[SANDBOX PROJECT ONBOARDING] KusionStack

[mrbobbytables]

Welcome to CNCF Project Onboarding

ref: https://github.com/cncf/sandbox/issues/83

This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project.

We would like your project to complete onboarding within one month of acceptance.

Please track your progress by using "Quote reply" to create your own copy of this checklist in an issue, so that you can update the status as you finish items.

Review and understand

• [ ] The Technical Leadership Principles that outlines the expected behavior for any maintainer in a leadership role.
• [ ] The project proposal process and requirements.
• [ ] The services available for your project at the CNCF.
• [ ] The CNCF IP Policy.
• [ ] The trademark guidelines.
• [ ] The license allowlist.
• [ ] The online program guidelines.
• [ ] Book time with CNCF staff to understand project benefits and event resources.

Contribute and transfer

• [ ] Move your project to its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account. If it's already in a GHE account, you will need to remove it from that first.
• [ ] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project.
• [ ] Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace. CNCF staff can help.
• [ ] Submit a pull request to add your project as a Sandbox project to the Cloud Native Landscape by updating landscape.yml following these instructions.
• [ ] Transfer your domain to the CNCF. The "LF Stakeholder email" is projects@cncf.io.
• [ ] Transfer any trademark and logo assets to the Linux Foundation.
• [ ] Submit a pull request with your artwork.
• [ ] Transfer website analytics to projects@cncf.io. CNCF staff can help.

Update and document

• [ ] Ensure that DCO (preferred) or CLA are enabled for all GitHub repositories of the project.
• [ ] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub.
• [ ] Ensure LF footer is on your website and guidelines are followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README file).
• [ ] Create a maintainer list and add it to the aggregated CNCF maintainer list via pull request.
• [ ] Provide emails for the maintainers to get access to the maintainers mailing list and Service Desk. Email them to project-onboarding@cncf.io.
• [ ] Start working on written, open governance.
• [ ] Start on an OpenSSF Best Practices Badge.

CNCF staff tasks

• [ ] Add the project to DevStats.
• [ ] Add the project to CLOmonitor.
• [ ] Add the project to LFX Insights. This is done by adding a read-only app to your GitHub organization once it's in CNCF GHE.
• [ ] Add the project to LFX Project Control Center.
• [ ] Add a license scanning tool, like FOSSA or Snyk.
• [ ] Invite developers to the #maintainers-circle Slack channel.
• [ ] Send a welcome email to confirm maintainer list access.

[mrbobbytables]

@Cmierly this should be good to go to begin onboarding :)

@SparkYuan tagging you here as an FYI, please tag any others from the project who should follow this issue.

[ffforest]

Thanks @mrbobbytables! We will follow up on the items in this issue.

[ffforest]

I am working on the following items:

• [ ] Move your project to its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account. If it's already in a GHE account, you will need to remove it from that first.

Question about this one: Does "neutral" here represent "not in a GHE account currently"? We are planning to transfer all repositories currently under the KusionStack organization. I take it as we don't need to create a new org for that?

There are 3 private repos and 2 public-archived repos at the moment. Can they be transferred while staying private/archived, or do we need to get rid of them first?

We are also cleaning up the outdated repos and then everything else should be good to transfer.

These can be expected by the end of the week:

• [ ] Ensure that DCO (preferred) or CLA are enabled for all GitHub repositories of the project.
• [ ] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub.
• [ ] Ensure LF footer is on your website and guidelines are followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README file).
• [ ] Create a maintainer list and add it to the aggregated CNCF maintainer list via pull request.
• [ ] Provide emails for the maintainers to get access to the maintainers mailing list and Service Desk. Email them to project-onboarding@cncf.io.
• [ ] Start working on written, open governance.
• [ ] Start on an OpenSSF Best Practices Badge.

These two might take a bit longer:

• [ ] Transfer your domain to the CNCF. The "LF Stakeholder email" is projects@cncf.io.
• [ ] Transfer any trademark and logo assets to the Linux Foundation.

Could you please also tag the CNCF staff that can help with the following?

• [ ] Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace.
• [ ] Transfer website analytics to projects@cncf.io.

cc @mrbobbytables @Cmierly @idvoretskyi @krook @jeefy

[ffforest]

This artwork PR is ready for review. Since our logo is basically just words, I'm using Helm as a reference which uses the same set images for horizontal, stacked and logo.

[ ] Submit a pull request with your artwork.

[mrbobbytables]

We are planning to transfer all repositories currently under the KusionStack organization. I take it as we don't need to create a new org for that?

Correct. 👍 If the entire org is going to be donated you don't have to worry about moving it to a separate one.

As a followup we can update the wording in the template to make that a bit more clear.

[idvoretskyi]

@ffforest with the Slack migration either myself of @RobertKielty are happy to assist!

