search

communitybridge / easycla

The Contributor License Agreement (CLA) service of the Linux Foundation lets project contributors read, sign, and submit contributor license agreements easily.
https://easycla.lfx.linuxfoundation.org
MIT License
64 stars 45 forks source link

PCC allows private repositories to be EasyCLA enabled #4143

Open jarias-lfx opened 1 year ago

jarias-lfx commented 1 year ago

Reporter

Name: Juansebastian Arias Username: jsarias Email: sarias@contractor.linuxfoundation.org

Summary

Currently in the PCC under EasyCLA section private repositories with previous EasyCLA information are being listed. Also it seems when a repository is EasyCLA enforced while public, if the repository is marked as private, the repo remains with EasyCLA enabled.

Scenarios

1. Listing private repositories: EasyCLA section in PCC it seems that is listing private repositories. Example with FINOS organization (https://v1.projectadmin.lfx.linuxfoundation.org/project/lf5qXfCPsXk2PDlwmn/tools/easycla/repositories/lf5qXfCPsXk2PDlwmn#70492e16-e760-425c-8ba5-8fb0b722ad2c), the repository https://github.com/finos/common-cloud-controls is visible and this repository is currently private:

image

We shouldn't list private repositories in the PCC. Or if there were previous EasyCLA records for the repository, while private, we shouldn't allow the repository to be enforced with EasyCLA.

2. Enforce EasyCLA on private repositories: This needs to be tested, if a private repository is listed in the EasyCLA section in PCC, will the system allow enforcing EasyCLA?.

We shouldn't allow enforcing EasyCLA on private repositories.

3. Keep EasyCLA enforced on private repositories: If EasyCLA is enforced on a public repository, then this repository is marked as private, the following should happen: 1- The repository should be marked as enabled = false in the cla-prod-repositories table. 2- The repository should disappear from the repository listing in the EasyCLA section in PCC.

We have confirmation on this scenario, the repository remains active like for https://github.com/finos/common-cloud-controls and it keeps listed in the PCC.

{
 "repository_id": "4b0d7a07-492a-454f-b50a-f0f874df214b",
 "date_created": "2023-09-01T09:47:28Z",
 "date_modified": "2023-09-01T09:47:28Z",
 "enabled": true,
 "is_remote_deleted": false,
 "note": "created on 2023-09-01T09:47:28Z",
 "project_sfid": "lf5qXfCPsXk2PDlwmn",
 "repository_external_id": "671130848",
 "repository_full_path": null,
 "repository_name": "finos/common-cloud-controls",
 "repository_organization_name": "finos",
 "repository_project_id": "70492e16-e760-425c-8ba5-8fb0b722ad2c",
 "repository_sfdc_id": "a092M00001JwBlEQAV",
 "repository_type": "github",
 "repository_url": "https://github.com/finos/common-cloud-controls",
 "version": "v1",
 "was_cla_enforced": false
}

Environment

Please complete the following information:

mlehotskylf commented 4 months ago

@nickmango @jarias-lfx is this still an issue?

mlehotskylf commented 4 months ago

This seem to be enhancement or gray area of this product. This logic to disable EasyCLA after repo is made private is currently not implemented and supported.

nickmango commented 4 months ago

++