Closed JessicaLucindaCheng closed 7 months ago
@JessicaLucindaCheng @ExperimentsInHonesty @roslynwythe
schedule-thu-1100
action is checking for any activity (<-- as defined by 'true-github-contributors') over the last 30 days from members and removing them from 'website-write' if no activity is found.schedule-monthly
is also preparing a list of inactive members but is only generating a report to notify us of who the inactive members are. I don't yet see a timeframe for inactivity (though it could be in the GHA somewhere), and per #4545 >"This script calls the Github API in various ways and gets a list of 'website-write' team members who do not have any active issues." I am not sure how helpful that is- will need to explore a little further to see if the action is only looking for active issues or if there are additional criteria involved. (To me, I think 'active member' should mean more than only 'active issues') I believe that these two GHAs are supposed to do roughly the same thing, and that either could be modified to accomplish #4541 as well:
schedule-thu-1100
might be a little more useful, but it is also nice that schedule-monthly
actually generates a report. It makes sense to me that we ultimately combine/ reduce this to only one GHA that runs once a month.@ExperimentsInHonesty @JessicaLucindaCheng @roslynwythe As I am testing the GHAs for removing inactive members, there are edits to member access that I believe should be made/ or discussed. I do not have permissions to make the changes myself:
On the website-write, child team member page:
On the website-merge page:
On the website-admin page:
On the website page, I do have access so I changed membership from 'Maintainer' to regular member:
On the "hfla-site-merge" Slack channel the following are no longer on Merge Team:
@t-will-gillis I have updated, see my notes
On the website-write, child team member page:
On the website-merge page:
On the website-admin page:
On the website page, I do have access so I changed membership from 'Maintainer' to regular member:
On the "hfla-site-merge" Slack channel the following are no longer on Merge Team:
What is the next step for this ER?
P.S. if any of the cleanup will not be addressed by the script, please write back here and @ me and @roslynwythe so that we can help remove.
@ExperimentsInHonesty @roslynwythe
Would someone with admin access to the 'website-write: child' team please make the following changes? I do not have this access manually and so far in testing I cannot seem to access the 'child' team- maybe my token doesn't have permission? Sidenote: it may be that the HACK_FOR_LA_BOT has the admin access to child teams make these changes but I can not tell yet.
cnk : please elevate cnk to 'maintainer' status on 'website-write: child' team
bootcamp-brian (Brian Mui) please remove from the 'website-write: child' team
jdingeman (Justin) please remove from the 'website-write: child' team
jdingeman is still listed as a member of the 'website-merge' team. Could someone manually remove jdingeman from 'website-merge'?
bootcamp-brian is still listed as a member of the 'website-admin:child' team. Can someone manually remove bootcamp-brian from 'website-admin: child'?
@ExperimentsInHonesty @roslynwythe
Would someone with admin access to the 'website-write: child' team please make the following changes? I do not have this access manually and so far in testing I cannot seem to access the 'child' team- maybe my token doesn't have permission? Sidenote: it may be that the HACK_FOR_LA_BOT has the admin access to child teams make these changes but I can not tell yet.
- cnk : please elevate cnk to 'maintainer' status on 'website-write: child' team
- bootcamp-brian (Brian Mui) please remove from the 'website-write: child' team
- jdingeman (Justin) please remove from the 'website-write: child' team
- jdingeman is still listed as a member of the 'website-merge' team. Could someone manually remove jdingeman from 'website-merge'?
- bootcamp-brian is still listed as a member of the 'website-admin:child' team. Can someone manually remove bootcamp-brian from 'website-admin: child'?
@ExperimentsInHonesty I removed jdingeman from the website-merge
team, but my access were rights were not sufficient to allow me to make any of the other changes, so I need to ask you to do those.
also noticed that :
This is resolved- hiding comment.
Notes from 1/15/24 Meeting:
Hi @t-will-gillis where are we with
Hi @ExperimentsInHonesty Update 1/28/24:
done: The schedule-monthly.yml
gha now adds website-maintain
members as "permanent contributors" so that the checks don't try to notify or remove them
done: All of the other previously identified members have been removed from "Maintainer" status and/or the child teams
done: The schedule-monthly.yml
automation is checking whether inactive members have open issues besides "Pre-work Checklist" and if so, preventing the inactive members from being removed. Since we are not considering the prework issues, this next run will remove many people from the write team access.
done: Manually copied current 'website-write' into the Website Team Roster, then wrote a function to automatically change "Status: Active" if member is on 'website-write' and "Inactive" otherwise.
For #2689 and #3175 - @roslynwythe @JessicaLucindaCheng ?
@t-will-gillis
- For https://github.com/hackforla/website/issues/2689 and https://github.com/hackforla/website/issues/3175 - @roslynwythe @JessicaLucindaCheng ?