The same with:

Add a license scanning tool, like FOSSA or Snyk.

[mrbobbytables]

Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace.

myself, @krook or @jeefy can help here. How many channels do you have? If its a small number the easiest method might be to manually recreate them in cncf or kubernetes slack.

[RobertKielty]

Hi @ffforest, for FOSSA and/or Snyk we will need one or more email addresses to invite you to join the CNCF service instances that are provided to CNCF Projects.

You send us the email addresses by emailing them to projects@cncf.io

For FOSSA and Snyk - The email addresses you send us need to be associated with GitHub user accounts that have access to the code repos that will be scanned.

[RobertKielty]

@ffforest, I have made a KusionStack Team on CNCF FOSSA and a KusionStack Organziation on CNCF Snyk for the project.

@Cmierlym, I've added KusionStack to our internal records.

[ffforest]

We are planning to transfer all repositories currently under the KusionStack organization. I take it as we don't need to create a new org for that?

Correct. 👍 If the entire org is going to be donated you don't have to worry about moving it to a separate one.

As a followup we can update the wording in the template to make that a bit more clear.

Thanks @mrbobbytables! For the private repos, can they be donated as-is, or do we have to make them public first?

[ffforest]

Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace.

myself, @krook or @jeefy can help here. How many channels do you have? If its a small number the easiest method might be to manually recreate them in cncf or kubernetes slack.

We have 2 channels with about 70 people in them. What would you recommend? Create a new one and redirect people to it from the existing one?

[mrbobbytables]

as-is is fine - a good chunk of projects use private repos for things like security patch testing before pushing to public etc

[ffforest]

Hi @ffforest, for FOSSA and/or Snyk we will need one or more email addresses to invite you to join the CNCF service instances that are provided to CNCF Projects.

You send us the email addresses by emailing them to projects@cncf.io

For FOSSA and Snyk - The email addresses you send us need to be associated with GitHub user accounts that have access to the code repos that will be scanned.

Thanks @RobertKielty! I have just sent the email over. Is there anything else you need on the FOSSA/Snyk front?

[RobertKielty]

For FOSSA and Snyk - The email addresses you send us need to be associated with GitHub user accounts that have access to the code repos that will be scanned.

Thanks @RobertKielty! I have just sent the email over. Is there anything else you need on the FOSSA/Snyk front?

That's perfect thank you. I have received the emails you have sent over. cc @Cmierly

Next step would be to state a preference for the project to use either FOSSA or Snyk.

[mrbobbytables]

We have 2 channels with about 70 people in them. What would you recommend? Create a new one and redirect people to it from the existing one?

For that amount of users, I'd probably lean towards import. @RobertKielty @idvoretskyi would either of you be able to help?

[ffforest]

For FOSSA and Snyk - The email addresses you send us need to be associated with GitHub user accounts that have access to the code repos that will be scanned. Thanks @RobertKielty! I have just sent the email over. Is there anything else you need on the FOSSA/Snyk front?

That's perfect thank you. I have received the emails you have sent over. cc @Cmierly

Next step would be to state a preference for the project to use either FOSSA or Snyk.

Absolutely. FOSSA would do. Appreciate the help!

[RobertKielty]

@ffforest thank you!

I have emailed out FOSSA invites to the maintainer team: @SparkYuan @liu-hm19 @zuomo @wu8685 @elliotxx @Eikykun @adohe @ruquanzhao @Yangyang96 @ColdsteelRail @shaofan-hs

Please note the following:

1. For registration with the CNCF FOSSA Organizaion, the email addresses we use to invite the team members MUST NOT be associated with any other FOSSA Organization.
2. Once an invite is accepted I need to manually add the first team member to the Team in FOSSA. We grant Team Members the role of FOSSA Team Admin. Remaining members who sucessfully accept the their invitations to join CNCF FOSSA can be added to the new Team by the first KusionStack Team Admin or a CNCF Organziation Admin.
3. The email addresses MUST be associated with GitHub user accounts that have read/write access to the code repos that will be imported for license scanning.

For the initial license scans of the code repos we only need one maintainer to sucessfully register and import the repos so that we can see reports on the 3rd party licenses used in the project code repos.

Feel free to have one of the maintainers reach out to me on CNCF Slack if support is required on getting setup.

If there is work to be done to bring the code repos into compliance with the 3rd Party License policy then we can focus on getting all of the maintainers on-boarded onto FOSSA.

I have sent out all of the invites, (one of the maintainers email addresses already had a FOSSA a/c associated with their email address) I will let you know who that was in my next comment.

[RobertKielty]

Hi @SparkYuan,

The email address that @ffforest passed on to us for you was already registered on FOSSA.

From a KusionStack on-boarding point of view, this is fine; as long as one of the other maintainers accepts their invite and imports the project's code repos into FOSSA then that will do for now.

