Enable LFX Insights On The Gramine Project

[bensternthal]

Description of the feature

Contents

This issue is to track the request to enable LFX Insights for the Gramine project. LFX Insights has already been activated for several other CCC projects and we enable this by default for new projects

What Is LFX Insights Insights provide projects with more visibility into their community dynamics, particularly around contributors, organizations, issues, and pull request metrics. It does this through an app (similar to the DCO bot) installed at the organization level. This is then enabled for one or more repos under the organization. Insights uses crowd.dev under the hood to gather read-only data about specified public repositories in a GitHub organization.

What Information Is Collected (only public information from Github)

• Stars/Un-stars
• Forks
• Issues
• Pull requests
• Discussions
• Comments on issues/pull requests/discussions
• Closing of issues/pull requests/discussions

What I Need From The Project

If folks have any questions or objections, please note this in the issue. If there are none we will enable insights in a week.

How Do We Turn This On

I need to be made an admin (this can be temporary) on the org, this will allow me to install the read only Linux Foundation app. Once I install the app my privileges can be revoked.

Note I am currently on staff at the LF and one of the Program Managers on CCC. Feel free to verify my identity with folks on CCC.

More Info You can find Insights documentation here.

Why Gramine should implement it?

N/A

[mkow]

Hi!

Why Gramine should implement it?

N/A

N/A? Could you say a bit more why would we want this tool installed?

I need to be made an admin

That's not fine with us, even temporary. But we could install the app ourselves (if we decide that we want it).

Best, mkow

[bensternthal]

Hi Michal, so LFX insights pulls in quite a bit of information that is useful to the Governing Board, TAC, and in many cases the projects. You can explore some of the public data here and here is an example from a CCC project.

We require this for new projects joining CCC. However, as an existing project, it is ultimately up to the project to decide whether it is enabled or not.

I also totally understand about not making me an admin, even temporarily. However, this has to be enabled from within LFX, which is why the PMs enable it. I could see if there is an alternative but I am not aware of one.

Note I am a Linux Foundation employee and you should feel free to reach out to folks at the CCC including @dcmiddle who chairs the TAC who can vouch for me.

[dimakuv]

The LFX Insights tool looks pretty interesting; I took a look at the example of https://insights.lfx.linuxfoundation.org/foundation/ccc/overview/github?project=coconut-svsm.

However, I am also strongly against making you an admin. Why can't we add this tool by ourselves?

[bensternthal]

Completely understand about not wanting to make me an admin. My understanding is that this is because it is added from inside our LFX interface, it's not just adding a bot via the GitHub admin.

However, let me poke around and see if there is a way for the project to add this themselves. I feel like this should be possible.

[bensternthal]

Alrighty, @dimakuv here is what I found out:

1. An alternative to making me an admin is to make the LF github user an admin "thelinuxfoundation" (I realize the same objections you have might apply here but I wanted to give you all the options)
2. Perhaps you would be OK granting me admin while we are on a call screensharing? You could observe what I am doing and then revoke my access after this is complete
3. The metrics team stated, "currently we cannot support a maintainer being able to onboard their project themselves in CM ... however, I'd be open to exploring how that could work if it is a last resort"

[dcmiddle]

fwiw, I can confirm @bensternthal is with the LF / CCC.

[mkow]

My understanding is that this is because it is added from inside our LFX interface, it's not just adding a bot via the GitHub admin.

Can't you do the LFX part and we do the bot adding?

Otherwise, I'm not ok with making someone an admin, even temporarily (same as we never give someone root access to any of our servers "just for a moment"). Screensharing doesn't change anything here - if you actually had malicious intentions you'd just run some script in the background using your account, and if your machine was compromised then the malicious stuff would also happen in the background.

[dimakuv]

The metrics team stated, "currently we cannot support a maintainer being able to onboard their project themselves in CM ... however, I'd be open to exploring how that could work if it is a last resort"

That would be good. That should also be just generally beneficial for this LFX Insights project, right?

[bensternthal]

@mkow @dimakuv I completely understand your position on not making me or someone else in a similar role as an admin. Not a problem.

Let me see if the metrics team can support a different approach.

[bensternthal]

Alrighty, it looks like the metrics team will enable the ability for the bot to be installed by the project, then administered/setup by me:

Hello Benjamin Sternthal The CM team is working on a new GH onboarding that will look like this:

1. PMO/LF Staff sends link to the Insights bot installation to the Github org Admin.
2. Repo Admin installs "LFX CM" app in GitHub org and give access the app access to ALL repos.
3. PMO/LF Staff can then manage repo selection & repo<>project mapping in a simple UI in CM.

This is estimated to be released in mid-september.

I'll check back with the project when this is released. Also, thanks for working with me on this one; this solution applies to many of our projects.

[mkow]

Sounds good!

Repo Admin installs "LFX CM" app in GitHub org and give access the app access to ALL repos.

What access level exactly will we need to give the app?