lukaszgryglicki
commented
1 year ago I just noticed this, so I will add this to DevStats after the KubeCon.
Open amye opened 1 year ago
lukaszgryglicki
commented
1 year ago I just noticed this, so I will add this to DevStats after the KubeCon.
lukaszgryglicki
commented
1 year ago On it.
lukaszgryglicki
commented
1 year ago lukaszgryglicki
commented
1 year ago Also added to All CNCF, examples:
Affiliations task will be finished later.
lukaszgryglicki
commented
1 year ago Some affiliations imported, and more affiliations will be continuously enhanced & updated in the future (as with all other CNCF projects).
I'm considering DevStats part done.
stianst
commented
1 year ago We've migrated chat to CNCF Slack (current channels are #keycloak #keycloak-dev and #keycloak-maintainers)
stianst
commented
1 year ago Provided emails for the maintainers to https://maintainers.cncf.io/ (https://github.com/cncf/foundation/pull/559)
amye
commented
1 year ago @stianst Checking in on this one:
This both puts your project on the landscape and the CNCF projects page, so it's pretty important!
Also - artwork?
stianst
commented
1 year ago @amye Keycloak is already listed on https://landscape.cncf.io/ (Keycloak was accepted as an Incubating project, not Sandbox). PR was sent here https://github.com/cncf/landscape/pull/3143
stianst
commented
1 year ago @amye for artwork we have our logos in SVG and PNG formats here https://github.com/cncf/artwork, but not in the sizes/formats/layouts expected by https://github.com/cncf/artwork. There's also some bugs in some of the SVGs that causes them not to render properly. We could probably do with a little help from someone in the CNCF to clean these up.
abstractj
commented
1 year ago @amye Keycloak does have an open governance written here https://github.com/keycloak/keycloak/blob/main/GOVERNANCE.md, I believe we can check this item as completed.
abstractj
commented
1 year ago @amye Keycloak does have its separate neutral GitHub organization https://github.com/keycloak. Could you please check this item as completed. I don't have the rights to do it.
abstractj
commented
1 year ago @amye we do understand the services available for your project at CNCF. Could you please check this item as completed?
abstractj
commented
1 year ago @amye we do understand the project proposal process. Could you please check this item as completed?
abstractj
commented
1 year ago @amye online programs were already reviewed. I believe we can check this item as completed.
stianst
commented
1 year ago For signed commits will the Require signed commits option provided by GitHub fill the needs for ensure DCO or CLA are enabled for all GitHub repositories of the project
krook
commented
1 year ago For signed commits will the Require signed commits option provided by GitHub fill the needs for
ensure DCO or CLA are enabled for all GitHub repositories of the project
No, as that option only verifies the authenticity of the commits. The DCO ensures that what is actually committed is clean for IP purposes.
stianst
commented
1 year ago We're actively trying to get through this list at the moment, so far we've made some progress. The following tasks are completed from our perspective:
We've also sent a PR for artwork here https://github.com/cncf/artwork/pull/439
stianst
commented
1 year ago For signed commits will the Require signed commits option provided by GitHub fill the needs for
ensure DCO or CLA are enabled for all GitHub repositories of the projectNo, as that option only verifies the authenticity of the commits. The DCO ensures that what is actually committed is clean for IP purposes.
Got it thanks, we'll look at DCO or CLA then. Any suggestions which is the best?
jberkus
commented
1 year ago DCOs require substantially less administration. They're basically automatic. CLAs are not.
stianst
commented
1 year ago Thanks, having read about this some more I'd say DCOs seem the way to go. One final question here though is previous contributions/commits. Is it acceptable to say DCO are required for new contributions, but not past contributions?
Same problem would apply only differently for CLAs. We would have a hard time to get a CLA with every developer that has contributed to Keycloak in the past.
jberkus
commented
1 year ago Yeah, that's normal for projects joining the CNCF. You just start taking DCOs for new contributions.
Cmierly
commented
11 months ago Hi @stianst ! My name is Crystal Mierly and I will be taking over assisting new sandbox projects with the onboarding process! I have gone ahead and updated the list based on your completed tasks so you are a bit closer to completing onboarding.
Did you successfully adopt DCOs for new contributions? Please let me know if you have any further questions or concerns!
stianst
commented
11 months ago Hi @Cmierly
We're an incubating project, not a sandbox project, and we've been trying to wrap-up the on-boarding this year, but took longer than we hoped. We are hoping that we can wrap this stuff up early 2024.
We have adopted DCOs and enabled the app for all repositories under our GitHub organization. We've also transferred website analytics to projects@cncf.io.
