code Search docs
+- This is a way to hash-link to [Cody for VSCode installation](/cody/clients/install-vscode#verifying-the-installation) in Code Search docs
+```
+
+### Adding images and binary assets
+
+For large images and other binary assets, upload them to the `sourcegraph-assets` Google Cloud Storage bucket instead with `gsutil cp -a public-read local/path/to/myasset.png gs://sourcegraph-assets/` (and refer to them as `https://sourcegraphstatic.com/myasset.png`). For a more detailed instructions visit [this page](../../../handbook/editing/handbook-images-video.md).
+
+> Note: Make sure to use [ImageOptim.app](https://imageoptim.com/mac) to reduce the size of the images before uploading, since large images degrade page loading speed.
+
+### Previewing changes locally
+
+As you make changes to the documentation, the development server will automatically update. Review your changes by navigating to `http://localhost:3000` in your browser.
+
+### Submitting your Contribution
+
+Once you're satisfied with your changes, follow these steps:
+
+- Commit your changes
+- Create a pull request to the [Sourcegraph documentation repository](https://github.com/sourcegraph/docs).
+- Tag `@maedahbatool` in `#docs` channel through Slack to get a quick review
+
+Thank you for contributing to Sourcegraph documentation! Your efforts help us provide top-notch learning experiences for our users. If you have any questions or need assistance, feel free to reach out.
diff --git a/content/departments/people-talent/index.md b/content/departments/people-talent/index.md
index 1f8d1d59a2e5..098f33177e40 100644
--- a/content/departments/people-talent/index.md
+++ b/content/departments/people-talent/index.md
@@ -244,6 +244,7 @@ In case of emergency, the Head of People & Talent is available 24/7 via their ce
- [The offer summary](talent/process/extending_an_offer.md#offer-summary-call)
- [The offer letter](talent/process/extending_an_offer.md)
- [How to hire a teammate into a new role](../../company-info-and-process/working-at-sourcegraph/switching-teams.md#switching-teams)
+- [Talent acquisition metrics](talent/process/talent_metrics.md)
### Onboarding your new hire
@@ -254,7 +255,7 @@ In case of emergency, the Head of People & Talent is available 24/7 via their ce
- [Managing people](resources-for-managers.md#managing-people)
- [Continuous feedback & coaching](../../company-info-and-process/working-at-sourcegraph/teammate-development/index.md)
- [Guide to an effective 1:1](../../company-info-and-process/working-at-sourcegraph/teammate-development/index.md)
-- [Semi-annual performance review process](people-ops/process/teammate-sentiment/impact-reviews/index.md)
+- [annual performance review process](people-ops/process/teammate-sentiment/impact-reviews/index.md)
- [When can you get a promotion](people-ops/process/teammate-sentiment/impact-reviews/index.md#how-to-get-a-promotion)
- [Department specific career frameworks](../../company-info-and-process/working-at-sourcegraph/career-frameworks.md)
- [Our level guide](../../benefits-pay-perks/pay-expenses/compensation/leveling-guide.md)
diff --git a/content/departments/people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md b/content/departments/people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md
index 48bc8ebfc37a..2994b95fadd0 100644
--- a/content/departments/people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md
+++ b/content/departments/people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md
@@ -4,9 +4,9 @@ _If you have any questions about the Impact Review process, or need help in gene
## Impact Reviews Explained
-We create a high-performance culture at Sourcegraph by providing continuous, actionable, and direct feedback, both informally and formally. While we expect our Managers to provide ongoing feedback with Teammates year-round in 1:1 [meetings and informally](../../../../../../company-info-and-process/working-at-sourcegraph/teammate-development/index.md), we also provide **formal feedback** via our semi-annual “impact review” process, which takes place annually in February and August.
+We create a high-performance culture at Sourcegraph by providing continuous, actionable, and direct feedback, both informally and formally. While we expect our Managers to provide ongoing feedback with Teammates year-round in 1:1 [meetings and informally](../../../../../../company-info-and-process/working-at-sourcegraph/teammate-development/index.md), we also provide **formal feedback** via our annual “impact review” process, which takes place in February.
-The purpose of this handbook page is to outline our **formal semi-annual feedback review process**, known as “impact reviews.” We refer to our semi-annual review process as “impact reviews” because they reveal the _impact that you are making_ here at Sourcegraph.
+The purpose of this handbook page is to outline our **formal annual feedback review process**, known as “impact reviews.” We refer to our annual review process as “impact reviews” because they reveal the _impact that you are making_ here at Sourcegraph.
To read more about how we provide continuous feedback and our performance improvement plan (PIP) process, please see our [Teammate Development page](../../../../../../company-info-and-process/working-at-sourcegraph/teammate-development/index.md).
@@ -28,9 +28,11 @@ Our impact review process follows the 360-degree feedback model, which is a perf
Formal performance reviews take place **once a year** aligning with our promotion and compensation review cycles.
+**1H FY25**
+
- Launches at the end of January (corresponding promotion and/or pay increase goes into effect Feb 1st).
- This review period reviews a teammate's performance between August 1st to January 31st.
-- **Who is eligible:** Must be hired on or before October 1st.
+- **Who is eligible:** To be eligible for an impact review, teammates must be in their role for a full 4 months. Therefore, teammates who started on or after October 1st are not eligible for the FY25 impact review cycle or corresponding merit increase.
### Impact Review Schedule - 1H FY25 review
@@ -84,7 +86,7 @@ Reviews a Teammate receives:
### What we do with impact review feedback
-Results from the semi-annual impact review process support the growth and development of our Teammates in the following ways:
+Results from the annual impact review process support the growth and development of our Teammates in the following ways:
- Helps identify **strengths & accomplishments**, which guides promotion eligibility and corresponding compensation increases.
@@ -333,7 +335,7 @@ Q. **Can reviews be submitted outside of the predetermined Impact Review schedul
Q. **What changed from the prior Impact Review process?**
- We made several changes:
- - **Cadence:** We moved from a rolling cadence, to a annual synchronous review period to reduce the operational burden and improve transparency regarding promotion and merit decisions.
+ - **Cadence:** We moved from a rolling cadence, to an annual synchronous review period to reduce the operational burden and improve transparency regarding promotion and merit decisions.
- **Defined our Talent Assessment framework:** Our new Skills and Values-based assessment framework is designed to enable transparent conversations between Managers and Teammates, ensuring a consistent, fair calibration process!
- **Embedded Career Frameworks:** We updated/are updating ALL Career frameworks for each department. These will be directly in the Lattice via the Grow Feature as well as in the Handbook.
- **Improved Questions**: We reduced the number of required questions - giving Teammates the flexibility to take control of how they communicate feedback, while optional questions guide Teammates to best reflect on the attributes that help them progress in their career.
@@ -395,7 +397,7 @@ Q. **Who should Teammates reach out to with questions about the performance revi
**Answer:** We are moving to annual impact reviews based on teammate feedback that the review process caused added stress and anxiety and diverted focus from impactful work. In response, we introduced mandatory monthly check-ins for managers and optional check-ins for teammates to support continuous performance feedback and moved the formal, merit review cycle to one-time per year.
-**2. What are the benefits of an annual review cycle vs annual?**
+**2. What are the benefits of an annual review cycle vs semi-annual?**
**Answer:**
@@ -405,9 +407,9 @@ Q. **Who should Teammates reach out to with questions about the performance revi
**3. Does this mean I have fewer opportunities to get a pay increase or promotion?**
-**Answer:** Historically, all teammates who have met performance expectations at minimum received a pay increase annually. This will not change and teammates who are exceeding or meeting performance expectations will not go more than 1.5 years without an increase. The only thing that is changing is that teammates who would historically have received an increase or spot bonus due to receiving Superior or Distinguished Performance Ratings will be rewarded annually instead of annually, however, the percentage increase will be adjusted accordingly with our [talent assessment scale](#the-talent-assessment-framework) (new % increases will be announced prior to the next annual cycle in FY26, given that this will be the first review period with a full full-year cadence).
+**Answer:** Historically, all teammates who have met performance expectations at minimum received a pay increase annually. This will not change and teammates who are exceeding or meeting performance expectations will not go more than 1.5 years without an increase. The only thing that is changing is that teammates who would historically have received an increase or spot bonus due to receiving Superior or Distinguished Performance Ratings will be rewarded annually instead of semi-annually, however, the percentage increase will be adjusted accordingly with our [talent assessment scale](#the-talent-assessment-framework) (new % increases will be announced prior to the next annual cycle in FY26, given that this will be the first review period with a full full-year cadence).
-We will continue to evaluate promotions in conjunction with our[ promotion philosophy](#promotion-philosophy) and reward teammates for exemplary performance via spot bonuses and impact awards outside our annual merit cycle.
+We will continue to evaluate promotions in conjunction with our [promotion philosophy](#promotion-philosophy) and reward teammates for exemplary performance via spot bonuses and impact awards outside our annual merit cycle.
**4. Are we still using the same scoring system for annual reviews?**
@@ -417,7 +419,7 @@ We will continue to evaluate promotions in conjunction with our[ promotion philo
**Answer:** Teammates not eligible for the current impact review cycle will not be eligible for their first review until the next annual cycle. We are committed to ensuring that individuals in good standing do not go 1.5 years without a compensation increase which we ensure through our [eligibility criteria](#who-is-eligible-for-a-reviewcompensation-increase).
-## Monthly check-ins will serve as the primary avenue for feedback between impact review cycles, ensuring consistent communication and recognition of contributions. Off-cycle promotions will be formally reviewed annually and off-cycle reviews will be considered if aligned with a business need.
+Monthly check-ins will serve as the primary avenue for feedback between impact review cycles, ensuring consistent communication and recognition of contributions. Off-cycle promotions will be formally reviewed semi-annually and off-cycle reviews will be considered if aligned with a business need.
## RESOURCES FOR MANAGERS
diff --git a/content/departments/people-talent/resources-for-new-hires/new-teammate-setup.md b/content/departments/people-talent/resources-for-new-hires/new-teammate-setup.md
index f7b7ec52a583..570b69889c7e 100644
--- a/content/departments/people-talent/resources-for-new-hires/new-teammate-setup.md
+++ b/content/departments/people-talent/resources-for-new-hires/new-teammate-setup.md
@@ -44,6 +44,14 @@ You can find resources on how to use each of the main tools [here](../../../comp
- Join the Sourcegraph events calendar by copying `sourcegraph.com_9cd67o8p3gs0rtpj73bt326psk@group.calendar.google.com` into your [add calendar field](https://calendar.google.com/calendar/u/0/r/settings/addcalendar?)
+- A good way to get to know your team is to try and schedule a regular 1-on-1 or fika ([https://go/fika](https://go/fika)) with them. To avoid overwhelming yourself with all the scheduling of these meetings you can create an Appointment Schedule. This allows you to specify time slots that work for you and then share a link for your teammates to pick a slot that works best for them. Very similar to Calendly if you've used that before.
+
+
+
+After a meeting is scheduled you can change the interval to a standing invite and give them the ability to modify the event to help with any future rescheduling.
+
+
+
- See the Communication handbook for [more on scheduling meetings](../../../company-info-and-process/communication/index.md#scheduling-meetings-with-google-calendar).
## Slack
diff --git a/content/departments/people-talent/talent/process/recruitment_branding.md b/content/departments/people-talent/talent/process/recruitment_branding.md
index 2a15db6daab6..915fdc14eecb 100644
--- a/content/departments/people-talent/talent/process/recruitment_branding.md
+++ b/content/departments/people-talent/talent/process/recruitment_branding.md
@@ -124,7 +124,8 @@ Please follow these instructions:
- [Console](https://console.dev/profiles/sourcegraph/): We have a company profile on Console that links to our careers page.
- [Tech Ladies](https://www.hiretechladies.com/): All jobs that are publicly listed in our applicant tracking system are automatically pushed to Tech Ladies. Trevor owns this relationship. We can update our posted roles anytime by emailing jobpostings@hiretechladies.com.
- [Diversify Tech](https://www.diversifytech.co/job-board): Trevor Houghton can post open roles here upon request from the Hiring Manager. Each post costs money and will stay up for one month.
-- [TLDR](https://tldr.tech/jobs?filter=%257B%257D): Trevor Houghton manually posts open roles here on a monthly basis
+- [TLDR](https://tldr.tech/jobs?filter=%257B%257D): Trevor Houghton manually posts open roles here on a monthly basis.
+- [Otta](https://app.otta.com/companies/Sourcegraph) Otta automatically posts certain jobs that we have published publicly listed in our applicant tracking system.
- [Job boards we're using for our Internship Program](../internship/index.md#college-job-boards-were-using)
### Other job boards/coding bootcamps we have used in the past:
diff --git a/content/departments/people-talent/talent/process/talent_metrics.md b/content/departments/people-talent/talent/process/talent_metrics.md
index ab2f8ee542aa..cdd40d902499 100644
--- a/content/departments/people-talent/talent/process/talent_metrics.md
+++ b/content/departments/people-talent/talent/process/talent_metrics.md
@@ -1,4 +1,4 @@
-## **Talent Acquisition Metrics**
+# **Talent Acquisition Metrics**
Our Talent Metrics approach is to support our leader's ability to define talent needs, drive decisions using data, and attract & retain the best external and internal talent. We strive to create an amazing candidate to teammate experience, and data drives continuous iteration!
@@ -10,24 +10,24 @@ Our Talent Metrics approach is to support our leader's ability to define talent
**Tools:**
- [TalentWall](https://app.talentwall.io/dashboard/dashboards/7012): Provides key recruiting metrics in real-time to all teammates
-- [Greenhouse Reporting:](https://support.greenhouse.io/hc/en-us/articles/360007315491-Greenhouse-Recruiting-reports-index) We leverage our ATS data and reports for interview calibration, the [Requisition Report](https://docs.google.com/spreadsheets/d/1SyrAInHn12g2W1USfhWvDZSfLe0_VPM3Re_ImgM6nq4/edit#gid=815618435ZtaACJxwjEu4my_xeYuB3a7E/edit#gid=1829575136), and more.
-- [Q3 Open Roles - Tracking Sheet](https://docs.google.com/spreadsheets/d/1n6gtEfvjmSlgQfz_bLajalxstC7jgLT4OtLbXa4K4Gw/edit#gid=174110325): This is an Excel doc showing our quarterly open roles This report ensures we hire the right talent at the right time, allowing our BUs to execute on goals.
+- [Greenhouse Reporting:](https://support.greenhouse.io/hc/en-us/articles/360007315491-Greenhouse-Recruiting-reports-index) We leverage our ATS data and reports for interview calibration, candidate experience feedback, job board performance, and more.
+- [Company-Wide Recruiting Update](https://docs.google.com/spreadsheets/d/1HaLmhYEqopD322_97GR172x4E_pvvEGmwXMiWaCwakY/edit#gid=1156832169): This is an Excel doc showing our current open roles.
-### What we measure:
+## What we measure:
-#### Diversity lifecycle: applications, recruited, interviewed, offers extended & offers accepted
+### Diversity lifecycle: applications, interviewed, offers extended & offers accepted
-- The talent acquisition workflow [metrics](https://app.ashbyhq.com/home/dashboard-99c39b44-6c73-4492-a53c-f1551fe1e188) are specific to candidates who self-identified as coming from an underrepresented group.
-- _Diversity_ refers to the characteristics of the people who make up Sourcegraph and how they identify. Race, gender, age, ethnicity, religion, national origin, disability, and sexual orientation are _some_ examples of how the data might be categorized when looking at Sourcegraph’s diversity.
+- The Talent team uses [Greenhouse's Pipeline by demographic report](https://support.greenhouse.io/hc/en-us/articles/360007254531-Pipeline-by-demographic-report) to track candidate's demographic data.
+- _Diversity_ refers to the characteristics of the people who make up Sourcegraph and how they identify. Race/ethnicity, gender, and veteran status are examples of how the data is categorized when looking at Sourcegraph’s diversity.
-#### Offer acceptance rate
+### Offer acceptance rate
- **Metric definition:** The percentage of offers extended that are accepted
- **Measurement:** Total offers accepted ÷ total offers extended X 100
- **Metric use:** Measure recruiting effectiveness at candidate conversion and determine the strength of our offers for different positions
- **Target:** >90%
-#### Average time to hire (days)
+### Time to hire
- **Metric definition:** The average number of days between the application date and the date the candidate is marked as hired
- **Measurement:** Total time taken to complete the individual component of the hiring process for all requisitions ÷ total number of requisitions
@@ -39,20 +39,45 @@ Our Talent Metrics approach is to support our leader's ability to define talent
-#### Average time to fill (days)
+### Time to fill
- **Metric definition:** Average number of days elapsed between requisition kick-off date and offer acceptance for internal and external hires
- **Measurement:** Total days to fill ÷ total offers accepted
- **Metric use:** Calibrate the timeliness and efficiency of the recruiting process
- **Target:** <45 days
-#### Recruitment source breakdown
+### Time to offer
+
+- **Metric definition:** Average number of days between the date a candidate’s application was created and the date their offer was created (not the date the candidate was moved into offer stage).
+- **Target:** <30 days
+
+### Time to start
+
+- **Metric definition:** Average number of days between when an application was created and the candidates's scheduled start date.
+- **Target:** <60 days
+
+### Time to accept
+
+- **Metric definition:** Average number of days between the date an offer was created and the date a candidate accepted the offer.
+- **Target:** <5 days
+
+### Position vacancy time
+
+- **Metric definition:** Average number of days between the date a job was opened in Greenhouse and the candidates's scheduled start date.
+- **Target:** <95 days
+
+### Hours spent interviewing per hire by department
+
+- **Metric definition:** Hours spent by interviewing team on interviews that occurred during this period divided by the number of offers that were accepted during this period, grouped by department.
+- **Target:** <40 hours
+
+### Recruitment source breakdown
- **Metric definition:** Measure the distribution of external hires by recruitment source, including referral, rehire, agency, etc.
- **Measurement:** Total number of external hires for each source group ÷ external hires X 100
- **Metric use:** Evaluate the effectiveness of sourcing channels to understand their impact on retention and monitor recruitment costs
-#### Recruiter effectiveness
+### Recruiter effectiveness
- **Metric definition:** The volume of recruiter screens required to make a hire.
- **Measurement:** Number of candidates interviewed (interview scheduled or scorecard submitted) in these stages ÷ the number of candidates who received offers. The date filter is by the interview date, or scorecard submitted date if no interview was scheduled.
@@ -66,10 +91,63 @@ Our Talent Metrics approach is to support our leader's ability to define talent
- **Metric use:** Expose gaps in the recruiting process that may cause a loss of quality to the candidates experience. Understand how to improve the recruiting process and itterate on feedback.
- **Target:** Average survey rating >4.0/5
-#### Employment brand strength
+### Employment brand strength
- **Metric definition:** The attractiveness of our organization’s employment value proposition
- **Measurement:** Labor market perceptions of our brand are measured through channel ratings (ie Glassdoor, Blind etc) & Quality/Volume of Internal Applicants
- **Metric use:** Assess the internal/external perception of the employment opportunity and determine the impact of marketing or other external distribution of information about Sourcegraph
-For questions regarding Recruiting Metrics and reports please e-mail Recruiting@sourcegraph.com
+## Department Specific Hiring Data
+
+People managers at Sourcegraph have access to the following hiring metrics broken down by department:
+
+- **Hires:** hires, starts, pending starts, time to hire, time to start, position vacancy time, hires per month, hires by source, hires by source type, hires by hiring manager, applications per hire, HM screen to hire
+- **Offers**: time to fill, time to offer, offers created, offers outstanding, offers declined, offer acceptance rate, time to accept, offers month over month, offers by source, average acceptance rate per month
+- **Interview activity**: Hours spent interviewing by interviewer, hours spent intervieweing by department
+- **Active pipeline**: Candidates by stage
+
+To revise the date range, copy the dashboard as an independent tab under your own account by clicking "copy to my dashboard". Any changes made to the copied dashboard will not be reflected on the original dashboard, and vice versa:
+
+
+
+### Sourcegraph hiring metrics (all departments)
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/105242/DwHd9HJiq4Ot)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105243/VDYeahfQsRiF)
+
+### Engineering hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/101798/v5LL0vpVRrot)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105186/uAr4igKAqG2z)
+
+### Marketing hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/103375/RlavUzP0jlmp)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105188/nY8ZeThQtoWR)
+
+### Operations hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/103373/zqhYSvHXt7UR)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105189/Qwqnk2do3TV0)
+
+### People & Talent hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/103378/idBWUm6lWex2)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105190/zk8Sv5k62Gck)
+
+### Product hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/103374/JnEU2kfU0wnr)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105191/SKCvYN6iBqOL)
+
+### Sales hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/103377/2SRnMP65mNNr)
+- [Year to date](https://app.talentwall.io/shared-dashboard/105192/IFMukSaBHaqV)
+
+### Technical Success hiring metrics
+
+- [Last 6 months](https://app.talentwall.io/shared-dashboard/103376/JcuK9ZfMfXKX)
+- [Year to date](https://app.talentwall.io/shared-dashboard/104808/Ywd9lGhw5AT2)
+
+For questions regarding recruiting metrics and reports please slack #ask-hiring
diff --git a/content/departments/people-talent/talent/process/types_of_interviews.md b/content/departments/people-talent/talent/process/types_of_interviews.md
index bf7b2882cb22..10635bf76a68 100644
--- a/content/departments/people-talent/talent/process/types_of_interviews.md
+++ b/content/departments/people-talent/talent/process/types_of_interviews.md
@@ -860,7 +860,7 @@ A great resource on structure (including some great walkthrough videos) from [Be
- Interviewer(s): Hiring Manager + Account Executive(s)
- Duration: 45-minutes.
- Purpose: during the sales presentation, you will 1) walk the panel through a brief introduction/bio of yourself, 2) deep-dive into an enterprise deal you have led, and 3) present a pipeline generation plan (including 10 top target accounts you would pursue based on your understanding of Sourcegraph's value proposition, your personal relationships, and relevant information about the prospect companies that you believe lead to a high probability of engagement). The goal of this interview is for us to understand: 1) your past experience and skill set (via your intro), 2) whether you can command a sales process (via the deep-dive), and 3) your understanding of our value proposition and approach towards territory development.
-- **Very important:** please use [this template](https://docs.google.com/presentation/d/1Tl5XdoMog8QEzEZFAHVHrOYAfjlOh7tomZKlVdxwGeA/edit#slide=id.g9288fdfdea_0_109) for your presentation and please check out the speaker notes - they have a lot of detail on what we are looking for! If you have any issues accessing the presentation, please email recruiting@sourcegraph.com.
+- **Very important:** please use [this template](https://docs.google.com/presentation/d/1uERGh_qcNiaLhTjln_lserWk6Ep_ewOQO6rkLvpwm-M/edit#slide=id.g9288fdfdea_0_109) for your presentation and please check out the speaker notes - they have a lot of detail on what we are looking for! If you have any issues accessing the presentation, please email recruiting@sourcegraph.com.
#### Enterprise AE team collaboration with Customer Engineering
diff --git a/content/departments/people-talent/talent/tools/guide_to_using_brighthire.md b/content/departments/people-talent/talent/tools/guide_to_using_brighthire.md
index ba5a0a0fb0b0..74b2c4e1567e 100644
--- a/content/departments/people-talent/talent/tools/guide_to_using_brighthire.md
+++ b/content/departments/people-talent/talent/tools/guide_to_using_brighthire.md
@@ -52,7 +52,7 @@ On your Greenhouse scorecard, click the blue "View recording" button on the side
#### Step 6 (leveraging AI for your notes)
-If you'd like to automate filling in your scorecard by leveraging notes that the AI notetaker has created for you, click on the "AI Notes" tab on your BrightHire side panel in the Greenhouse scorecard. Then, simply click the blue “Import All Notes” button. Your AI notes will automatically be uploaded to the questions they pertain to when a match is detected. Any unmatched AI notes will be pasted to the "Key Takeaways" field. Loom instructions for step 6 can be found [here](https://help.brighthire.ai/en/articles/4606106-using-greenhouse-with-brighthire-for-interviewers).
+If you'd like to automate filling in your scorecard by leveraging notes that the AI notetaker has created for you, click on the "AI Notes" tab on your BrightHire side panel in the Greenhouse scorecard. Then, simply click the blue “Import All Notes” button. Your AI notes will automatically be uploaded to the questions they pertain to when a match is detected. Any unmatched AI notes will be pasted to the "Key Takeaways" field. Loom instructions for step 6 can be found [here](https://www.loom.com/share/4069e85eaea4477ead25aa64d1482a64?sid=5a4111eb-6014-4961-87ad-b9bdab808905).
#### Step 7 (complete and submit your Greenhouse scorecard)
diff --git a/content/departments/people-talent/total-rewards.md b/content/departments/people-talent/total-rewards.md
index 5bfebdc434fa..0e321a8bbf95 100644
--- a/content/departments/people-talent/total-rewards.md
+++ b/content/departments/people-talent/total-rewards.md
@@ -1,29 +1,29 @@
-# **Total Rewards** (WIP - internal links coming soon)
+# **Total Rewards**
We want our teammates to be happy, healthy, and productive. In order to best support that, we provide competitive pay, perks, and benefits. In other words, we offer total rewards which is the total calculation of all categories Sourcegraph spends on each teammate outside of software and hardware used to be successful in their role. Below is a breakdown of categories that make up total rewards.
## **What makes up total rewards?**
-- Compensation
+- [Compensation](../../benefits-pay-perks/pay-expenses/compensation/index.md)
- Base
- Variable (where applicable)
- Equity
-- Perks
-- Health Benefits (US based teammates)
+- [Perks](../../benefits-pay-perks/benefits-perks/index.md#perks)
+- [Health Benefits (US based teammates)](../../benefits-pay-perks/benefits-perks/index.md#benefits)
**Total rewards =** annual compensation + annual projected equity value + monetary perks + average annual spend on health benefits
-You can view your total rewards package in your Assemble profile. Follow the directions here.
+You can view your total rewards package in your Assemble profile. Follow the directions [here](../../benefits-pay-perks/pay-expenses/compensation/index.md#pay-transparency).
## **Compensation**
We pay competitively in order to attract the best possible talent to Sourcegraph and reward Teammates for the work that they do. We are committed to keeping compensation competitive, merit-based, and non-discriminatory, to make sure all Teammates have a financial stake in the success of Sourcegraph and that contributions are rewarded.
-To review our full compensation philosophy review our [Compensation & Pay Transparency page.] Additional handbook pages for a deeper look into compensation at Sourcegraph are listed below:
+To review our full compensation philosophy review our [Compensation & Pay Transparency page.](../../benefits-pay-perks/pay-expenses/compensation/index.md) Additional handbook pages for a deeper look into compensation at Sourcegraph are listed below:
-- [Job levels]
-- [Performance reviews]
-- [Role change requests](manager resource)
+- [Job levels](../../benefits-pay-perks/pay-expenses/compensation/leveling-guide.md)
+- [Performance reviews](../people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md)
+- [Role change requests](../people-talent/people-ops/process/compensation-and-leveling/compensation-role-changes.md) - manager resource
### **Components of compensation**
@@ -31,13 +31,13 @@ At Sourcegraph, we aim to hire the best possible talent and want to ensure our T
#### **Base pay:**
-Each [job level] has a corresponding compensation band. Our band entry points are benchmarked to the 75th percentile of US technology company market data, and the top of the band is 15% above the band entry point. We re-set salary bands every six months in alignment with our [Impact Review Process] to ensure our compensation remains up to date and market competitive. This means that every year, our band entry point may go up, down, or stay the same. And if our band goes down, we will never decrease our teammate’s pay.
+Each [job level](../../benefits-pay-perks/pay-expenses/compensation/leveling-guide.md) has a corresponding compensation band. Our band entry points are benchmarked to the 75th percentile of US technology company market data, and the top of the band is 15% above the band entry point. We re-set salary bands every six months in alignment with our [Impact Review Process](../people-talent/people-ops/process/teammate-sentiment/impact-reviews/index.md) to ensure our compensation remains up to date and market competitive. This means that every year, our band entry point may go up, down, or stay the same. And if our band goes down, we will never decrease our teammate’s pay.
If we are given reason to believe that Radford data doesn’t match existing market rates, we may leverage other data sources to verify and/or adjust the band. In addition, the People Team reserves the right to manually adjust any band at any time to benefit the business and our teammates.
#### **Commission:**
-We provide Commission compensation in the form of commissions for roles that are measured by numerical performance. At this point, only certain roles in the Sales and Customer Engineering organizations are eligible for commission.
+We provide [Commission compensation](../finance/process/commissions.md) in the form of commissions for roles that are measured by numerical performance. At this point, only certain roles in the Sales and Customer Engineering organizations are eligible for commission.
## **Equity**
@@ -45,11 +45,11 @@ The second component of total rewards is Equity. We are an early-stage company,
Our equity grants vest over four years. Once you have met your 1-year cliff your vesting shares and their estimated values begin contributing to your annual total rewards equation.
-To learn more about equity at Sourcegraph visit our [equity FAQ] and our Handbook page on [how and when stock option grants are calculated].
+To learn more about equity at Sourcegraph visit our [equity FAQ](../../benefits-pay-perks/pay-expenses/compensation/equity-faq.md) and our Handbook page on [how and when stock option grants are calculated](../../benefits-pay-perks/pay-expenses/compensation/equity-timing.md#sts=Option%20grant%20timing).
## **Perks**
-Sourcegraph feels strongly about investing in their teammates and ensuring they have the tools to be successful in their role. We group perks towards recharging, growing skills, and creating a strong culture of connectedness. Our perks are broken into three categories. Below you will find an overview of each category and our Perks & Benefits overview handbook page provides details for each perk.
+Sourcegraph feels strongly about investing in their teammates and ensuring they have the tools to be successful in their role. We group perks towards recharging, growing skills, and creating a strong culture of connectedness. Our perks are broken into three categories. Below you will find an overview of each category and our [Perks & Benefits overview handbook page](../../benefits-pay-perks/benefits-perks/index.md#perks) provides details for each perk.
### **Monthly perks:** links coming soon
@@ -74,10 +74,10 @@ These perks are provided to all teammates each month to ensure you have the tool
## **Health Benefits (US Teammates)**
-US-based Teammates are eligible for health benefits, which are determined jointly by the People and Finance teams on an annual basis (calendar year). Again, we care about our teammates inside and outside of work, and want to ensure you and your family have healthcare.
+US-based Teammates are eligible for [health benefits](../../benefits-pay-perks/benefits-perks/index.md#benefits), which are determined jointly by the People and Finance teams on an annual basis (calendar year). Again, we care about our teammates inside and outside of work, and want to ensure you and your family have healthcare.
Sourcegraph offers Medical, Dental, and Vision insurance covered at 100% for teammates and their dependents. You can find complete details on our coverage offerings here.
-In addition to standard healthcare, Sourcegraph offers Life insurance and the option to contribute to a 401(k). Please follow the links for full details. You find more details regarding health benefits [here].
+In addition to standard healthcare, Sourcegraph offers Life insurance and the option to contribute to a 401(k). Please follow the links for full details. You find more details regarding health benefits [here](../../benefits-pay-perks/benefits-perks/benefits.md)
## **FAQ**
@@ -96,7 +96,6 @@ Assemble gives you a visual of your total rewards. You will see:
The equation and an example is listed below. The best way to see this impact of total rewards is within Assemble.
Total rewards = Compensation (base + commission) + Equity vesting over the next 12 months + Perks + Benefits
-(Image coming soon)
**How do I get the perks offered by Sourcegraph?**
diff --git a/content/departments/people-talent/wellness.md b/content/departments/people-talent/wellness.md
index be4267e0cb19..52fce0169453 100644
--- a/content/departments/people-talent/wellness.md
+++ b/content/departments/people-talent/wellness.md
@@ -8,34 +8,26 @@ Sourcegraph deeply cares about our teammates' wellness and health. The people te
**What:** A photo challenge will run in Q1 FY25. There will be three challenges that each run for 1 week and have a specific photo category.
-**When:** The challenge begins March 11th.
+**When:** The challenge begins March 18th. People Team will share submission/voting timelines in #announce-people-talent-team
**#1:** Best view (city or nature) 🤩
-
-- Submission window: Mar 18 - 22
-- Voting window: Mar 25 - 28
-- Winner announced: Mar 29
- **#2:** Architecture 🏛️
-- Submission window: Apr 1- 5
-- Voting window: Apr 8 - 11
-- Winner announced: Apr 12
- **#3:** Pets/Animals 🐶 🐱
-- Submission window: Apr 15 - 19
-- Voting window: Apr 22 - 25
-- Winner announced: April 26
+**#2:** Pets/Animals 🐶 🐱
+**#3:** Architecture 🏛️
**Who:** Any Sourcegraph teammate is eligible to participate!
**Winners & Prizes:** There will be 1 winner per challenge and then a grand prize winner!
Best view (city or nature) 🤩
-- 🏅Prize: Any pair of walking shows up to $200 & Amazon gift card $200
+- 🏅Prize: Any pair of walking shoes up to $200 & Amazon gift card $200
Architecture 🏛️
- 🏅Prize: $400 gift card to airline of their choice
Pets/Animals 🐶 🐱
- 🏅Prize: Pet related prize (~$150) & Amazon gift card $250
Grand prize 🏆
- Canon Powershot Sx740 Digital Camera
-- **How:** People Ops will announce each category and details in the @annouce-people-talent channel.
+
+**How:** People Ops will announce each category and details in the @annouce-people-talent channel.
+
- During each submission window teammate’s can enter 1 photo
- Share your photo in #sourcegram
- In the 🧵tag Kemper Hamilton to ensure it’s counted as a submission
diff --git a/content/departments/sales/index.md b/content/departments/sales/index.md
index 581d8944ffe7..8730ef2c7a16 100644
--- a/content/departments/sales/index.md
+++ b/content/departments/sales/index.md
@@ -2,35 +2,23 @@
The Sales team represents us and our values to customers, bringing back dollars and feedback to help us grow.
-- [Account Tiers](https://docs.google.com/document/d/14420oruJWMLKj67ObZiDzRK5GpHmRWXDjlDbH7L6T00/edit?ts=5f7e4023#heading=h.qdguquy7dt7i)
-- [Pricing](https://about.sourcegraph.com/pricing)
-- [Common questions from prospective customers](tools/common_customer_questions.md)
-- [Sales team onboarding](onboarding/index.md)
- [SDR Team](sdrteam/index.md)
- [Sales strategy & ops team](sales-ops/index.md)
-- [Sales interview process](hiring/index.md)
-- [Recording lead and customer emails, calls, and notes](tools/records.md)
-- [Using Salesforce](tools/salesforce.md)
-- [Sales Resources](tools/salesresources.md)
-- [Engaging with Legal](process/saleslegal.md)
-- [Engaging with Security](process/salessecurity.md)
-- [Process docs](process/index.md)
-- [Deployment methods and products](./sales-enablement/deployment-methods-and-products.md)
-- [Forecasting Overview](forecasting.md)
-- [Tools](tools/index.md)
-- [Territory Assignment Process](https://docs.google.com/document/d/1GU55BRIBRbFmlBo24YfnuuvKCfhlQm5uNRLaSJ9hsbo/edit)
- [Sales Performance Goals](sales-performance-goals.md)
-
-## Goals
-
-Find the Sales FY23 Target Market [here](https://docs.google.com/document/d/1w35Nnmc_yQCbweHdTWLiP8lX_D0onl4OrmWJZaRsl7s/edit).
+- [Market Segmentation](../../strategy-goals/strategy/index.md#market-segmentation)
+- [Tools & Resources](tools/index.md)
+- [Process](process/index.md)
+- [Sales team onboarding](onboarding/index.md)
+- [Sales team hiring](hiring/index.md)
## Members
-Not all team members are reflected here yet. If you see yourself missing, please add yourself!
+> Not all team members are reflected here yet. If you see yourself missing, please add yourself!
{{generator:reporting_structure.vp_sales}}
+{{generator:reporting_structure.sales_ops_strategy}}
+
### Roles
See [roles](roles/index.md) page.
diff --git a/content/departments/sales/forecasting.md b/content/departments/sales/process/forecasting.md
similarity index 100%
rename from content/departments/sales/forecasting.md
rename to content/departments/sales/process/forecasting.md
diff --git a/content/departments/sales/process/index.md b/content/departments/sales/process/index.md
index ed9874a98c80..62d4b2a2ab3c 100644
--- a/content/departments/sales/process/index.md
+++ b/content/departments/sales/process/index.md
@@ -2,3 +2,4 @@
- [Engaging with Legal](saleslegal.md)
- [Engaging with Security](salessecurity.md)
+- [Territory Assignment Process](https://docs.google.com/document/d/1GU55BRIBRbFmlBo24YfnuuvKCfhlQm5uNRLaSJ9hsbo/edit)
diff --git a/content/departments/sales/sdrteam/index.md b/content/departments/sales/sdrteam/index.md
index 479d770c46dd..499b6aa40f75 100644
--- a/content/departments/sales/sdrteam/index.md
+++ b/content/departments/sales/sdrteam/index.md
@@ -4,6 +4,8 @@ The SDR team at Sourcegraph is built to source high quality pipeline for the bro
## Members
+{{generator:reporting_structure.vp_sales}}
+
{{generator:reporting_structure.head_sales_development}}
## Quick Links
diff --git a/content/departments/sales/tools/cloud_instances.md b/content/departments/sales/tools/cloud_instances.md
new file mode 100644
index 000000000000..141cebe78389
--- /dev/null
+++ b/content/departments/sales/tools/cloud_instances.md
@@ -0,0 +1,14 @@
+# Cloud Instances
+
+This page is intended to capture the various creation and maintenance activities required for cloud prospects and customers.
+
+The following links will help you create and maintain licenses and cloud environments for prospects and customers.
+
+- [Creating a License Key](../../technical-success/ce/process/create-new-license.md#creating-a-new-license-key-walkthrough)
+ - [Video Tutorial](https://www.loom.com/share/7162dc61f425484cb380c0c5ea79de10?sid=53a2dd14-af06-4d67-820e-0dfe84574d28)
+- [Create a Cloud Instance](../../cloud/index.md#create-a-cloud-instance---new-request)
+ - [Video Tutorial](https://www.loom.com/share/7ad69c750d9e472e9644c5b91bc58985?sid=cbe0d78d-07e4-4ba1-8d91-78b67fb59a02)
+- [Update a Cloud License Key](../../cloud/index.md#update-license-key-on-a-cloud-instance---new-request)
+ - [Video Tutorial](https://www.loom.com/share/deaadbacc7dd4261a9876d76272a6707)
+- [Teardown a Cloud Instance](../../cloud/index.md#tear-down-a-cloud-instance---new-request)
+ - [Video Tutorial](https://www.loom.com/share/06541c4c569645d3a6891097de6b0c8b?sid=e1eafa86-4c85-4aeb-b186-bbe2f064fffe)
diff --git a/content/departments/sales/tools/index.md b/content/departments/sales/tools/index.md
index 8b3ec6c9d49b..56d399d98124 100644
--- a/content/departments/sales/tools/index.md
+++ b/content/departments/sales/tools/index.md
@@ -5,3 +5,5 @@
- [Salesforce](salesforce.md)
- [Sales Resources](salesresources.md)
- [GCP Marketplace Guidance](GCP_Marketplace_Guidance.md)
+- [Deployment methods and products](../sales-enablement/deployment-methods-and-products.md)
+- [Creating and maintaining cloud instances](cloud_instances.md)
diff --git a/content/departments/security/security-onboarding.md b/content/departments/security/security-onboarding.md
index 1546ce4de1c8..dafb78794836 100644
--- a/content/departments/security/security-onboarding.md
+++ b/content/departments/security/security-onboarding.md
@@ -10,11 +10,13 @@ Below you'll find some steps to get your local development enviroment set up, co
Sourcegraph as a whole uses Slack heavily for daily communication - our team also uses a [journal](https://docs.google.com/document/d/1cUI_M5KO7ksl8V3CAUBj0O1IUL7wZQSmjPlZTIe-sg4/edit) to document work progress each week. Here are some recommended channels to join to make sure you're kept in the loop.
-- **#security** - This is our public channel where other teams can contact us with questions / support requests.
-- **#security-internal** - This is our teams "private" channel (all channels are visible to all) where our team can collaborate with each other asynchronously, share interesting news, ocassional memes, or to just say hello 😄
+- **#discuss-security** - This is our public channel where other teams can contact us with questions / support requests.
+- **#team-security** - This is our teams "private" channel (all channels are visible to all) where our team can collaborate with each other asynchronously, share interesting news, ocassional memes, or to just say hello 😄
- **#security-monitoring** - This is where our automated monitoring alerts are posted.
- **#security-terraform** - Our infrastructure is managed using Terraform, and notifications regarding changes to security-related infrastructure go here.
- **#incidents** - This is where product incidents are posted. A useful channel if you get engaged for an incident and need context.
+- **#security-code-monitoring** - This is where our Code scanning monitoring alerts are posted that includes Semgrep SAST, Dependabot, Hackerone.
+- **#security-infra-observability** - This is where alerts go related to the availability of our security systems. This includes alerts from Google Monitoring and uptime checks.
## GitHub Setup
diff --git a/content/departments/security/security-support-rotation.md b/content/departments/security/security-support-rotation.md
index 5204e2305460..f52160be0fbc 100644
--- a/content/departments/security/security-support-rotation.md
+++ b/content/departments/security/security-support-rotation.md
@@ -32,6 +32,7 @@ Issues should arrive through the following channels, which should be checked at
- #security
- #security-internal
- #security-monitoring
+- #security-code-monitoring
- Slack messages that tag @security-team or @security-support
- GitHub notifications tagging @sourcegraph/security
- HackerOne reports (via email)
diff --git a/content/departments/security/tooling/index.md b/content/departments/security/tooling/index.md
index 5e293fdc8c59..ab87515354b3 100644
--- a/content/departments/security/tooling/index.md
+++ b/content/departments/security/tooling/index.md
@@ -28,7 +28,9 @@ of vulnerability.
- We use [Checkov](./checkov.md) to scan our Terraform infrastructure.
- We use [Trivy](./trivy/index.md) to scan containers for issues with dependencies.
-- We use [SonarCloud](./sonarcloud.md) to scan our code in `sourcegraph/sourcegraph` for vulnerabilities
+- We use [Semgrep OSS](./semgrep.md) to scan our code in `sourcegraph/sourcegraph` and `sourcegraph/cody` for vulnerabilities & bad patterns
+
+Additionally, we have enabled [push protection](./push-protection.md) for all public repositories for secret scanning.
## Entitle
diff --git a/content/departments/security/tooling/push-protection.md b/content/departments/security/tooling/push-protection.md
new file mode 100644
index 000000000000..59db6548e657
--- /dev/null
+++ b/content/departments/security/tooling/push-protection.md
@@ -0,0 +1,55 @@
+# Github Push Protection
+
+We have enabled [Github push protection](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/push-protection-for-repositories-and-organizations) feature on all public repositories for scanning secrets in commits.
+This document helps to unblock sourcegraph engineers when the push protection blocks the git push operation.
+
+## For Sourcegraph Engineers
+
+### How to unblock the push protection (self-serve) ?
+
+Here is a [quick demo](https://www.loom.com/share/bf12643decd94e318cb16914348dfd6b?sid=ee879aee-0577-4852-8f2c-61fabd5316fb) on how to unblock the push protection. Additionally, here is the step by step guide
+
+#### While using Git CLI:
+
+1. Check the Github push error logs for links to unblock the push protection.
+2. The link redirects to Github UI, verify the leaked secret and revoke it if applicable.
+3. Mark the secret appropriately as "Used in Test", "False Positive" or "Fix Later"
+4. Finally click "Finish" or "Allow me to expose secret" to resolve.
+5. Once all secrets are resolved, the push protection should be unblocked automatically.
+6. Kindly retry the `git push` operation again from CLI to push your changes to Github.
+
+**Please note that you'll have to do this for each leaked secret before retrying push.**
+
+#### While using Github UI:
+
+1. The Github popup should appear automatically showing the leaked secret alert
+2. Mark the secret appropriately as "Used in Test", "False Positive" or "Fix Later"
+3. Finally click "Finish" or "Allow me to expose secret" to resolve.
+4. Once all secrets are resolved, the push protection should be unblocked automatically.
+5. Kindly retry pushing your changes again to Github.
+
+**Please note that you'll have to do this for each leaked secret before retrying push.**
+
+## For Security Engineers
+
+### How to resolve the secret alerts posted in security-monitoring channel ?
+
+When a secret leak is detected in the Github push protection, the security team will receive a Github alert in the security-monitoring channel.
+
+1. Click on the alert and verify the leaked secret.
+2. Assess the risk of the secret leak, if required create a security incident to resolve the leak.
+3. After assessing the situation, revoke the secret if applicable. Additionally, discuss with the engineer who committed the secret to understand the impact of the leak.
+4. Based on risk, perform the forensic analysis to understand the leak.
+5. Close the alert from Github UI after verifying the secret-leak incident is resolved.
+
+**Please note that you'll have to do this for each leaked secret**
+
+### How to disable or enable Push Protection for a repository ?
+
+While this is highly discouraged, you can disable and enable the push protection for a repository by following the steps below:
+
+1. Escalate your privilege as `Admin` for Github repository through Entitle.
+2. Navigate to the repository settings page.
+3. Scroll down to the `Code security and analysis` option.
+4. Under `Secret scanning` and disable or enable the `Push protection` option.
+5. Hit `Save` to save the changes.
diff --git a/content/departments/security/tooling/semgrep.md b/content/departments/security/tooling/semgrep.md
new file mode 100644
index 000000000000..5803c583aa04
--- /dev/null
+++ b/content/departments/security/tooling/semgrep.md
@@ -0,0 +1,53 @@
+# Semgrep OSS vulnerability scanning
+
+We use [Semgrep OSS](https://semgrep.dev) as a static analysis tool to analyse the code in the
+`sourcegraph/sourcegraph` and `sourcegraph/cody` repository for security vulnerabilities
+and bad patterns. We have published playbook below seperately to resolve issues, false positives.
+
+- [Developer playbook](https://github.com/sourcegraph/infrastructure/tree/main/security/tooling/sast/playbook)
+- [Security engineer playbook](https://github.com/sourcegraph/infrastructure/blob/main/security/tooling/sast/playbook/security-engineers-playbook.md)
+- [Operational playbook](https://github.com/sourcegraph/infrastructure/blob/main/security/tooling/sast/playbook/operational-playbook.md)
+
+## For Sourcegraph engineers
+
+### For resolving Semgrep SAST alerts
+
+Semgrep [Developer playbook](https://github.com/sourcegraph/infrastructure/tree/main/security/tooling/sast/playbook) is well documented handling any situation that developer faces.
+Any Semgrep issues should be visible to you via the output of the `Semgrep OSS /
+Code Analysis` GitHub check and as Github Comments.
+
+If the offending commit has to be landed as part of resolving an incident,
+
+- Check the [Developer Playbook](https://github.com/sourcegraph/infrastructure/tree/main/security/tooling/sast/playbook) to resolve semgrep alert through source code comments.
+- (or) find an admin for the repository (for whom branch protection rules will not apply) to
+ merge the code in for you.
+
+### For Semgrep SAST Stuck issues
+
+This rarely happens (less than 0.5%), but if it does, please follow the steps below:
+
+- Ensure your branch is up to date with the `main` or default branch. If not please rebase your branch.
+- If the issue is still not resolved, please reach out to the Security team in #discuss-security.
+- (or) find an admin for the repository (for whom branch protection rules will not apply) to
+ merge the code in for you.
+
+If you're not still clear on how to resolve an issue raised by Semgrep, please reach out
+to the Security team in #discuss-security.
+
+## For Security engineers
+
+### Security Engineer Playbook
+
+[Security Engineer playbook](https://github.com/sourcegraph/infrastructure/blob/main/security/tooling/sast/playbook/security-engineers-playbook.md) contains all information including triaging alerts, tweak rules, semgrep errors.
+If you come up with unique issues scenario, please document in the same playbook.
+
+### Operational Playbook
+
+[Operational playbook](https://github.com/sourcegraph/infrastructure/blob/main/security/tooling/sast/playbook/operational-playbook.md) contains all information including architecture, tweaking rules, upgrading
+semgrep versions, stuck issues. If you come up with unique operational issues scenario, please document
+in the same playbook.
+
+## Semgrep SAST Alerts and Metrics
+
+Semgrep SAST alerts are stored in SIEM and can be queried from Elasticsearch (index: github-code-scanning).
+Additionally, SAST metrics dashboard is published under Analytics > Dashboard > Semgrep SAST Scan metrics.
diff --git a/content/departments/security/tooling/sonarcloud.md b/content/departments/security/tooling/sonarcloud.md
deleted file mode 100644
index 19b65a21773f..000000000000
--- a/content/departments/security/tooling/sonarcloud.md
+++ /dev/null
@@ -1,42 +0,0 @@
-# SonarCloud vulnerability scanning
-
-We use [SonarCloud][0] as a static analysis tool to analyse the code in the
-`sourcegraph/sourcegraph` repository for security vulnerabilities.
-
-## For Security engineers
-
-### Changing the SonarCloud configuration
-
-You can login to the SonarCloud website using your GitHub credentials, and should
-then be able to view the SonarCloud configuration.
-
-SonarCloud is configured with a [quality gate][1]. This means that only code that
-SonarCloud determines has a 'Security Grade' of A is considered passing.
-
-`sourcegraph/sourcegraph` has a branch merge protection defined: any code
-which fails the quality gate will not be allowed into the `main` branch. A GitHub
-admin will be required to change this.
-
-### Changing the GitHub/SonarCloud integration
-
-You will need to either be or have access to a GitHub Admin to change this.
-
-The SonarCloud GitHub app runs a check against all branches/pull requests, as well as
-against the main branch. It currently only scans the Sourcegraph product via
-the main `sourcegraph/sourcegraph` repository.
-
-There isn't much other configuration to set up or change for the GitHub app.
-
-## For Sourcegraph engineers
-
-Any SonarCloud issues should be visible to you via the output of the SonarCloud
-Code Analysis GitHub check. If you're not clear on how to resolve an issue raised
-by SonarCloud, please reach out to the Security team in [#security][2].
-
-If the offending commit has to be landed as part of resolving an incident, find
-an admin for the repository (for whom branch protection rules will not apply) to
-merge the code in for you.
-
-[0]: https://sonarcloud.io
-[1]: https://sonarcloud.io/organizations/sourcegraph/quality_gates/show/37292
-[2]: https://sourcegraph.slack.com/archives/C1JH2BEHZ
diff --git a/content/departments/security/tooling/trivy/5-3-3.md b/content/departments/security/tooling/trivy/5-3-3.md
new file mode 100644
index 000000000000..a62ca89f17b8
--- /dev/null
+++ b/content/departments/security/tooling/trivy/5-3-3.md
@@ -0,0 +1,14 @@
+# Accepted CVEs for Sourcegraph 5.3.3
+
+| CVE ID | Affected Images | CVE Severity | CVSS Base Score | [Sourcegraph Assessment](../../../engineering/dev/policies/vulnerability-management-policy.md#severity-levels) | CVSS Environmental Score | Details |
+| ------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | sourcegraph/dind | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
+| [GHSA-M425-MQ94-257G](https://github.com/grpc/grpc-go) | sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor, sourcegraph/executor, sourcegraph/bundled-executor, sourcegraph/dind, caddy, sourcegraph/executor-kubernetes | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
+| [CVE-2023-47108](https://access.redhat.com/security/cve/CVE-2023-47108) | sourcegraph/dind | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |
+| [CVE-2023-45142](https://access.redhat.com/security/cve/CVE-2023-45142) | sourcegraph/dind | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |
+| [CVE-2023-7104](https://access.redhat.com/errata/RHSA-2024:0465) | sourcegraph/codeinsights-db, sourcegraph/codeintel-db, sourcegraph/postgres-12-alpine | High | 7.3 | Medium | 4.1 | This is not exploitable over the internet. It would require an actor to write very specific SQLITE queries which is not possible in the default configuration. |
+| [CVE-2024-23652](https://access.redhat.com/security/cve/CVE-2024-23652) | sourcegraph/dind | Critical | 7.4 | Info | 0 | We are not vulnerable for this issue as it requires access to our underlying infrastructure for exploitation. An actor cannot use this to gain access to our instances. |
+| [CVE-2024-23653](https://access.redhat.com/security/cve/CVE-2024-23653) | sourcegraph/dind | Critical | 9.8 | Info | 0 | We are not vulnerable for this issue as it requires access to our underlying infrastructure for exploitation. An actor cannot use this to gain access to our instances. |
+| [CVE-2024-23651](https://access.redhat.com/security/cve/CVE-2024-23651) | sourcegraph/dind | High | 7.4 | Info | 0 | We are not vulnerable for this issue as it requires access to our underlying infrastructure for exploitation. An actor cannot use this to gain access to our instances. |
+| [CVE-2024-21626](http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html) | sourcegraph/dind | High | 8.6 | High | 8.6 | Dind is used for Kubernetes executors and is not part of the standard deployment. This issue is not fixed in the latest dind release, and we will upgrade once a patch is available. |
+| [CVE-2023-5363](http://www.openwall.com/lists/oss-security/2023/10/24/1) | sourcegraph/dind | High | 0 | info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |
diff --git a/content/departments/security/tooling/trivy/index.md b/content/departments/security/tooling/trivy/index.md
index ce5f38188e82..fcc05536740b 100644
--- a/content/departments/security/tooling/trivy/index.md
+++ b/content/departments/security/tooling/trivy/index.md
@@ -118,6 +118,7 @@ or that we have accepted as low risk. You can find more details about these belo
### 5.3
+- [5.3.3](./5-3-3.md)
- [5.3.2](./5-3-2.md)
- [5.3.1](./5-3-1.md)
- [5.3.0](./5-3-0.md)
diff --git a/content/departments/technical-success/ce/index.md b/content/departments/technical-success/ce/index.md
index 2a0c863b52ab..ca884806b191 100644
--- a/content/departments/technical-success/ce/index.md
+++ b/content/departments/technical-success/ce/index.md
@@ -18,7 +18,7 @@ The three primary team KPIs for CE are:
### New ACV
-As the pre-sales technical experts, CEs play an integral role in closing new business that leads to new incremental revenue for Sourcegraph. This dimension looks at the number of new customers acquired, net number of opportunities successfully closed, and number of products sold whether on a net new prospect or within a new team at an existing customer.
+As the pre-sales technical experts, CEs play an integral role in closing new business that leads to new incremental revenue for Sourcegraph, whether a new customer or an expansion within an existing customer. This dimension looks at the number of new customers acquired, net number of opportunities successfully closed (both net new customers and expansions), and number of products sold whether on a net new prospect or within a new team at an existing customer.
### Technical Closure of Trials
diff --git a/content/departments/technical-success/ce/process/create-new-license.md b/content/departments/technical-success/ce/process/create-new-license.md
index 8a88fe7ee4ff..7944ac853035 100644
--- a/content/departments/technical-success/ce/process/create-new-license.md
+++ b/content/departments/technical-success/ce/process/create-new-license.md
@@ -40,7 +40,7 @@ The prospect/customer requires a Sourcegraph.com user account. If an account doe
1. Select the license expiration date. For production keys, this needs to match the end date of the contract itself.
1. NOTE: Licenses expire at midnight of the date selected based on _the timezone of the browser where the license is being generated from_. It is important to consider this as depending on the teammate location and the customer location you may need to actually set the expiration date to lag by a day.
1. Click **Generate license**.
-1. If the customer should have **Cody Access** once you generate an active license you are now able to toggle on `Access to hosted Cody Services`. Click Enable when the warning shows.
- 1. Everything should fill in for you; however if you need to modify the rate limit of chat requests per day or code completions per day you can do so by clicking on the pencil icon.
+1. If the customer should have **Cody Access** (either the Cody Enterprise or the Code Intelligence Platform plan) once you generate an active license, from the Enterprise Subscriptions screen, you must toggle on `Access to hosted Cody Services`. Click Enable when the warning shows.
+ 1. Everything should fill in for you; however if you need to modify the rate limit of chat requests per day or code completions per day, or change the allowable model configuration, you can do so by clicking on the pencil icon.