If however you want to register with CNCF FOSSA now there are two options to choose from:

either

• we can ask FOSSA Support to transfer your existing FOSSA Account over to the CNCF FOSSA Organziation. or
• if you want to keep your existing FOSSA setup you can send me an alternative email address to use for CNCF FOSSA

Typically, we use the FOSSA support transfer option for accounts where a maintainer just used their email address to setup FOSSA for learning purposes and are happy to delete that account, and we use an alternate address for people who are already using FOSSA for work and need to keep using their existing FOSSA setup.

[ffforest]

Quick update:

Review and understand

• [ ] The Technical Leadership Principles that outlines the expected behavior for any maintainer in a leadership role.
• [ ] The project proposal process and requirements.
• [ ] The services available for your project at the CNCF.
• [ ] The CNCF IP Policy.
• [ ] The trademark guidelines.
• [ ] The license allowlist.
• [ ] The online program guidelines.
• [ ] Book time with CNCF staff to understand project benefits and event resources.

Contribute and transfer

• [x] Move your project to its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account. If it's already in a GHE account, you will need to remove it from that first.
• [ ] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project.
• [ ] Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace. CNCF staff can help.
• [x] Submit a pull request to add your project as a Sandbox project to the Cloud Native Landscape by updating landscape.yml following these instructions.
• [ ] Transfer your domain to the CNCF. The "LF Stakeholder email" is projects@cncf.io.
• [ ] Transfer any trademark and logo assets to the Linux Foundation.
• [x] Submit a pull request with your artwork.
• [ ] Transfer website analytics to projects@cncf.io. CNCF staff can help.

Update and document

• [x] Ensure that DCO (preferred) or CLA are enabled for all GitHub repositories of the project.
• [x] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub.
• [x] Ensure LF footer is on your website and guidelines are followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README file).
• [x] Create a maintainer list and add it to the aggregated CNCF maintainer list via pull request.
• [x] Provide emails for the maintainers to get access to the maintainers mailing list and Service Desk. Email them to project-onboarding@cncf.io.
• [x] Start working on written, open governance.
• [ ] Start on an OpenSSF Best Practices Badge.

[ffforest]

@ffforest thank you!

I have emailed out FOSSA invites to the maintainer team: @SparkYuan @liu-hm19 @zuomo @wu8685 @elliotxx @Eikykun @adohe @ruquanzhao @Yangyang96 @ColdsteelRail @shaofan-hs

Please note the following:

1. For registration with the CNCF FOSSA Organizaion, the email addresses we use to invite the team members MUST NOT be associated with any other FOSSA Organization.
2. Once an invite is accepted I need to manually add the first team member to the Team in FOSSA. We grant Team Members the role of FOSSA Team Admin. Remaining members who sucessfully accept the their invitations to join CNCF FOSSA can be added to the new Team by the first KusionStack Team Admin or a CNCF Organziation Admin.
3. The email addresses MUST be associated with GitHub user accounts that have read/write access to the code repos that will be imported for license scanning.

For the initial license scans of the code repos we only need one maintainer to sucessfully register and import the repos so that we can see reports on the 3rd party licenses used in the project code repos.

Feel free to have one of the maintainers reach out to me on CNCF Slack if support is required on getting setup.

If there is work to be done to bring the code repos into compliance with the 3rd Party License policy then we can focus on getting all of the maintainers on-boarded onto FOSSA.

I have sent out all of the invites, (one of the maintainers email addresses already had a FOSSA a/c associated with their email address) I will let you know who that was in my next comment.

Thank you @RobertKielty! I have just signed up and joined the CNCF FOSSA Org. My email is forest10161016@gmail.com.

[RobertKielty]

@Eikykun Thank you for accepting the FOSSA invite!

I have added you to the KusionStack Team in CNCF FOSSA as a Team Admin.

As a Team Admin when the rest of your colleagues accept their invites you will be able to add them to the Team on CNCF FOSSA. Be sure to also give your colleagues the Team Admin role so that they can self-serve on team administration tasks. For a description of the Team Admin Role within FOSSA see:

https://docs.fossa.com/docs/role-based-access-control#team-roles

The next step now is to import the KusionStack code repos into FOSSA

You can follow the instructions to import a project repos here

https://docs.fossa.com/docs/getting-started#importing-a-project

Important Notes:

1. Use the user account we have just set up for you
2. Use Team we have set up to import your code repos

If you need any support in getting a repo import completed, let me know, I am only 7hrs ahead of you. Typically, the import task takes a few minutes to setup and the first scans will start soon after setup is complete. From there, merging new Pull Requests will trigger scans on FOSSA.

[Eikykun]

@RobertKielty thank you! 😺

@ffforest I have added you as a team admin. Thank you for taking care of the next steps.