Since it has been a long time since I have onboarded or offboarded anyone, I don't think I'm the most up-to-date with all the current onboarding and offboarding processes for people on the team. I will let @roslynwythe take the lead on that since I think she has been doing most of the onboarding and offboarding of people and has the most current knowledge of the processes.
[x] ~remove the user from the Google Drive (see notes below about tables team scripts)~
WG: Done as of 2/23: via a Google Apps Script using hackforla-bot@gmail.com account, removing "Inactive" and unaffiliated members now, scheduled to run once monthly
WG: ~Note: I have been manually updating membership statuses, linking up emails to github handles, and more to clean up the Website Drive, but notice that Rabia is doing the same thing. So as not to waste time duplicating efforts, I have stopped manually updating.~ Script running/ auto-updates now
schedule-monthly.yml
checks if user is on 'website' team prior to removal and adds them if they aren't.schedule-monthly.yml
doing thisUPDATE 2/11/24:
TL;DR Automation is running as of today,
The working Google Apps Script file and keys are accessible/ editable only through the Gmail account for hackforla-bot@hackforla.org (credentials same as for email).
The automation runs daily at 9-10 pm, and checks for the list of "Active" users on the 'website-write' team, then logs the list to a Google Sheet inside the bot account.
The Roster imports this list from the bot account into Column 'B'
(The automation is purposefully attached to the limited-access hackforla-bot account so that GitHub and Google keys/ secrets are not easily accessible)
Column 'F/G' "Permissions" is NOT updated, still manual
See comments above also.
~APIs - Have written a Google Apps Script to call GitHub and update members in my repo. Need to transfer script to the Roster, and authorize the script without making the token visible (via an environment variable? if someone know how to do this... ).~
~Col B 'Status':~
~Google Apps Script is ready to be transferred to Roster: whose account, hiding access key?~
~From 2/12 meeting: use "GitHub Bot" account~
~Snag is that not all of current "Leads" are "Active" --> should all of these people be leads?~
~Col F 'Permissions':~
~Script could update 'Merge Team' easily, but not 'Lead's~
~Cols M-Q: Need anything here?~
~I mis-stated the above regarding the "Lead" designation for 'Permissions'- my question should be: If someone is marked as a "Lead" on the Roster, should this be tied to some aspect of the Website teams? For example, some people that are identified as "Leads" are gone completely from the website (Alex Stubbs, Harish) and some are normal members with no special status (Isaac Cruz, Saumil).~
The working Google Apps Script file and keys are accessible/ editable only through the Gmail account for hackforla-bot@hackforla.org (credentials same as for email).
~See previous comment. I am abandoning manual updates to the Drive since Rabia has now also started doing the same thing~
~I need to explore further about using scripts to update Drive access.~ ~Update from 2/12 meeting: WG given access to Tables. There are GA Scripts for changing/adding members to Drive.~
~Are there other members who should have or retain higher level of access? For example:~
Tables team scripts documentation https://github.com/hackforla/tables/blob/main/dev-docs/app-scripts.md
See comments below:
- First, we need to make sure our roster is up to date and mark any developers who are no longer active as
inactive
in the roster.
schedule-monthly.yml
- Before removing anyone from a team, make sure they are on the website team in GitHub (https://github.com/orgs/hackforla/teams/website) already, which gives them only read access to the repo. This makes sure it doesn't mess up any work they did (issues they were assigned to and completed, prs they opened, etc). In the past, people may not have been added to the website team in GitHub when they joined so that's why we need to check that they are on the website team in GitHub.
schedule-monthly.yml
: The GHA checks if member is on the 'website' team before removal from 'website-write', and adds them if not.
- Then do a clean up of teams in GitHub, including
- Downgrading inactive maintainers to just members on the website team in GitHub (https://github.com/orgs/hackforla/teams/website).
- Removing inactive members from the following teams:
- website-write: https://github.com/orgs/hackforla/teams/website-write
- website-merge: https://github.com/orgs/hackforla/teams/website-merge
- website-admins: https://github.com/orgs/hackforla/teams/website-admins
See comments from Bonnie above regarding other Team Resources
Note: This issue came from the Task List Dev Leads.
Emergent Requirement - Problem
Issue Description
Write an issue to figure out how to remove developers marked inactive in our roster from all team resources.
Update roster
inactive
in the roster.Clean up GitHub teams
Offboard from other resources
Offboard template
section of #3175 for all the other resources junior developers need to be offboarded fromOffboard template
section of #2689 for all the other resources merge team members and tech leads need to be offboarded fromWho was involved
@SAUMILDHANKAR
What happens if this is not addressed
Inactive developers maintain a level of access to our repo that they don't need (such as write or admin access) and it may make our repo less secure.
Resources
Recommended Action Items
Potential solutions [draft]