Create a project board for tracking community PR review progress

[GuySartorelli]

As part of adding the new peer reviewer and refiner roles, we should provide a project board that these community roles can use to organise and track their work.

Epic

• https://github.com/silverstripe/.github/issues/141

Acceptance Criteria

• [x] A new GitHub project board is created for tracking community pull request review progress
• [x] All teams have access to the board
  • Probably the refiners should have view-only access, if that's possible
• [x] The project board is documented on either the maintainer guidelines page, triage and peer review page, or both
• [x] The "Backlog with PRs" column in zenhub is removed, in favour of using the new project board for tracking community PRs
• [x] If possible, all issues with a pull request are displayed in the project board
  • Otherwise, all issues are displayed on the project board
  • NOTE: Opted to list PRs in the end because that's ultimately what people need to review, and that's much easier than finding the 5 different ways PRs can be "related" to an issue in order to know when an issue should be added

TO DECIDE (or explicitly leave it up to whoever implements it)

• What columns do we want? Examples below
  • New issues
  • Needs review (has a PR but isn't being reviewed yet)
  • In review (must be assigned to the person reviewing)
  • Awaiting contributor feedback (must be assigned to the person who requested feedback)
  • Needs escalation (core committers or CMS squad need to take a look)
  • Needs second approval
  • Done/Merged (HIDDEN)

We'll aim to review these column early once we start having some contributors on-boarded. So we'll go with the initial suggested column.

NOTE about using secrets in GitHub Actions

https://docs.github.com/en/actions/learn-github-actions/contexts#secrets-context

If a secret was used in the job, GitHub automatically redacts secrets printed to the log. You should avoid printing secrets to the log intentionally.

In other words, so long as we're not echoing it out ourselves, there should be no risk of our secret being exposed via logs.

Project board

• https://github.com/orgs/silverstripe/projects/4

PRs

• https://github.com/silverstripe/gha-add-pr-to-project/pull/1
• https://github.com/silverstripe/supported-modules/pull/35
• https://github.com/silverstripe/module-standardiser/pull/59
• https://github.com/silverstripe/module-standardiser/pull/61
• https://github.com/silverstripe/module-standardiser/pull/62
• https://github.com/silverstripe/gha-add-pr-to-project/pull/4
• https://github.com/silverstripe/gha-add-pr-to-project/pull/5
• https://github.com/silverstripe/module-standardiser/pull/63
• https://github.com/silverstripe/module-standardiser/pull/64
• https://github.com/silverstripe/developer-docs/pull/534
• https://github.com/silverstripe/module-standardiser/pull/65
• https://github.com/silverstripe/gha-add-pr-to-project/pull/8

Module Standardiser PRs

Running against default-branch

• https://github.com/silverstripe/recipe-kitchen-sink/pull/64
• https://github.com/silverstripe/gha-add-pr-to-project/pull/2
• https://github.com/silverstripe/recipe-testing/pull/20
• https://github.com/silverstripe/silverstripe-behat-extension/pull/275
• https://github.com/silverstripe/MinkFacebookWebDriver/pull/28
• https://github.com/silverstripe/cow/pull/258
• https://github.com/silverstripe/rhino/pull/30
• https://github.com/silverstripe/github-issue-search-client/pull/138
• https://github.com/silverstripe/module-standardiser/pull/60
• https://github.com/silverstripe/silverstripe-tx-translator/pull/32
• https://github.com/silverstripe/documentation-lint/pull/5
• https://github.com/silverstripe/supported-modules/pull/36
• https://github.com/silverstripe/.github/pull/274
• https://github.com/silverstripe/api.silverstripe.org/pull/119
• https://github.com/silverstripe/doc.silverstripe.org/pull/300
• https://github.com/silverstripe/silverstripe-userhelp-content/pull/183
• https://github.com/silverstripe/demo.silverstripe.org/pull/69
• https://github.com/silverstripe/silverstripe-frameworktest/pull/186
• https://github.com/silverstripe/silverstripe-module/pull/44

Running against the CMS 5 next-patch branch

I've limited this to only run the new script (with exception of the new repo which had all scripts run). This is because the last few times standardiser was run it was against the next-minor branch, and running all those scripts here would result in redundant changes to check - some of which when I tried it did result in failures.

