|
6 | 6 |
|
7 | 7 | This RFC proposes a policy for managing permissions to the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within this organization. |
8 | 8 |
|
9 | | -This RFC was written in consultation with the Governance Working Group and the Infrastructure team. Most discussion took place on [this issue](https://github.com/rust-lang/wg-governance) and [this pull request](https://github.com/rust-lang/wg-governance/pull/42). |
| 9 | +This RFC was written in consultation with the Governance Working Group and the Infrastructure team. Most discussion took place on [this issue](https://github.com/rust-lang/wg-governance/issues/4) and [this pull request](https://github.com/rust-lang/wg-governance/pull/42). |
10 | 10 |
|
11 | 11 | # Motivation |
12 | 12 | [motivation]: #motivation |
13 | 13 |
|
14 | | -Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed ad-hoc. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org and also allow the infra team to build appropriate tooling to automate access control when possible. |
| 14 | +Access control for the [Rust-Lang GitHub Organization](https://www.github.com/rust-lang) and repositories within that organization is currently managed either through the [rust-lang team database][db], or ad-hoc via the GitHub UI by the org administrators. We need a policy that defines how these accesses are granted and managed. This will allow us to have greater security in permissions to our GitHub org, and provide transparency and clarity on how access is managed. |
| 15 | + |
| 16 | +[db]: https://github.com/rust-lang/team/ |
15 | 17 |
|
16 | 18 | # Guide-level explanation |
17 | 19 | [guide-level-explanation]: #guide-level-explanation |
18 | 20 |
|
19 | 21 | ## Rust-Lang GitHub Permissions Policy |
| 22 | + |
20 | 23 | This policy applies to both the [Rust-Lang GitHub Organization](https://github.com/rust-lang/) and all repositories within that organization. |
21 | 24 |
|
22 | 25 | ### Rust-Lang Organization |
23 | 26 |
|
24 | | -Membership in the Rust-Lang GitHub organization is managed by the organization owners. |
| 27 | +Access to the Rust-Lang GitHub organization is managed with the [rust-lang team database][db]. The team database is managed by the [team-repo-admins], whose policies are specified in the [Team Maintenance] documentation. |
25 | 28 |
|
26 | | -Selected members of the [Infrastructure Team](https://github.com/rust-lang/team/blob/master/teams/infra.toml) can also be organization owners if their work requires it. |
| 29 | +Selected members of the [Infrastructure Team] can also be organization owners if their work requires it. |
27 | 30 |
|
28 | 31 | All GitHub accounts used to interact with the Rust-Lang GitHub organization (owner or non-owner) must have 2FA enabled. |
29 | 32 |
|
| 33 | +[team-repo-admins]: https://github.com/rust-lang/team/blob/master/teams/team-repo-admins.toml |
| 34 | +[Team Maintenance]: https://forge.rust-lang.org/infra/team-maintenance.html |
| 35 | +[Infrastructure Team]: https://github.com/rust-lang/team/blob/master/teams/infra.toml |
| 36 | + |
30 | 37 | ### Rust-Lang Repositories |
31 | 38 |
|
32 | | -Access to and permissions for repositories within the Rust-Lang organization must be administered through GitHub teams, rather than through individual GitHub accounts. Note that this refers to the GitHub notion of teams, not the Rust governance structure notion of teams. Rust-Lang GitHub teams are administered through the [Team repository](https://github.com/rust-lang/team). |
| 39 | +Access to and permissions for repositories within the Rust-Lang organization must be administered through the [rust-lang team database][db]. Permissions should not be given to individuals, only to teams or groups. |
33 | 40 |
|
34 | 41 | GitHub provides several permission levels for access to a repository. Please refer to [GitHub's documentation](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization) for details on permission levels and what each level can do. |
35 | 42 |
|
36 | 43 | Repositories in the Rust-Lang organization should follow these permission guidelines: |
37 | 44 |
|
38 | | -* **Admin** - only Rust team or working group leads should have this permission level |
39 | | -* **Write** - contributors within GitHub teams may have this permission level at the discretion of the team leads. Members of the triage team should also ge given this level of access so they have the ability edit issue descriptions. |
40 | | -* **Read** - by default, everyone should have access to read repositories |
| 45 | +* **Admin** --- No users or teams except for org admins should have this permission level. |
| 46 | +* **Maintain** --- Teams may have this permission level at their discretion for repositories the team is responsible for. |
| 47 | + Repositories using the [bors] bot may want to consider using the *write* permission level instead in order to deactivate the "Merge" button on PRs to enforce that merges go through bors. |
| 48 | +* **Write** --- Teams that are responsible for a repository should have at least this permission level. |
| 49 | +* **Triage** --- This role is available if teams want to give these permissions to other teams, such as for triage support. Unfortunately this role does not allow contributors to edit issue descriptions or titles, so its utility for that purpose is limited. |
