From 74f47e2b1d1fa7cfd516e2b148e1dde76ff0698f Mon Sep 17 00:00:00 2001 From: Alex Corvin Date: Mon, 29 Jan 2024 09:21:38 -0500 Subject: [PATCH] Stop using peribolos for managing org membership (#226) * Remove github action to apply org membership We are no longer going to use Peribolos to manage permissions in the ODH org. Removing the action for applying membership so that changes don't get applied. * Stop using peribolos for managing org membership We've agreed at an ODH leadership level that we no longer want to use Peribolos for managing membership in the ODH org. This change removes the peribolos-specific contents of this repository and updates the README accordingly. --- .github/PULL_REQUEST_TEMPLATE.md | 17 ---- .github/build/Containerfile | 5 -- .github/build/Pipfile | 11 --- .github/build/main.py | 98 ----------------------- .github/build/requirements.txt | 7 -- .github/workflows/approval_check.yml | 27 ------- .github/workflows/merge_membership_pr.yml | 47 ----------- .github/workflows/peribolos.yaml | 19 ----- HOWTO.md | 23 ------ README.md | 27 +------ odh-dashboard | 1 - 11 files changed, 3 insertions(+), 279 deletions(-) delete mode 100644 .github/PULL_REQUEST_TEMPLATE.md delete mode 100644 .github/build/Containerfile delete mode 100644 .github/build/Pipfile delete mode 100644 .github/build/main.py delete mode 100644 .github/build/requirements.txt delete mode 100644 .github/workflows/approval_check.yml delete mode 100644 .github/workflows/merge_membership_pr.yml delete mode 100644 .github/workflows/peribolos.yaml delete mode 100644 HOWTO.md delete mode 160000 odh-dashboard diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 5486d3a7..00000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,17 +0,0 @@ -## Description - - - -## New Open Data Hub Member Requirements -- [ ] New members have reviewed and acknowledged the Open Data Hub: - - [Code of Conduct](https://github.com/opendatahub-io/opendatahub-community/blob/main/CODE_OF_CONDUCT.md) - - [Contribution Guide](https://github.com/opendatahub-io/opendatahub-community/blob/main/contributing.md) - - [Community Membership Guidelines](https://github.com/opendatahub-io/opendatahub-community/blob/main/community-membership.md) -- [ ] [Enabled 2FA on their GitHub account](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication) - -## Pull Request Requirements -- [ ] New members are added in alphabetical order -- [ ] Only one new member change per commit (if you add two members separate it in two commits -- [ ] For individual user changes: Commit message format `Add to `. -- [ ] For new team requests: Commit message format `Create `. If the new team consists solely of existing members, you may -- [ ] New GitHub team requests are from an existing opendatahub-io member who will function as the maintainer of the team. Each additional member will follow the same requirements for adding new members diff --git a/.github/build/Containerfile b/.github/build/Containerfile deleted file mode 100644 index 471b27d2..00000000 --- a/.github/build/Containerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM registry.access.redhat.com/ubi9/python-311:1-7.1684740557 - -COPY requirements.txt /tmp/requirements.txt -RUN pip install -r /tmp/requirements.txt -COPY main.py /tmp/main.py diff --git a/.github/build/Pipfile b/.github/build/Pipfile deleted file mode 100644 index 0757494b..00000000 --- a/.github/build/Pipfile +++ /dev/null @@ -1,11 +0,0 @@ -[[source]] -url = "https://pypi.org/simple" -verify_ssl = true -name = "pypi" - -[packages] - -[dev-packages] - -[requires] -python_version = "3.11" diff --git a/.github/build/main.py b/.github/build/main.py deleted file mode 100644 index 184cca79..00000000 --- a/.github/build/main.py +++ /dev/null @@ -1,98 +0,0 @@ -import yaml -import os -import requests - -def main(): - with open("./config/opendatahub-io/org.yaml", "r") as f: - data = yaml.load(f, Loader=yaml.FullLoader) - new_odh_org = data.get("orgs").get("opendatahub-io") - os.system("git fetch --all") - os.system("git checkout main") - - with open("./config/opendatahub-io/org.yaml", "r") as f: - data = yaml.load(f, Loader=yaml.FullLoader) - old_odh_org = data.get("orgs").get("opendatahub-io") - - pr_number = os.environ.get("PR_NUMBER") - affected_teams = get_affected_groups(old_odh_org, new_odh_org) - approver_teams = get_valid_approvers(old_odh_org, affected_teams) - pr_approvers = get_pr_approvers(pr_number, os.environ.get("TOKEN")) - - approved = True - for team in approver_teams: - if team[1].intersection(pr_approvers): - print(f"Valid reviewer found for {team[0]} in PR approvers.") - else: - print(f"No valid reviewers found for {team[0]} in PR approvers. Request approval from one of the following: {team[1]}") - approved = False - if not approved: - exit(1) - - -def get_affected_groups(old_org, new_org): - affected_groups = {"teams": [], "org_changed": False} - if old_org==new_org: - print("No changes detected to org yaml") - exit(0) - old_org_teams = old_org.get("teams") - new_org_teams = new_org.get("teams") - for team in old_org_teams: - if old_org_teams.get(team) != new_org_teams.get(team): - print(f"{team} has been changed") - affected_groups["teams"].append(team) - for key, value in old_org.items(): - if key != "teams": - if value != new_org.get(key): - affected_groups["org_changed"] = True - break - return affected_groups - - -def get_valid_approvers(org: dict, groups: dict): - approvers = [] - for team in groups["teams"]: - maintainers = org.get("teams").get(team).get("maintainers") - if maintainers: - approvers.append((team, set(maintainers))) - else: - print(f"{team} does not have a maintainers defined.") - if groups["org_changed"]: - approvers.append((org.get("name"), set(org.get("admins")))) - return approvers - - -def get_pr_approvers(id: int, token: str): - people_who_rejected = set() - - response = requests.get( - "https://api.github.com/repos/" + os.environ.get("REPO") + "/pulls/" + id + "/reviews", - headers={ - "Authorization": "Bearer " + token - } - ) - - # Check the response status code - if response.status_code == 200: - # Get the list of review comments from the response - reviews = response.json() - - # Create a list of users who have approved the PR - approved_users = set() - for review in reviews: - if review['state'] == "CHANGES_REQUESTED": - people_who_rejected.add(review['user']['login']) - if review['state'] == "APPROVED": - approved_users.add(review['user']['login']) - if review['user']['login'] in people_who_rejected: - people_who_rejected.remove(review['user']['login']) - if (len(people_who_rejected) > 0): - print(f"The following people have requested changes: {people_who_rejected}") - exit(1) - return approved_users - else: - print(f"Received an invalid response code: {response.status_code}") - exit(1) - - -if __name__ == "__main__": - main() diff --git a/.github/build/requirements.txt b/.github/build/requirements.txt deleted file mode 100644 index 8b4d366c..00000000 --- a/.github/build/requirements.txt +++ /dev/null @@ -1,7 +0,0 @@ -certifi==2023.5.7 -charset-normalizer==3.1.0 -idna==3.4 -PyYAML==6.0 -requests==2.31.0 -smmap==5.0.0 -urllib3==2.0.2 diff --git a/.github/workflows/approval_check.yml b/.github/workflows/approval_check.yml deleted file mode 100644 index 8a8a27c2..00000000 --- a/.github/workflows/approval_check.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Check Membership Pull Request -on: - pull_request_review: -jobs: - check-membership-approvals: - runs-on: ubuntu-latest - container: - image: quay.io/opendatahub/org-management-checker:v0.0.4 - steps: - - uses: actions/checkout@v3 - - name: Run PR validation - id: pr-validation - run: python3 /tmp/main.py - env: - TOKEN: ${{secrets.GITHUB_TOKEN}} - PR_NUMBER: ${{github.event.pull_request.number}} - REPO: ${{github.repository}} - - name: Save PR number - if: steps.pr-validation.outcome == 'success' - run: | - mkdir -p ./pr - echo ${{ github.event.number }} > ./pr/NR - - uses: actions/upload-artifact@v2 - if: steps.pr-validation.outcome == 'success' - with: - name: pr - path: pr/ diff --git a/.github/workflows/merge_membership_pr.yml b/.github/workflows/merge_membership_pr.yml deleted file mode 100644 index b7dae46e..00000000 --- a/.github/workflows/merge_membership_pr.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Merge PR if membership validation succeeded -on: - workflow_run: - workflows: - - Check Membership Pull Request - types: - - completed -jobs: - merge-pr: - permissions: - contents: write - runs-on: ubuntu-latest - steps: - - name: 'Download artifact' - uses: actions/github-script@v3.1.0 - with: - script: | - var artifacts = await github.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{github.event.workflow_run.id }}, - }); - var matchArtifact = artifacts.data.artifacts.filter((artifact) => { - return artifact.name == "pr" - })[0]; - var download = await github.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - var fs = require('fs'); - fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data)); - - run: unzip pr.zip - - name: 'Merge PR' - uses: actions/github-script@v3 - with: - github-token: ${{ secrets.ORG_MANAGEMENT_TOKEN }} - script: | - var fs = require('fs'); - var pr_number = Number(fs.readFileSync('./NR')); - await github.pulls.merge({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: pr_number, - merge_method: 'squash', - }); diff --git a/.github/workflows/peribolos.yaml b/.github/workflows/peribolos.yaml deleted file mode 100644 index d0dd13a2..00000000 --- a/.github/workflows/peribolos.