1. Follow our [key sharing policy](license_keys.md#license-key-sharing-policy) for sharing this license key with your prospect or customer. You can link them to the following docs for instructions on where to add the key: [Updating your license key](https://sourcegraph.com/docs/admin/subscriptions#updating-your-license-key)
1. Finally, if this is a new customer, you must map the license key to the Salesforce instance for usage data tracking following [these directions](https://docs.google.com/document/d/12W85VTKLJg2Os74PWADxwOPfpMozB0mUm4Do6fN9dFs/edit?usp=sharing).
diff --git a/content/departments/technical-success/ce/process/license_keys.md b/content/departments/technical-success/ce/process/license_keys.md
index bf711536b70c..92cc9d095d45 100644
--- a/content/departments/technical-success/ce/process/license_keys.md
+++ b/content/departments/technical-success/ce/process/license_keys.md
@@ -8,6 +8,7 @@ This page explains how to create and maintain license keys for prospects and cus
- [Plans](#plans)
- [Additional Options](#additional-options)
- [License Management Processes](#license-management-processes)
+ - [Activating Cody](#activating-cody)
- [Prospective Customer Trials](#prospective-customer-trials)
- [Handling multiple instances for a single customer](#multiple-customer-instances)
- [Converting a Prospect to a New Customer](#converting-a-prospect-to-a-new-customer)
@@ -28,7 +29,7 @@ Sourcegraph requires site administrators to apply a license key to access to var
License keys can only be generated by site administrators on sourcegraph.com. To create or maintain a license you must request temporary access via Entitle (in Okta). Entitle grants temporary access to site admin.
1. Go to Entitle via Okta
-2. Search for `site admin` and select dotcom site-admin. Access is logged but automatically provisioned.
+2. Search for `dotcom site-admin` and select dotcom site-admin. Access is logged but automatically provisioned.
3. If you are logged in to your dotcom account, reload the page so that your account updates to site-admin permissions.
-- NOTE: If you do not see site-admin permissions, check your profile settings -> Emails section and ensure that your sourcegraph.com email address is added to your profile, verified and it is set as primary. Or you can logout and login using Google Authentication into dotcom, this will create a new account for you with your sourcegraph.com email attached to it.
@@ -55,7 +56,7 @@ A license is comprised of the following components, we'll go into each more in d
#### Plans
-Different plans have a unique featureset included with them. In some instances you can manually apply additional tags to include additional features (more on this below) but typically simply selecting the plan covers everything you'll need. Most frequently, CEs and TAs will be using the `enterprise-1` plan for all Enterprise customers.
+Different plans have a unique feature-set included with them. In some instances you can manually apply additional tags to include additional features (more on this below) but typically simply selecting the plan covers everything you'll need. Most frequently, CEs and TAs will be using the `enterprise-1` plan for all Enterprise customers.
Below is an overview of the **current supported plans** and included features:
@@ -103,6 +104,14 @@ Apart from the plan, there are a few additional options that can be added to a l
## License Management Processes
+### Cloud Instances
+
+Everything you need for creating and maintaining Cloud instances can be found [here](../../../cloud/index.md#internal-processes-for-cloud-operations).
+
+### Activating Cody
+
+Cody is available with our `Cody Enterprise` and `Code Intelligence Platform` licenses. When you create a license for either of those plans, you must also enable `Access to hosted Cody Services` from the Enterprise subscription page. Here, you can modify the chat and / or code completion limits per day and you can provision access to allowable models. Often, the default are sufficient and you simply need to toggle access on.
+
### Prospective Customer Trials
For a new Sales-led trial, you'll need to create a _new_ subscription that will be used only for the trial period. (Follow the instructions for [issuing a new license](create-new-license.md) from start to finish.).
diff --git a/content/departments/technical-success/support/process/customer-support-triaging.md b/content/departments/technical-success/support/process/customer-support-triaging.md
index 76a3cbe69ab5..fec86ffa40ce 100644
--- a/content/departments/technical-success/support/process/customer-support-triaging.md
+++ b/content/departments/technical-success/support/process/customer-support-triaging.md
@@ -1,4 +1,4 @@
-## How to Triage like a Pro
+# How to Triage like a Pro
**Step 1:** Conversation initiated by the customer
@@ -23,7 +23,7 @@ If there is no action for CS, go to back to step 4 select ‘…’ and then sel
- handle anything related to security for a customer with a TA
- handle a feature request for a customer with a TA
- provide guidance on how to think about using Sourcegraph/drive adoption (ie more proactive in nature guidance)
-- for employment verifications, we can reply and send the requestor to [our Truework landing page](https://www.truework.com/verifications/sourcegraph-employment-verification/) where they can get what they need.
+- for employment verifications, marketing, spam, and other non-support related issues check out [Handling Non-Support Emails](non-support-emails.md).
**Step 6:** Selecting _View Thread_ will allow you to respond to the customer within the slack thread.
@@ -65,16 +65,11 @@ If the other ticket is still open, merge the new ticket into it and alert our te
No. Hopefully in the future, Zendesk will give us this feature; for now, we can link to the other ticket and be sure the requestor is correct.
-### 4. What do I do when I see a company update or solicitation in the triage queue?
+### 4. What do I do when I see a non-support email in the triage queue?
-We sometimes get all company updates or solicitation emails delivered to support mailbox. When you come across these, please go ahead and delete them.
+Sometimes, emails not related to support issues, such as employment verification, bills, marketing, or spam, may be directed to Support. Please refer to the section on [Handling Non-Support Emails](non-support-emails.md) for guidance.
-If the email is clearly spam mark them as such (this can be done by clicking the three vertical dots on a ticket and selecting `Mark as Spam`) which will delete the ticket and make sure we don't get a similar email again.
-
-If the email is around something that could be of interest to another team (examples could be a bill for a service that is about to expire or some security update) forward those to the appropriate team via Slack (or email group if its known).
-For employment verification emails see above for steps.
-
-### 5.What if we are close to missing SLA?
+### 5. What if we are close to missing SLA?
When SLA is close to expiring and the ticket is assigned, we ask SE to send a first response; otherwise, we collaborate as a team to provide a meaningful initial response to prevent SLA violations.
@@ -90,14 +85,6 @@ Sometimes custom scripts are developed by the CE or TA team, if the customer rea
When a customer replies to a solved Zendesk ticket a new ticket will be created. You will want to remove all the tags and triage following the same steps listed above.
-### 9. How to handle Hubspot emails?
-
-If it's from the Hubspot form and for marketing, engage them in the #marketing Slack channel and @ mention @marketing-operations.
-
-If it's from Hubspot, change the subject to "Sourcegraph help request".
-
-For the Hubspot form, we will need to email the person from our work Gmail account with a subject like "Sourcegraph inquiry" and support@sourcegraph.com in cc and let them know a member of the team will help them. We do this so that we can ensure the customer gets the email since Zendesk could block it.
-
-### 10. How to add the support agent integration to a customer Slack channel.
+### 9. How to add the support agent integration to a customer Slack channel.
Simply navigate to the support agent app in Slack and at the top expand the title with the drop-down arrow. Choose the first option, `Add this app to a channel` and either search out or type the channel you'd like to add the integration to. Here's a quick [video](https://www.loom.com/share/6f5b7191a8fa49478318b9ce81dd9cc8) on how to do it. Please ping @CS-Leadership so they can complete the [setup](https://docs.google.com/document/d/1gmApObWJUZ6DfR9w2xNmBTXppRhG6plQA8mWYYs1Y5Y/edit#)
diff --git a/content/departments/technical-success/support/process/enablement/eng-support-learn-from-eachother.md b/content/departments/technical-success/support/process/enablement/eng-support-learn-from-eachother.md
index ca2ad2507932..61435b2fb9e5 100644
--- a/content/departments/technical-success/support/process/enablement/eng-support-learn-from-eachother.md
+++ b/content/departments/technical-success/support/process/enablement/eng-support-learn-from-eachother.md
@@ -59,7 +59,7 @@ We have a shared responsibility to maintain and improve docs.sourcegraph.com. Wh
When we work on documentation, we…
- ...remind ourselves that the vision set forth by our product team for our docs is to align with the the organizational approach outlined in https://documentation.divio.com/, especially [the how-to section](https://documentation.divio.com/how-to-guides/) and [their examples](https://docs.divio.com/en/latest/how-to/) (how-to is the doc type we create/improve the most)
-- ...remind ourselves of [the guidelines for contributing to product documentation](../../../../engineering/dev/process/product_documentation.md), as well as [the content creation guidelines](../../../../../company-info-and-process/communication/content_guidelines/index.md)
+- ...remind ourselves of [the guidelines for contributing to product documentation](../../../../marketing/process/product_documentation.md), as well as [the content creation guidelines](../../../../../company-info-and-process/communication/content_guidelines/index.md)
- ...note that troubleshooting documentation falls into the category of how-to documentation as outlined in the vision above
- ...ensure that every page in our docs to have a single purpose (it may take us awhile to redo what is there, but keep this in mind for creating/revising)
- ...ensure that if we move a page, we add a redirect for the old URL [here](https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/blob/doc/_resources/assets/redirects)
diff --git a/content/departments/technical-success/support/process/index.md b/content/departments/technical-success/support/process/index.md
index 60bc3aebb131..7add5a4d11fb 100644
--- a/content/departments/technical-success/support/process/index.md
+++ b/content/departments/technical-success/support/process/index.md
@@ -1,6 +1,7 @@
# Support Team Processes
- [Updating Known Issues Page](known-issues.md)
+- [Handling Non-Support Emails](non-support-emails.md)
- [Case transitions](case-transitions.md)
- [Cloud Maintenance Window Process](cloud-maintenance-window.md)
- [Collaboration time](collaboration-time.md)
diff --git a/content/departments/technical-success/support/process/non-support-emails.md b/content/departments/technical-success/support/process/non-support-emails.md
new file mode 100644
index 000000000000..6cb8cf67ad36
--- /dev/null
+++ b/content/departments/technical-success/support/process/non-support-emails.md
@@ -0,0 +1,20 @@
+# Handling Non-Support Emails
+
+Occasionally, non-support emails will be sent to support@sourcegraph.com, either employment verification, bills, marketing, or spam. Emails that are pertinent should be forwarded to the appropriate team. Emails that are not relevant should either be marked as spam or deleted.
+
+**Marking Spam:**
+If an email is spam, navigate to the ticket menu and select 'Mark as spam'.
+
+**Deleting Emails:**
+If an email is an internal company update or a solicitation email, navigate to the ticket menu and select 'Delete'.
+
+**Forwarding Emails:**
+To forward an email, expand the menu on the message and click ‘Forward via email’. ZenDesk removes the original sender's email from the forward, so paste it into the message. If you need to access the support mailbox, use the credentials in the shared 1Password vault.
+
+**Determining the Appropriate Recipient:**
+Consult the relevant Slack channel to identify the correct recipient if the email group is not known:
+#discuss-marketing: Cold outreach, marketing, media.
+#ask-people-team: Job applications and other employee-related emails. Employment verification emails should be sent to people-ops@sourcegraph.com.
+#discuss-finance: Bills, POs, or receipts.
+
+If you are unsure where to direct an email or need help determining the appropriate action, request guidance in the #team-support-engineering channel.
diff --git a/content/departments/technical-success/support/process/permanently_deleting_user_data.md b/content/departments/technical-success/support/process/permanently_deleting_user_data.md
index be2499f7d176..1fc51c23c3df 100644
--- a/content/departments/technical-success/support/process/permanently_deleting_user_data.md
+++ b/content/departments/technical-success/support/process/permanently_deleting_user_data.md
@@ -20,11 +20,10 @@ For account deletions, remove the account from [sourcegraph.com](http://sourcegr
- Choose 'Delete forever' from the actions menu.