| 50 | +* **Read** --- This role is unnecessary, and should not be used (it is generally only relevant to private repositories, and we do not have a use case for it). |
41 | 51 |
|
42 | | -GitHub does provide another permission level - Triage - which is geared toward contributors involved in issue and pull request management. This permission level unfortunately does not allow contributors to edit issue descriptions, which is something Rust's triage teams do frequently. Therefore, contributors in triage roles should be assigned "Write" permissions, rather than "Triage" permissions. |
| 52 | +Teams who are responsible for a repository may give access to other teams at their discretion. |
| 53 | + |
| 54 | +Teams or groups may ask for repositories to be created to fulfill their needs by opening a PR to the [Team Repository][db]. It is up to the team-repo-admins to approve creating the repositories. Existing repositories that need to be transferred from outside the rust-lang organization should consult with the Infrastructure Team to fulfill that request. |
43 | 55 |
|
44 | 56 | By default, repositories should be public and allow read access to all. When needed, some repositories can have limited read access (i.e. repositories related to security). |
45 | 57 |
|
46 | | -Some teams - such as the moderation team - need broad access to public Rust-Lang repositories. The first way to manage this is through creating a GitHub team managed through the [Team Repository](https://github.com/rust-lang/team) and granting that team appropriate permissions to all appropriate repos. Another way is to create tooling that will allow a member of the moderation team to selectively and temporarily gain the access that they need when it is needed (such as deleting a comment or issue). For now, we are proceeding with managing access to repos for moderation through a GitHub team, however, should it be needed, we can develop tooling to apply more fine grained and time limited access. |
| 58 | +Some teams - such as the moderation team - need broad access to public Rust-Lang repositories. The first way to manage this is through creating a GitHub team managed through the [Team Repository][db] and granting that team appropriate permissions to the appropriate repos. Another way is to create tooling that will allow a member of the moderation team to selectively and temporarily gain the access that they need when it is needed (such as deleting a comment or issue). For now, we are proceeding with managing access to repos for moderation through a GitHub team, however, should it be needed, we can develop tooling to apply more fine grained and time limited access. |
| 59 | + |
| 60 | +Bot accounts controlled by the Infrastructure Team (such as the [triagebot]) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. |
47 | 61 |
|
48 | | -Bot accounts controlled by the Infrastructure Team (such as the [Rust High Five Bot](https://github.com/rust-highfive)) can be granted any level of access required for them to work at the discretion of the Infrastructure Team. |
| 62 | +[bors]: https://github.com/rust-lang/homu |
| 63 | +[triagebot]: https://forge.rust-lang.org/triagebot/index.html |
| 64 | + |
| 65 | +## Implementation |
| 66 | + |
| 67 | +It is the responsibility of the Leadership Council, the Infrastructure Team, and the team-repo-admins to finish the migration to implement this policy. New teams may need to be created, which is outside the scope of this RFC to define. |
49 | 68 |
|
50 | 69 | # Drawbacks |
51 | 70 | [drawbacks]: #drawbacks |
52 | 71 |
|
53 | | -This policy would add more structure to managing GitHub permissions for both the [Rust-Lang GitHub Organization](https://github.com/rust-lang) and all repositories within it. Some might find this structure slows them down and alters their current workflow. |
| 72 | +There can be exceptional cases where a team wants to give repository access to an individual to assist with their work. Requiring them to join or create a team in order to perform that work can be a significant hassle. Teams who find they need this frequently should consider creating a "contributors" subteam for that purpose, or to investigate other tooling to assist with what they need. |
54 | 73 |
|
55 | 74 | # Unresolved questions |
56 | 75 | [unresolved-questions]: #unresolved-questions |
57 | 76 |
|
58 | | -- Should these rules applied to Rust-Lang affiliated repositories and organizations that are outside of the [Rust-Lang GitHub Org](https://www.github.com/rustlang)? |
59 | | -- Should we automate this process? |
60 | | -- How do we ensure that changes to the [Teams Repository](https://github.com/rust-lang/team) are reviewed and merged promptly? |
| 77 | +- Should these rules applied to Rust-Lang affiliated repositories and organizations that are outside of the [Rust-Lang GitHub Org](https://www.github.com/rust-lang), such as [rust-embedded](https://github.com/rust-embedded)? |
| 78 | + |
| 79 | +# Future possibilities |
| 80 | + |
| 81 | +- [Custom GitHub Roles](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles) could be created for use cases where the existing roles do not suffice. |
| 82 | +- Extend tooling, such as [triagebot], to provide extended permissions that are not normally available (for example, it currently offers [labeling](https://forge.rust-lang.org/triagebot/labeling.html)). |
0 commit comments