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: Apply Organization Membership -on: - workflow_dispatch: {} - push: - branches: - - 'main' - paths: - - "config/opendatahub-io/org.yaml" -jobs: - peribolos: - runs-on: ubuntu-latest - container: - image: gcr.io/k8s-prow/peribolos - steps: - - uses: actions/checkout@v3 - - name: Apply ODH organization membership - run: | - echo ${{ secrets.ORG_MANAGEMENT_TOKEN }} > /.github_token.txt - peribolos --github-token-path /.github_token.txt --config-path "config/opendatahub-io/org.yaml" --fix-org --fix-org-members --fix-teams --fix-team-members --fix-team-repos --fix-repos --confirm diff --git a/HOWTO.md b/HOWTO.md deleted file mode 100644 index 5f4738ea..00000000 --- a/HOWTO.md +++ /dev/null @@ -1,23 +0,0 @@ -# How to run the peribolos - -The peribolos source code is located at https://github.com/kubernetes/test-infra/tree/master/prow/cmd/peribolos - -The peribolos binary can be run in the official peribolos container image at [gcr.io/k8s-prow/peribolos](gcr.io/k8s-prow/peribolos) - -### Peribolos workflow commands - -* Initial seed of the GitHub origanization -```bash -$ peribolos --dump-full --dump ${GITHUB_ORGANIZATION} --github-token-path ${GITHUB_ACCESS_TOKEN_FILENAME} | tee ${PERIBOLOS_GITHUB_ORG_CONFIG_FILE} -``` - -* Dry run to see what would change if you synchronized the organization to the yaml file -```bash -$ peribolos --github-token-path ${GITHUB_ACCESS_TOKEN_FILENAME} --config-path ${PERIBOLOS_GITHUB_ORG_CONFIG_FILE} -``` - -* Run peribolos AND commit the changes to GitHub -```bash -# --confirm is required to for any command to commit the changes to the github organization -$ peribolos --github-token-path ${GITHUB_ACCESS_TOKEN_FILENAME} --config-path ${PERIBOLOS_GITHUB_ORG_CONFIG_FILE} --fix-org --fix-org-members --fix-teams --fix-team-members --fix-team-repos --fix-repos --confirm -``` diff --git a/README.md b/README.md index eb9f5e3f..530be062 100644 --- a/README.md +++ b/README.md @@ -1,38 +1,17 @@ # opendatahub-io GitHub organization -This repository contains the metadata [configuration](/config) for the opendatahub-io Github -Organizations. The data here is consumed by the -[peribolos](https://docs.prow.k8s.io/docs/components/cli-tools/peribolos/) -tool to organization and team membership, as well as team creation and deletion. +This repository is no longer used to manage organization membership. Reach out to another +member of the OpenDataHub organization if you need to be added. If you do not know any +members of the OpenDataHub organization, membership in the opendatahub-io organization can be made by opening an [issue](https://github.com/opendatahub-io/org-management/issues/new/choose). Membership in the opendatahub-io project is governed by our [community guidelines](https://github.com/opendatahub-io/opendatahub-community/blob/main/community-membership.md). -NOTE: The opendatahub-io organization and team membership list will be managed by this repo only. Any differences between the actual opendatahub-io organzation membership and the [org.yaml](config/opendatahub-io/org.yaml) may result in a loss of org or team membership settings with the peribolos command is executed - -The application for membership in the opendatahub-io organization can be made by opening an [issue](https://github.com/opendatahub-io/org-management/issues/new/choose). -However, if you are already part of the opendatahub-io organization, you do not need to do this and can add yourself directly to the appropriate files. -For example, to also add yourself to the opendatahub-io organization, you can navigate to `config/opendatahub-io/org.yaml` and add your GitHub username to the list of members (in alphabetical order) - -Requirements - -* Add only one new member per commit (if you add two members separate it in two commits -* Commit message format `Add to org`. - -* New GitHub team requests can only come from an existing opendatahub-io member who will function as the maintainer of the team. Each additional member will follow the same requirements for adding new members -* Commit message format `Create ` - ## Community, discussion, contribution, and support Learn how to engage with the opendatahub-io community on the [community page](http://github.com/opendatahub-io/opendatahub-community/). -You can reach the maintainers of this project at: - -- [#sig-platform](https://odh-io.slack.com/messages/sig-platform) on slack - -To report any sensitive information, please email the private github@kubernetes.io list. - ### Code of conduct Participation in the Open Data Hub community is governed by the diff --git a/odh-dashboard b/odh-dashboard deleted file mode 160000 index 1a682835..00000000 --- a/odh-dashboard +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 1a682835d320f6537af4d5538c757ebb2f4906c3