- Delete the user from SAMS
- - Post the user's email and username in [#discuss-core-services](https://sourcegraph.slack.com/archives/discuss-core-services) and wait for deletion.
-
- > Deletion request:
- > Username: user
- > Email: user@example.com
+ - Trigger a [Delete Sourcegraph Accounts user](https://github.com/sourcegraph/sourcegraph-accounts/actions/workflows/mgmt-delete-user.yml) GitHub Action with the user's email address.
+ - Wait for the run to complete.
+ - Reach out to #discuss-core-services if the run encounters an error.
+ - Reach out to #ask-it-tech-ops if you don't have access.
- Inform the user their account is permanently deleted.
diff --git a/content/departments/technical-success/support/process/product-gap-process.md b/content/departments/technical-success/support/process/product-gap-process.md
index 8811e5a95e2d..d42cee1831b2 100644
--- a/content/departments/technical-success/support/process/product-gap-process.md
+++ b/content/departments/technical-success/support/process/product-gap-process.md
@@ -6,7 +6,7 @@ Product gaps are submitted by the customer’s assigned TA or Scaled Success. Th
> If you come across an account that doesn’t have a TA assigned and isn’t under Scaled Success management, feel free to ask in the #discuss-technical-advisors channel about assigning someone to the request.
-**Accounts with a TA**: Head to the #discuss-technical-advisors channel and follow the Product Gap Request workflow. Keep the ticket open for a few days in case the TA or customer has more to say.
+**Accounts with a TA**: Include the TA in the issue thread, providing them with the details of the product gap. Keep the ticket open for a few days in case the TA or customer has more to say.
**Scaled Success accounts**: Head to the #discuss-scaled-success channel and follow the Product Gap Request workflow. Leave the ticket open for a few days, allowing the team or customer to follow up.
diff --git a/content/departments/technical-success/ta/index.md b/content/departments/technical-success/ta/index.md
index 1c5ad738ead5..db4b834fdc10 100644
--- a/content/departments/technical-success/ta/index.md
+++ b/content/departments/technical-success/ta/index.md
@@ -37,11 +37,11 @@ Effective FY25, the following segments are assigned to Enterprise TAs:
| Strategic | 2.5k+ devs, any amount of ARR spend |
| Enterprise | 501 - 2.5k devs, >$100k current ARR spend |
-### Pooled
+### Scaled
This group is comprised of a team of Mid-Market TAs who nurture this segment of our customers through a combination of our digital success programming and our enterprise programming providing a medium-touch, tailored experience.
-Effective FY25, the following segments are assigned to Pooled TAs:
+Effective FY25, the following segments are assigned to Scaled TAs:
| Customer Segment | Segment definition |
| ---------------- | ----------------------------------------- |
diff --git a/content/strategy-goals/strategy/index.md b/content/strategy-goals/strategy/index.md
index caa8a45cb6e7..98f1285864a6 100644
--- a/content/strategy-goals/strategy/index.md
+++ b/content/strategy-goals/strategy/index.md
@@ -27,9 +27,13 @@ In FY25 we will help more pro devs code better and faster with a single lovable
Sourcegraph team members can view more internal details about our company strategy in the [MSEM FY25 document](https://docs.google.com/document/d/1Ju2SwpRCcIAC65kCu60QM8rnsn8YDTmkNAKO5xkl0ZY/edit#heading=h.ev1rhjc47atd) and [company framework](https://docs.google.com/document/d/127S8cGKrYi2g8CVjMO3fpT33Ld_ZpT7_1UgbAvlqGC0/edit?usp=sharing). These artifacts help our team gain internal alignment and influence how we build, market, and sell our products.
+## [Product vision and direction](https://docs.google.com/document/d/1gyxslvskFAMxQUvOQFkF8eyt8RGd1iIdqNpIv_fwsvA/edit#heading=h.9fct2569t548)
+
+Our product vision and direction are critical to achieving our strategy. See more details about what we're building and why it matters in the [product vision and direction doc](https://docs.google.com/document/d/1gyxslvskFAMxQUvOQFkF8eyt8RGd1iIdqNpIv_fwsvA/edit) (visible to internal Sourcegraph only).
+
## Values
-Our [values](../../company-info-and-process/values/index.md) are the principles that help us execute on our strategy and build a high-performance team.
+Our [values](../../company-info-and-process/values/index.md) are the principles that help us execute our strategy and build a high-performance team.
### Market segmentation
diff --git a/content/team/executive-business-partners.md b/content/team/executive-business-partners.md
index c68a67dfc729..0a0cb3bbcc2f 100644
--- a/content/team/executive-business-partners.md
+++ b/content/team/executive-business-partners.md
@@ -2,8 +2,7 @@
## Executive Business Partners Team
-- Coming soon: EBP supporting Quinn Slack (CEO)
-- Michal Sennett (EBP) supporting Carly Jones (VP People and Talent), Steve Yegge (Head of Engineering, Cody), Erika Rice Scherpelz (Head of Engineering, Code Search), & currently (as of 10/11/23) providing iterim support for Quinn Slack (CEO)
+- Michal Sennett (EBP) supporting Quinn Slack (CEO), Carly Jones (VP People and Talent), Erika Rice Scherpelz (Head of Engineering)
- Amber Nocerino (EBP) supporting Brock Perko (VP Sales), and Aimee Menne (VP Technical Success)
## Contact us
diff --git a/content/team/locations.geojson b/content/team/locations.geojson
index 94b097364cda..be8784e27c60 100644
--- a/content/team/locations.geojson
+++ b/content/team/locations.geojson
@@ -780,6 +780,19 @@
52.513384
]
}
+ },
+ {
+ "type": "Feature",
+ "properties": {
+ "name": "Rik Nauta"
+ },
+ "geometry": {
+ "type": "Point",
+ "coordinates": [
+ 13.000640,
+ 55.595330
+ ]
+ }
}
]
-}
+}
\ No newline at end of file
diff --git a/data/team.yml b/data/team.yml
index 7ff40284017a..8404ce58287f 100644
--- a/data/team.yml
+++ b/data/team.yml
@@ -173,7 +173,7 @@ noah_santschi-cooney:
bill_kolman:
name: Bill Kolman
role: Account Executive
- reports_to: regional_director_sales_east
+ reports_to: rsd_east
location: New York, New York
email: Bill@sourcegraph.com
links: '[LinkedIn](https://www.linkedin.com/in/william-kolman/)'
@@ -183,7 +183,7 @@ owen_brennan:
name: Owen Brennan
pronouns: he/him
role: Account Executive
- reports_to: rsd_west
+ reports_to: vp_sales
location: Boise, Idaho, USA
email: owen@sourcegraph.com
links: '[LinkedIn](https://www.linkedin.com/in/owenbrennan/)'
@@ -193,8 +193,8 @@ scott_campbell:
name: Scott Campbell
pronouns: he/him
role: Regional Director of Sales, East
- reports_to: rsd_west
- manager_role_slug: regional_director_sales_east
+ reports_to: vp_sales
+ manager_role_slug: rsd_east
location: Asheville, North Carolina, United States 🇺🇸
github: spc74
email: scott@sourcegraph.com
@@ -283,7 +283,7 @@ james_clifford:
name: James Clifford
pronouns: he/him
role: Account Executive
- reports_to: rsd_west
+ reports_to: vp_sales
location: San Francisco, CA, USA 🇺🇸
github: jclifford1
email: jclifford@sourcegraph.com
@@ -294,7 +294,7 @@ caitlin_moran:
name: Caitlin Moran
pronouns: she/her
role: Enterprise Account Executive
- reports_to: regional_director_sales_east
+ reports_to: rsd_east
location: Brooklyn, NY USA 🇺🇸
github: Caitlinsourcegraph
email: caitlin@sourcegraph.com
@@ -305,7 +305,8 @@ jon_kishpaugh:
name: Jon Kishpaugh
pronouns: he/him
role: Account Executive
- reports_to: rsd_west
+ reports_to: vp_sales
+ manager_role_slug: rsd_west
location: San Francisco, CA, USA
github: JonKish
email: jon@sourcegraph.com
@@ -392,18 +393,6 @@ kelsey_brown:
links: '[Linkedin](https://www.linkedin.com/in/kelsey-brown-25220b68/)'
description: Prior to Sourcegraph, Kelsey worked in consulting on projects related to strategy, business operations, and technology. Outside of work, Kelsey loves doing anything active, including weightlifting, snowboarding, and playing ultimate frisbee. She is currently based in Washington, DC, but hails from Chicago, and would therefore be happy to passionately defend the superiority of Chicago-style over New York-style pizza with you any day of the week.
-fabiana_castellanos:
- name: Fabiana Castellanos
- pronouns: she/her
- role: Creative Operations Manager
- reports_to: director_design
- manager_role_slug: creative_ops_manager
- location: Oceanside, CA USA 🇺🇸
- github: fabicastp
- email: fabiana@sourcegraph.com
- links: '[Linkedin](https://www.linkedin.com/in/fabicastp/)'
- description: "Fabiana is from Venezuela 🇻🇪 but moved to California 4 years ago with her husband, dog and parrot. She's a big fan of processes and organization, and you’ll often hear her say _I have a spreadsheet for that._ She’s had the pleasure of doing project management with creatives throughout her professional career. They are the yin to her yang, she says. She’s also very proud of her Venezuelan culture and loves inviting people over to her home to eat arepas."
-
kendrick_morris:
name: Kendrick Morris
pronouns: he/him
@@ -482,7 +471,7 @@ kevin_quigley:
name: Kevin Quigley
pronouns: he/him
role: Account Executive
- reports_to: regional_director_sales_east
+ reports_to: rsd_east
location: Atlanta, GA, USA 🇺🇸
github: kevin-quigley
email: kevin.quigley@sourcegraph.com
@@ -502,7 +491,7 @@ mark_mccauley:
name: Mark McCauley
pronouns: he/him
role: Director, Field GTM
- reports_to: ceo
+ reports_to: sales_ops_strategy
manager_role_slug: director_field_gtm
gabe_torres:
@@ -610,8 +599,8 @@ amie_rotherham:
ellie_dawson:
name: Ellie Dawson
pronouns: she/her
- role: Sales Development Representative
- reports_to: head_sales_development
+ role: Senior Program Lead, VCBOD
+ reports_to: director_field_gtm
location: Cincinnati, OH, USA
github: elliedawson
email: ellie.dawson@sourcegraph.com
@@ -835,7 +824,7 @@ cory_dobson:
nicolas_hernandez:
name: Nick Hernandez
role: Enterprise Account Executive - Sales
- reports_to: regional_director_sales_east
+ reports_to: rsd_east
location: Miami, FL, USA 🇺🇸
email: nick.hernandez@sourcegraph.com
github: fryster66
@@ -858,7 +847,7 @@ andrew_reed:
name: Andrew Reed
role: Senior Manager, Sales Development
email: andrew.reed@sourcegraph.com
- reports_to: vp_sales
+ reports_to: sales_ops_strategy
manager_role_slug: head_sales_development
ashwin_Thakur:
@@ -913,21 +902,15 @@ shawntee_harris:
connor_obrien:
name: Connor OBrien
email: connor.obrien@sourcegraph.com
- role: Chief of Staff to CEO
+ role: Chief of Staff to CEO, Sales Ops & Strategy
pronouns: he/him
github: connoro13c
reports_to: ceo
+ manager_role_slug: sales_ops_strategy
links: '[LinkedIn](https://www.linkedin.com/in/connorob/)'
location: San Franciso, CA, USA 🇺🇸
description: Connor lives in the Lonely Mountain neighborhood in SF, 1 block away from Golden Gate Park with his wife, two daughters (Logan and Quinn), two dogs, and ~~pet Crawdad~~ RIP Lil' Jeff. Prior to Sourcegraph, Connor worked at Anaplan for 7.5 years where he played critical roles across PreSales, Ops, and Sales where he helped craft and execute GTM strategy. Before Anaplan, Connor was running a small IT Consulting company and worked in the United States Senate. Connor and his wife love challenging, outdoorsy activities like scuba diving, hiking, and long-distance running, biking, and swimming. The fastest way to my heart is through the Denver Nuggets.
