From 595ebeaead88221a89df5c1724534462ce496fa1 Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Mon, 26 Aug 2024 16:23:59 -0400 Subject: [PATCH 1/5] docs: updates triager role to reviewer role in contributor ladder Signed-off-by: Jennifer Power --- ...mination.yaml => reviewer_nomination.yaml} | 6 +-- MEMBERSHIP.md | 39 +++++++++++++------ 2 files changed, 30 insertions(+), 15 deletions(-) rename .github/ISSUE_TEMPLATE/{triager_nomination.yaml => reviewer_nomination.yaml} (87%) diff --git a/.github/ISSUE_TEMPLATE/triager_nomination.yaml b/.github/ISSUE_TEMPLATE/reviewer_nomination.yaml similarity index 87% rename from .github/ISSUE_TEMPLATE/triager_nomination.yaml rename to .github/ISSUE_TEMPLATE/reviewer_nomination.yaml index a31f3cd..e925712 100644 --- a/.github/ISSUE_TEMPLATE/triager_nomination.yaml +++ b/.github/ISSUE_TEMPLATE/reviewer_nomination.yaml @@ -1,6 +1,6 @@ -name: New triager nomination -description: Nomination for triager role for the community repository -title: 'Triager role for @' +name: New reviewer nomination +description: Nomination for reviewer role for the community repository +title: 'Reviewer role for @' labels: ["nomination"] assignees: - community-maintainers diff --git a/MEMBERSHIP.md b/MEMBERSHIP.md index c7cdc29..a56930f 100644 --- a/MEMBERSHIP.md +++ b/MEMBERSHIP.md @@ -2,7 +2,7 @@ This document outlines the various responsibilities of contributor roles in the OSCAL Compass organization. OSCAL Compass is made up of several projects that are defined as codebases and services with different release cycles, thus the responsibilities for roles are scope to individual projects. Where applicable for OSCAL Compass overall, contributor status is equal to the highest status that they have on any project. -This document outlines a core number of contributor roles for OSCAL Compass projects, such as _Member_, _Triager_, and _Maintainer_. An _Oversight Committee_ also serves to supervise the overall OSCAL Compass project and its health. Using transparent criteria, the journey between roles is based on individual participation. Criteria will be reevaluated periodically to ensure that we can meet the needs of each project with the resources available to contribute. +This document outlines a core number of contributor roles for OSCAL Compass projects, such as _Member_, _Reviewer_, and _Maintainer_. An _Oversight Committee_ also serves to supervise the overall OSCAL Compass project and its health. Using transparent criteria, the journey between roles is based on individual participation. Criteria will be reevaluated periodically to ensure that we can meet the needs of each project with the resources available to contribute. OSCAL Compass welcomes new contributors. Not all contributors are able to provide sustained contribution, but each contribution is welcome. Established contributors are expected to demonstrate their adherence to the criteria in this document, familiarity with project organization, roles, policies, etc., and technical and/or writing ability. Role-specific expectations, responsibilities, and requirements are explained below. @@ -13,8 +13,18 @@ The following table provides information about the current roles available to th | Role | Responsibilities | Requirements | Defined by | |------------|----------------------------------------------|---------------------------------------------------------------|-------------------------------| | Member | Active contributor in the community | Multiple contributions and sponsored by 2 Maintainers | OSCAL Compass GitHub org member | -| Triager | Triaging issues and PRs | History of issue and PR triage and sponsored by 2 Maintainers | OSCAL Compass GitHub Triage team member | -| Maintainer | Sets direction and priorities for a project | Demonstrated responsibility and excellent technical judgement. Nominated and approved by Maintainers team. | `MAINTAINERS.md` file on project level | +| Reviewer | Reviews issues and PRs | History of issue triage and PR review and sponsored by 2 Maintainers | OSCAL Compass GitHub Reviewer team member | +| Maintainer | Sets direction and priorities for a project | Demonstrated responsibility and excellent technical judgement. Nominated and approved by Maintainers team. | OSCAL Compass GitHub Maintainer team member, [CODEOWNERS](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners), and `MAINTAINERS.md` in each project | + +### Team to GitHub Permissions + +| Role | GitHub Permissions | +|------------|----------------------------------------------| +| Member | Read | +| Reviewer | Write with merging restricted via CODEOWNERS | +| Maintainer | Maintain | + +> Note: Each project will require push restriction branch protection rule to allow only CODEOWNERS to push to default branches. ### Member @@ -44,20 +54,22 @@ As a project Member, you have the following responsibilities and privileges: * You are responsive to issues and the pull requests assigned to them. * You are an active owner of code that you have contributed, unless ownership is explicitly transferred: - * You provide code that consistently pass tests. - * You consistently address bugs or issues that are discovered after code has been accepted. +* You provide code that consistently pass tests. +* You consistently address bugs or issues that are discovered after code has been accepted. -### Triager +### Reviewer -Triagers are active contributors in the community through issue and pull request triage. Triagers are expected to remain active in this task. +Reviewers are knowledgeable about both the codebase and are able review code for quality and correctness. They should expect issues and pull requests (PRs) to be assigned to them and respond per community expectations. -#### Triager requirements +#### Reviewer requirements -To become a project Triager, you must meet the following requirements: +To become a project Reviewer, you must meet the following requirements: * You have made multiple contributions to the project or community. Contribution may include, but is not limited to: * Triaging open issues or PRs. * Authoring or reviewing PRs on GitHub. + * Demonstrating knowledge of the codebase + * Participating in design discussions. * Contributing to