• https://github.com/silverstripe/gha-add-pr-to-project/pull/6
• https://github.com/silverstripe/silverstripe-cms/pull/2966
• https://github.com/silverstripe/silverstripe-cms/pull/2972
• https://github.com/silverstripe/cwp-agencyextensions/pull/126
• https://github.com/silverstripe/cwp-starter-theme/pull/257
• https://github.com/silverstripe/cwp-watea-theme/pull/192
• https://github.com/silverstripe/silverstripe-elemental/pull/1208
• https://github.com/silverstripe/silverstripe-admin/pull/1785
• https://github.com/silverstripe/silverstripe-asset-admin/pull/1472
• https://github.com/silverstripe/silverstripe-assets/pull/617
• https://github.com/silverstripe/silverstripe-auditor/pull/84
• https://github.com/silverstripe/silverstripe-blog/pull/767
• https://github.com/silverstripe/silverstripe-campaign-admin/pull/313
• https://github.com/silverstripe/silverstripe-config/pull/118
• https://github.com/silverstripe/silverstripe-contentreview/pull/241
• https://github.com/silverstripe/silverstripe-documentconverter/pull/86
• https://github.com/silverstripe/silverstripe-elemental-bannerblock/pull/152
• https://github.com/silverstripe/silverstripe-elemental-fileblock/pull/57
• https://github.com/silverstripe/silverstripe-environmentcheck/pull/107
• https://github.com/silverstripe/silverstripe-errorpage/pull/113
• https://github.com/silverstripe/silverstripe-externallinks/pull/133
• https://github.com/silverstripe/silverstripe-framework/pull/11283
• https://github.com/silverstripe/silverstripe-graphql/pull/594
• https://github.com/silverstripe/silverstripe-gridfieldqueuedexport/pull/113
• https://github.com/silverstripe/silverstripe-hybridsessions/pull/109
• https://github.com/silverstripe/silverstripe-iframe/pull/90
• https://github.com/silverstripe/silverstripe-ldap/pull/83
• https://github.com/silverstripe/silverstripe-linkfield/pull/299
• https://github.com/silverstripe/silverstripe-lumberjack/pull/156
• https://github.com/silverstripe/silverstripe-mimevalidator/pull/80
• https://github.com/silverstripe/silverstripe-realme/pull/148
• https://github.com/silverstripe/silverstripe-session-manager/pull/203
• https://github.com/silverstripe/silverstripe-registry/pull/101
• https://github.com/silverstripe/silverstripe-reports/pull/187
• https://github.com/silverstripe/silverstripe-restfulserver/pull/130
• https://github.com/silverstripe/silverstripe-securityreport/pull/84
• https://github.com/silverstripe/silverstripe-segment-field/pull/115
• https://github.com/silverstripe/silverstripe-sharedraftcontent/pull/243
• https://github.com/silverstripe/silverstripe-siteconfig/pull/169
• https://github.com/silverstripe/silverstripe-sitewidecontent-report/pull/96
• https://github.com/silverstripe/silverstripe-spamprotection/pull/121
• https://github.com/silverstripe/silverstripe-staticpublishqueue/pull/195
• https://github.com/silverstripe/silverstripe-subsites/pull/579
• https://github.com/silverstripe/silverstripe-tagfield/pull/296
• https://github.com/silverstripe/silverstripe-taxonomy/pull/118
• https://github.com/silverstripe/silverstripe-textextraction/pull/98
• https://github.com/silverstripe/silverstripe-userforms/pull/1306
• https://github.com/silverstripe/silverstripe-versioned/pull/453
• https://github.com/silverstripe/silverstripe-versioned-admin/pull/349
• https://github.com/silverstripe/silverstripe-versionfeed/pull/114
• https://github.com/silverstripe/silverstripe-simple/pull/85
• https://github.com/silverstripe/silverstripe-mfa/pull/550
• https://github.com/silverstripe/silverstripe-totp-authenticator/pull/165
• https://github.com/silverstripe/silverstripe-webauthn-authenticator/pull/188
• https://github.com/silverstripe/silverstripe-login-forms/pull/186
• https://github.com/silverstripe/silverstripe-dynamodb/pull/67
• https://github.com/silverstripe/developer-docs/pull/533

After merging

Reassign to Guy to

1. [x] Make a docs PR for this whole thing
2. [x] run standardiser against the next-patch branch again
3. [x] Add all pre-existing community PRs to the board

[GuySartorelli]

I was intending on using a GitHub action to add PRs to the board as soon as they're opened.

https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions

GITHUB_TOKEN is scoped to the repository level and cannot access projects. To access projects you can either create a GitHub App (recommended for organization projects) or a personal access token (recommended for user projects). Workflow examples for both approaches are shown below.

That means storing a private key as a secret in the GitHub org - though it only needs write permissions for projects (not for issues/PRs/code) so not the worst case scenario.

Alternatives

1. Use project workflows to do it - there's a feature out of the box we can use, but it requires creating a separate "workflow" (not the same as GitHub Actions workflows) for each repo we want for the project. The process is documented at https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/adding-items-automatically BUT note we're only allowed 1 for free, and even if we paid money we only get up to 20. So not really viable for us.
2. Host a bot externally and use the GraphQL API as per documentation for that use case. We still need a token with the same level of access as the initial approach though, so it's not really any better. We either risk leaking a secret from within GitHub Actions or from our own hand-crafted tool and whatever service it's hosted on.

[emteknetnz]

PRs merged, reassigning to Guy

[emteknetnz]

Assigning back to Guy - presumbably once you've confirmed it's all working we need a module-standardiser run again all the supported repos?

[GuySartorelli]

Yup, as per "After merging" section.

[GuySartorelli]

The action correctly skips when I create a PR: https://github.com/silverstripe/silverstripe-admin/actions/runs/9558332393/job/26346877875?pr=1783

We won't be able to fully test it without the CI being added to a repo and getting someone not on the CMS Squad to make a PR, but I'm confident with my testing between a combination of manual API requests (mimicking what the CI will be doing) and the above run that things will work as expected.

[emteknetnz]

@GuySartorelli I've merged a single PR (cms) for you to validate the new action works as expected. Once you've validated that I'll merge the others.

[GuySartorelli]

Merging those prs doesn't help validate anything - the action already has run on those prs when they got created and correctly skipping adding to the project, since I opened them and I'm in the CMS squad.

For any further validation we'd have to wait for someone who isn't on the CMS squad to raise a pr. I don't see the point in that since I've already validated the API calls will work with the app token.

[emteknetnz]

Test PR - didn't seem to trigger - https://github.com/silverstripe/silverstripe-cms/pull/2968

Note: needed to click "Approve and run" for the CI workflow (add pr to project workflow did not trigger) as the author had not contributed to the repo before, which means that if a reviewers workflow is "check the project board for new pull-requests", it may not work so well as some PRs won't appear on the board as the workflow to put them there has not run

[emteknetnz]

If you need to update module-standardiser change workflow name to "Add new prs to github project" (shorten "pull requests" to "prs", and remove "a" - title is so long it's truncating, currently reads like it's adding a pr to a pr

[emteknetnz]

Also add name: Add PR to GitHub Project to the addprtoproject job in module-standardiser, otherwise it looks kind of ugly

[GuySartorelli]

Made the requested changes to names in a new PR to module standardiser

[emteknetnz]

Reassigned to Guy to copy existing PRs to the board

[GuySartorelli]

Added pull requests which are open, not draft, not created by bots and not created by current CMS Squad across all modules which are commercially supported in CMS 5. There's a total of 42 open PRs on the board now.