Make repository public - Githubissues

imcs-compsim / MIRCO

A shared-memory parallel BEM code for the contact of rough surfaces

MIT License

2 stars 3 forks source link

Make repository public #54

Closed NoraHagmeyer closed 2 years ago

NoraHagmeyer commented 2 years ago

To increase visibility and to enable at least read access for all baci contributors, we decided to make this repo open-source, at least once it has been sucessfully integrated into baci as an optional external library. To still keep this repo and all our test runners safe, there is still some work to be done.

Possible Solution and Definition of Done

[x] Restrict privileges to run workflows only to members (of our organization)
[ ] Think of other important steps
- [x] Add info on how to cite this code
- [x] Provide a CONTRIBUTING.md document
- [x] Explicitly state external dependencies (such as Trilinos)
- [ ] (optional) Trilinos: check for required packages
[x] make repo public

Related Issues and Merge Requests

Additional Information

See for example this blog for additional information on safety concerns https://blog.gitguardian.com/github-actions-security-cheat-sheet/

Interested Parties

@mayrmt

mayrmt commented 2 years ago

Changing the permissions for GitHub actions seems to not have broken anything. When the remaining points listed above have been addressed, I'm happy to make the repository public.

mayrmt commented 2 years ago

Once PR #59, I think that we are ready to make this repository public. Of course, we can always make further improvements, but the minimal requirements should be satisfied after merging PR #59.

NoraHagmeyer commented 2 years ago

What is most important to me is to make sure that everything is safe, especially that our testing machines are in no way vulnerable. If possible we should check again if external users can start the code checks themselves or not. Also, I'd suggest to carefully read through the blog post mentioned in the description or a similar source again to ensure that we meet all safety standards. Also mentioning @eulovi here so that she is aware of the planned change to a public repository.

mayrmt commented 2 years ago

@eulovi @RShaw026 Can you please coordinate on double-checking the safety and security of the test pipelines (as discussed by @NoraHagmeyer)? Please let us know the outcome or if problems arise. Thanks.

NoraHagmeyer commented 2 years ago

@mayrmt I think we can follow these instructions to require approval for workflows runs of external contributors only after the repository was made public, right? The possible settings look slightly different for private repositories and also for the organization, do I remember correctly?

mayrmt commented 2 years ago

I just have published the repository. This completes this issue. Let's open another one, if we encounter any problems.

eulovi commented 2 years ago

As @NoraHagmeyer mentioned before, we have to set the options to give approval for workflows ran by external contributors. According to this, we have to change the settings following these instructions and select Require approval for all outside collaborators. @mayrmt, can you apply those changes?

mayrmt commented 2 years ago

@eulovi I have change the settings as outlined.

NoraHagmeyer commented 2 years ago

As @NoraHagmeyer mentioned before, we have to set the options to give approval for workflows ran by external contributors. According to this, we have to change the settings following these instructions and select Require approval for all outside collaborators. @mayrmt, can you apply those changes?

@eulovi Done! We also protected the master, which was apparently not done before, and we now require at least 1 approval for pull requests.