community discussions (e.g. meetings, Slack). * You have been sponsored by two Maintainers. @@ -68,13 +80,16 @@ Any person who meets the requirements may be nominated by a contributor, includi * Ensure that the sponsors are `@mentioned` on the issue. * Make sure that the list of contributions included is representative of the work on the project. -#### Triager responsibilities and privileges +#### Reviewer responsibilities and privileges -As a project Triager, you have the following responsibilities and privileges: +As a project Reviewer, you have the following responsibilities and privileges: +* You have the permission to approve, but not merge, a PR. * You have permission to label issues and PRs. * You consistently assign, close, and reopen issues or PRs. * You actively triage issues and PRs with high quality. +* You will be assigned PRs to review in the project. +* You will be assigned issues to investigate in the project. ### Maintainer @@ -105,7 +120,7 @@ As a project Maintainer, you have the following responsibilities and privileges: * You make and approve technical design decisions. * You set technical direction and priorities. * You define milestones and releases. -* You mentor and guide contributors to the project, including mentoring and sponsoring potential Triager and Maintainer candidates. +* You mentor and guide contributors to the project, including mentoring and sponsoring potential Reviewer and Maintainer candidates. * You ensure the continued health of the project. * You are responsive to review requests. * You review assigned PRs that are related to your area of expertise. From e405e2ab18c83c23e9818023cf79230eebc915d9 Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Mon, 26 Aug 2024 16:26:14 -0400 Subject: [PATCH 2/5] fix: revert changes to Member role Signed-off-by: Jennifer Power --- MEMBERSHIP.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MEMBERSHIP.md b/MEMBERSHIP.md index a56930f..ee44c21 100644 --- a/MEMBERSHIP.md +++ b/MEMBERSHIP.md @@ -54,8 +54,8 @@ As a project Member, you have the following responsibilities and privileges: * You are responsive to issues and the pull requests assigned to them. * You are an active owner of code that you have contributed, unless ownership is explicitly transferred: -* You provide code that consistently pass tests. -* You consistently address bugs or issues that are discovered after code has been accepted. + * You provide code that consistently pass tests. + * You consistently address bugs or issues that are discovered after code has been accepted. ### Reviewer From 1488536204cf1eaaacd98bd47eea3487a4cd0180 Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Tue, 27 Aug 2024 15:16:29 -0400 Subject: [PATCH 3/5] fix: removes "both" to address PR feedback Signed-off-by: Jennifer Power --- MEMBERSHIP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MEMBERSHIP.md b/MEMBERSHIP.md index ee44c21..9e76a39 100644 --- a/MEMBERSHIP.md +++ b/MEMBERSHIP.md @@ -59,7 +59,7 @@ As a project Member, you have the following responsibilities and privileges: ### Reviewer -Reviewers are knowledgeable about both the codebase and are able review code for quality and correctness. They should expect issues and pull requests (PRs) to be assigned to them and respond per community expectations. +Reviewers are knowledgeable about the codebase and are able review code for quality and correctness. They should expect issues and pull requests (PRs) to be assigned to them and respond per community expectations. #### Reviewer requirements From 837241fb8f487e47a53c401857527a49c93f46f6 Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Tue, 27 Aug 2024 15:50:07 -0400 Subject: [PATCH 4/5] docs: rewords section about CODEOWNERS in MEMBERSHIP.md We want maintainer approval to merge PRs, but not restrict the ability to merge PRs with the proper approvals Signed-off-by: Jennifer Power --- MEMBERSHIP.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MEMBERSHIP.md b/MEMBERSHIP.md index 9e76a39..1c8cd0c 100644 --- a/MEMBERSHIP.md +++ b/MEMBERSHIP.md @@ -24,7 +24,7 @@ The following table provides information about the current roles available to th | Reviewer | Write with merging restricted via CODEOWNERS | | Maintainer | Maintain | -> Note: Each project will require push restriction branch protection rule to allow only CODEOWNERS to push to default branches. +> Note: Each project will require branch protection rule to require CODEOWNER approval for PRs to default branches. It GitHub this would mean setting the `Require review from Code Owners`. ### Member @@ -84,7 +84,7 @@ Any person who meets the requirements may be nominated by a contributor, includi As a project Reviewer, you have the following responsibilities and privileges: -* You have the permission to approve, but not merge, a PR. +* You have the permission to approve and merge a PR with CODEOWNER approval * You have permission to label issues and PRs. * You consistently assign, close, and reopen issues or PRs. * You actively triage issues and PRs with high quality. From 03341a818e293e3a0be49a56ec686e4f6721d28f Mon Sep 17 00:00:00 2001 From: Jennifer Power Date: Tue, 27 Aug 2024 15:54:29 -0400 Subject: [PATCH 5/5] docs: updates Team to GitHub Permission section Signed-off-by: Jennifer Power --- MEMBERSHIP.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MEMBERSHIP.md b/MEMBERSHIP.md index 1c8cd0c..3f95a48 100644 --- a/MEMBERSHIP.md +++ b/MEMBERSHIP.md @@ -21,10 +21,10 @@ The following table provides information about the current roles available to th | Role | GitHub Permissions | |------------|----------------------------------------------| | Member | Read | -| Reviewer | Write with merging restricted via CODEOWNERS | +| Reviewer | Write with merge restricted by CODEOWNER approval | | Maintainer | Maintain | -> Note: Each project will require branch protection rule to require CODEOWNER approval for PRs to default branches. It GitHub this would mean setting the `Require review from Code Owners`. +> Note: Each project will require branch protection rule to require CODEOWNER approval for PRs to default branches. In GitHub, this would mean setting the `Require review from Code Owners` in branch protection rule setting. ### Member