-interim_sales_lead:
- name: Connor OBrien
- reports_to: ceo
- role: Interim Sales Lead
- manager_role_slug: vp_sales
- hide_on_team_page: true
-
michael_lin:
name: Michael Lin
pronouns: he/him
@@ -1049,7 +1032,7 @@ bolaji_olajide:
todd_herskovitz:
name: Todd Herskovitz
role: Strategic Account Executive
- reports_to: rsd_west
+ reports_to: vp_sales
location: San Francisco, CA, USA 🇺🇸
github: toddherskovitz
email: todd@sourcegraph.com
@@ -1068,9 +1051,9 @@ daniel_marques:
brock_perko:
name: Brock Perko
pronouns: he/him
- role: Regional Sales Director, West
+ role: VP, Sales
reports_to: ceo
- manager_role_slug: rsd_west
+ manager_role_slug: vp_sales
location: Mill Valley, CA USA 🇺🇸
github: 0xPerko
email: brock_perko@sourcegraph.com
@@ -1138,7 +1121,7 @@ ajay_uppaluri:
pronouns: He/Him
role: Director, Sales Strategy & Operations
manager_role_slug: director_sales_ops
- reports_to: vp_sales
+ reports_to: sales_ops_strategy
location: San Diego, CA
links: '[LinkedIn](www.linkedin.com/in/ajay-uppaluri)'
description: Ajay was born & raised in Miami, FL. After receiving his MBA from Emory University in Atlanta, GA, Ajay spent several years in management consulting and GTM strategy. He resides in San Diego with his wife, young daughter & golden retriever. In his highly limited spare time, Ajay usually enjoys a good cocktail and loves to play boardgames with friends & family
@@ -1224,7 +1207,7 @@ tom_pinckney:
name: Tom Pinckney
role: Head of Business Development
location: San Francisco, CA
- reports_to: vp_sales
+ reports_to: sales_ops_strategy
email: tom.pinckney@sourcegraph.com
links: '[LinkedIn](https://www.linkedin.com/in/tom-pinckney)'
description: Tom is a native Virgnian. He came to California back in 2000 and has never left. Tom lives in San Francisco with his wife and 7 and 12 year old boys and dog Sugar. He has spent most of his career working in field based roles in high growth enterprise software companies. He's responsible for the partner ecosystem at Sourcegraph.
@@ -1381,7 +1364,7 @@ James_Ghaedi:
name: James Ghaedi
email: james.ghaedi@sourcegraph.com
role: Account Executive, EMEA
- reports_to: regional_director_sales_east
+ reports_to: rsd_east
steve_yegge:
name: Steve Yegge
@@ -1419,9 +1402,9 @@ lauren_ross:
pronouns: she/her
role: Senior People Partner
reports_to: vp_talent
- location: Seattle, WA
+ location: Whitefish, MT
links: '[LinkedIn](https://www.linkedin.com/in/laurencolby/)'
- description: I live in Seattle, WA with my 2 children, husband, and goldendoodle! In my spare time I love adventuring in the outdoors, reading, and spending time with my loved ones.
+ description: I live in Whitefish, MT with my 2 children, husband, and goldendoodle! In my spare time I love adventuring in the outdoors, reading, and spending time with my loved ones.
Marc_LeBlanc:
name: Marc LeBlanc
@@ -1430,7 +1413,7 @@ Marc_LeBlanc:
pronouns: he/him
role: Senior Implementation Engineer
reports_to: ie_manager
- location: Istanbul, Turkey 🇹🇷
+ location: Calgary, Canada
links: '[LinkedIn](https://www.linkedin.com/in/leblancit/), [MarcPhoto.ca](https://marcphoto.ca/)'
description: I rise to challenges with enthusiasm, a happy-to-help attitude, and a customer-service mindset. I am driven to make my positive contribution to the world, with high-level strategic vision, systems and design thinking, and hands-on-keyboard implementation. I was the service owner for the Code Search service and a Sourcegraph customer admin for two years before joining the company. My team and I implemented Sourcegraph from end to end, from discovering user issues with OpenGrok, finding Sourcegraph, implementing it, operating it, and contributing to it. I am also a photographer, adventure motorcyclist, and active volunteer.
@@ -1457,18 +1440,6 @@ erika_rice_scherpelz:
manager_role_slug: eng_lead
description: 'I think of myself as a solution synthesizer. I may not be the one to come up with new ideas, but I can help figure out how they fit together into something greater than the sum of their parts. I love reading, board games, fiber arts, and most of all, my 2 children and husband. Prior to Sourcegraph, I spent the first 15 years of my career at Google where I worked on Google Maps, social graph infrastructure, and data tools (plus a brief stint at Flexport).'
-matt_manela:
- name: Matt Manela
- email: matt.manela@sourcegraph.com
- github: mmanela
- pronouns: he/him
- role: Engineering Manager, Product Platform
- reports_to: eng_lead
- location: Albany, NY, USA 🇺🇸
- links: '[Blog](https://matthewmanela.com/), [LinkedIn](https://www.linkedin.com/in/mmanela/)'
- manager_role_slug: product_platform_lead
- description: 'Matt is passionate about creating scalable quality software and high performing compassionate customer focused teams. Before Sourcegraph, Matt spent time at a green energy startup scaling residential solar and at Microsoft working on developer tools and services. When not working, Matt can be found spending time with his family, reading (mostly sci-fi), [blogging](https://matthewmanela.com/articles) or building software for fun ([website about idiom translation](https://idiomatically.net/), [multi-platform word game](https://matthewmanela.com/anagram-ladder/))'
-
anton_sviridov:
name: Anton Sviridov
email: anton.sviridov@sourcegraph.com
@@ -1729,6 +1700,17 @@ eric_shamow:
location: Portland, OR, USA
description: 'Eric is originally out of New York but has called Portland, OR home for the past decade. He spends a lot of time in the space somewhere between process, systems architecture, org design and engineering practices. Prior to Sourcegraph Eric was an early employee at Puppet a little over a decade ago, where he visited over 200 companies to study how tools and practices intersect to drive culture change. More recently he ran the Compute SRE team at Twitter. Eric used to be a classical musician, and can be found geeking out over music, books and films (especially sci-fi and horror).'
+chris_sev:
+ name: Chris Sev
+ role: Developer Advocate
+ email: chris.sev@sourcegraph.com
+ github: chris-sev
+ pronouns: he/him
+ reports_to: director_devrel
+ location: Denver, USA 🇺🇸
+ links: '[X](https://x.com/chris__sev)'
+ description: Chris is a full stack developer that has built his career educating developers on how to code and how to monetize their code projects. He spends his time always building fun projects, playing with his 2 little kids, and lifting heavy things.
+
aravind_ramaraju:
name: Aravind Ramaraju
reports_to: product_lead
@@ -1812,6 +1794,18 @@ michael_bahr:
pronunciation: '[pronounce my name 🔊](https://forvo.com/word/bahr)'
description: Michael grew up in the Black Forest, just at the border between Germany and Switzerland. Prior to Sourcegraph, Michael worked on the dev tools such as Amazon CodeCatalyst, and made the life of devs easier at a startup called Stedi. He's passionate about solving ever harder technical challenges and helping teammates grow further. When not coding at work, he loves to build projects and modifications around video games like Factorio and EVE Online. His favourite way to spend time outside is on a snowboard in the mountains. He can also be found doing other sports and hosting DnD sessions.
+matt_manela:
+ name: Matt Manela
+ email: matt.manela@sourcegraph.com
+ github: mmanela
+ pronouns: he/him
+ role: Engineering Manager, Product Platform
+ reports_to: eng_lead
+ location: Albany, NY, USA 🇺🇸
+ links: '[Blog](https://matthewmanela.com/), [LinkedIn](https://www.linkedin.com/in/mmanela/)'
+ manager_role_slug: product_platform_lead
+ description: 'Matt is passionate about creating scalable quality software and high performing compassionate customer focused teams. Before Sourcegraph, Matt spent time at a green energy startup scaling residential solar and at Microsoft working on developer tools and services. When not working, Matt can be found spending time with his family, reading (mostly sci-fi), [blogging](https://matthewmanela.com/articles) or building software for fun ([website about idiom translation](https://idiomatically.net/), [multi-platform word game](https://matthewmanela.com/anagram-ladder/))'
+
anish_lakhwara:
name: Anish Lakhwara
email: anish.lakhwara@sourcegraph.com
@@ -1832,4 +1826,16 @@ dan_tacci:
reports_to: vp_technical_success
location: Alameda, CA 🇬🇧
links: '[Linkedin](https://www.linkedin.com/in/dan-tacci/)'
- description: Despite being an avocado-eating, kitesurfing, dyed-in-the-wool California boy since age 4, Dan was actually born in Florence, Italy and therefore can never be President of the United States. As such, he has taken on Customer Engineering delighting customers in the devtools space. He came off 5.5 years at LaunchDarkly, where we he was part of 10x revenue and personell growth. He lives in Alameda by the beach where with his wife and two girls, aged 10 and 3, where he gets to kiteboard and hydrofoil msot of the year.
+ description: Despite being an avocado-eating, kitesurfing, dyed-in-the-wool California boy since age 4, Dan was actually born in Florence, Italy and therefore can never be President of the United States. As such, he has taken on Customer Engineering delighting customers in the devtools space. He came off 5.5 years at LaunchDarkly, where we he was part of 10x revenue and personell growth. He lives in Alameda by the beach where with his wife and two girls, aged 10 and 3, where he gets to kiteboard and hydrofoil most of the year.
+
+rik_nauta:
+ name: Rik Nauta
+ role: Software Engineer
+ reports_to: cody_strat_lead
+ location: Malmö, Sweden 🇸🇪
+ github: RXminuS
+ email: rik.nauta@sourcegraph.com
+ links: '[LinkedIn](https://www.linkedin.com/in/riknauta/)'
+ pronouns: He/Him or They/Them
+ pronunciation: '[pronounce my name 🔊](https://www.name-coach.com/rik-nauta)'
+ description: Originally from the Netherlands, Rik has called Sweden his home over the last 16 years. Although he was on the brink of completing his MSc in Engineering Physics, his fascination with AI (and apathy towards particles) led him to forgo his final course to create a company dedicated to developing an AI-powered contract writing assistant instead. Outside of his professional endeavors Rik is an avid skiier and a regular foster parent to guide-dog puppies and "problem" doggos. Rik's unique superpower is his remarkable ability to nap under any circumstances.