Cmierly
commented
11 months ago Apologies for the mistake! I've updated the list again, thank you so much for the update
abstractj
commented
10 months ago @amye when you get the chance, could you please add a checkmark to the "Code of Conduct" checkbox? It was completed with https://github.com/keycloak/keycloak?tab=coc-ov-file and https://github.com/keycloak/keycloak/blob/main/README.md.
krook
commented
10 months ago @abstractj it looks like that item is now checked off.
abstractj
commented
10 months ago Thank you @krook, we will continue the work on the remaining items.
idvoretskyi
commented
6 months ago @abstractj a quick check here. There are a few remaining items, any assistance is required with them?
abstractj
commented
6 months ago @abstractj a quick check here. There are a few remaining items, any assistance is required with them?
@idvoretskyi thank you for offering your help. Our team is currently reassessing all the licenses involved in the project. Based on this reassessment, we are making adjustments wherever possible. Once we have completed this process, we will be in a better position to request any required license exceptions.
We appreciate your support and will reach out if necessary.
idvoretskyi
commented
6 months ago @abstractj no problem, thanks!
RobertKielty
commented
6 months ago stianst
commented
6 months ago Keycloak are setup on the CNCF Group on Snyk so marking
Adopt a license scanning tool, like FOSSA or Snyk
as complete.
Thanks for setting this up. How can we access this ourselves? We have reviewed Snyk ourselves, and found quite a few issues with it, so are currently looking at alternatives. I would not consider adopt a license scanning tool as completed from our end at least.
@abstractj FIY
idvoretskyi
commented
6 months ago @RobertKielty may assist here
RobertKielty
commented
6 months ago @stianst Thank you for setting up the scan and generating the report!
Here is the license policy that the project needs to comply with:
https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
And this is the report that was generated by Snyk
https://app.snyk.io/org/keycloak-ZRks6RWforY2vApE6rMePA/reports/licenses
If you have questions about the policy and need to get advice on how best to handle non-conformance log a Service Desk highlighting the specific dependancies and their licenses. Download a CSV version of the report. When you filter for the licenses that ranked medium and high there are 4 medium issues and 1 high priority issue.
The CNCF Project Team will triage the request and advise on how best to proceed.
jberkus
commented
5 months ago @Cmierly the trademark and IP transfer should have been complete months ago. Can you verify?
Cmierly
commented
5 months ago @jberkus Yup! It is signed and complete!
abstractj
commented
5 months ago @Cmierly @jberkus @jeefy considering that we have already submitted a license exception request, completed the trademarks and IP transfer, and established Keycloak as a separate organization, can we mark the following items as complete?
cc @stianst
krook
commented
4 months ago Update from meeting between @krook, @jeefy, and @stianst
thelinuxfoundation as an owner, and board Insights
ahus1
commented
3 months ago @amye - please check off "OpenSSF Best Practices Badge" as it has been implemented, see the screenshot below taken from Keycloak's main repository: https://github.com/keycloak/keycloak
abstractj
commented
2 months ago @mrbobbytables why this was moved under sandbox, if the project is under incubation? cc @stianst
stianst
commented
1 week ago @caniszczyk @jeefy Domain: transfer domain to the CNCF has been completed
stianst
commented
1 week ago @mrbobbytables Why was this moved to Sandbox? cc: @caniszczyk @jeefy
angellk
commented
1 week ago @stianst ALL of the project onboarding issues were moved to the Sandbox board to clean up the TOC board. Very few projects went straight to Incubation- so this is not a reflection of the project's maturity in this case. Thanks for understanding.
cc: @abstractj
krook
commented
22 hours ago @caniszczyk @jeefy
Domain: transfer domain to the CNCFhas been completed
Excellent, I checked that off the list.
So the final remaining items here relate to GitHub @abstractj @stianst:
- [ ] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership that we will onboard to our GitHub Enterprise instance: https://github.com/enterprises/cncf
For reasons we've discussed earlier around GitHub Actions, we won't move the organization into GitHub Enterprise yet. However, in order to maintain a neutral home for the project, we'll still need to add thelinuxfoundation as an organization owner.
- [ ] Insights: add to LFX Insights https://insights.v3.lfx.linuxfoundation.org/
When that's done, we'll also then be able use that id to add the GitHub app to enable Keycloak for onboarding to LFX Insights. At that point we can call onboarding (as an Incubating project) complete.
Welcome to CNCF Project Onboarding! This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project. We would like to complete onboarding within one month of acceptance.
From the project side, please ensure that you:
Things that CNCF will need from the project:
Things that the CNCF will do or help the project to do: