search

nodejs / import-in-the-middle

Like `require-in-the-middle`, but for ESM import
https://www.npmjs.com/package/import-in-the-middle
Apache License 2.0
66 stars 24 forks source link

Codify governance #122

Closed jsumners-nr closed 2 months ago

jsumners-nr commented 3 months ago

Now that this module is handled under the Node.js umbrella org with a variety of committing members, we need to codify how the project will be governed. Some things to address (with others likely missed):

  1. PR approvals and merges: how many members with commit access need to approve a PR before it is merged? In my view, we need a minimum of two, with the approvers coming from individuals that are not on the same professional team as the person submitting the PR.
  2. How will releases be handled: presumably we will implement some sort of automation. How will that work? Will a release be issued after every PR merge? On a new tag being created? And until then, who will be managing releases manually?

Here's what I do know. Node.js is an OpenJSF project, and so is Fastify. Fastify's governance passes all requirements:

Qard commented 3 months ago

For 1, that sounds fine. For 2, I think we need to have some discussions with people involved in other projects owned by the Node.js org which have release automation to figure out how we can add that effectively.

timfish commented 3 months ago

Looking through the Node libs published to NPM, they seem to use release-please:

So we'd use the googleapis/release-please-action and for that we'd need a Github auth token with the correct permissions and an npm token for publishing.

We are currently missing a CHANGELOG.md which is a requirement.

It creates (and then updates) release PRs and relies on conventional commit messages: