Merge/Approval rights for Fellows #7
Comments
|
For merging we should then have some kind of github action bot that monitors comments on prs. When someone writes |
|
Just realized that the identity is stored on the relay chain and the fellowship collectives on the collectives parachain. So, it requires connecting to two chains. However, smoldot should do this internally already to find out what is the best block etc, but I'm not sure if both connected chains can be "used". |
Feels like we could instead do exactly that, and either reuse PRCR, or even use CODEOWNERS. Synchronising dans from chain to GitHub teams would also bring an ability to grant other types of GH-permissions (e.g. admin, force-push) to fellows of specific dan. |
Isn't as "permissionless" as I proposed, as you would first need to invite someone, but if that is easier, I personally don't care that much. As long as the synchronization would be automatic. Or only people above some DAN are getting invited as there is more trust in these people.
No, but I also don't see this as that complicated when we have the prerequisites. |
I think a map from github name to on-chain address is better managed in this repo. Updating your identity on-chain unfortunately is not super easy, and will remove your "verified" status unless you pay an identity registrar to re-verify your account. Some things can be done to make this better, for example giving the fellowship itself an identity registrar spot, which makes sense to me, but I still feel that maintaining a simple lookup table makes more sense here than on-chain. |
We are currently working on this. Not sure why we should maintain multiple lists which will then require someone to update the list in here as well etc. |
Another point to be raised with this is that disallowing lower ranks to review proposals would hinder even more their ability to rise to upper ranks. In my opinion, all members should be able to participate in GitHub proposal reviews with approval rights, even if that approval has a lower weight compared to higher ranks. |
|
@arrudagates do you mean something like 10 approves from people of dan 3 should be equal to 1 approve of dan 6? |
|
People can always comment/review any PR without any permissions. It is just that those won't be considered for merge. I have been reviewing and commenting Substrate PR for years, and that's how I participate and rank up myself. I did not need to ask anyone for permissions to start. |
Yes, these ratios would have to be fine tuned, of course, but I think this would be a fair compromise. |
Yes, that's fair and it works out for those outside the fellowship, but at the same time those who are already members of the fellowship should have some power regardless of rank (even if weighted lower than upper ranks), otherwise it hurts the fellowship diversity. |
|
I just want to keep it simple. I hear your request and sounds reasonable but at the same time do you really think it is a must have feature for the initial release? Let's get something out first and then consider improving it. Not the other way around. |
I agree, but it's important to have these discussions even if not implemented immediately, which is why I commented on it now. |
|
@mordamax what is the status? When do you think we can make use of this bot? |
|
Hi @bkchr! Currently review-bot is being built with this in mind. It will have the ability to hot swap the source from where we get the "team" members (currently only GitHub, but it is a replaceable module). I had been in contact with Harry and also updated @josepot on our needs so we can use CAPI. Harry built a small function for me where I was able to obtain all the users and metadata from the chain. We have a blocker which requires a different team to resolve:While we can obtain the chain data, the data needs to be updated so the fellows add their GitHub handles. I don't know how this is could be done, or who to ask, but until this is resolved, we won't be able to obtain their handles. Could you please provide me some guidance with this? |
|
How much time do you think you will need finish 1.0?
Until this issue is done, we will not have "native" support for the github handle. However, we already support |
Technically speaking I only need to finish 2 more tasks to achieve the same functionality that is being used in the
But, I plan to have all my requirements for version 1 ready by the end of next week (which also includes thorough testing).
Thanks for passing me that issue, I'll link it to my tasks.
This would work if the users update such additional data.
Should be possible, I will need to request the help from the CAPI team, but I don't see any reason for which it wouldn't be achievable. |
Yes for sure, but this is some I will take care of. But this is optional? And not really required for the issue here. |
Yes, that would only be required to achieve the same functionality that is being used in the But it is completely optional. |
|
@Bullrich what is the status? |
|
Hi @bkchr! Review-Bot version 1 has been completed yesterday. I'm currently testing complex cases in It currently replicates most of PRCR behaviour (it doesn't assign reviewers yet, that will be in version Once I have this version's bugs fixed, I'll be merging it into That's when I'm going to ask @josepot for help with paritytech/review-bot#61 Any updates with the identity field or with paritytech/polkadot-sdk#179? |
We will start with this, as I said. So, we don't need paritytech/polkadot-sdk#179 for now.
I'm interested in this repo here and nothing else.
We don't need this, we need paritytech/review-bot#61 |
|
@Bullrich it's me again ;) Status? |
|
Hi @bkchr! Yesterday @josepot showed us how he is able to fetch the I'm currently close to achieve the same functionality using We have been able to extract the |
|
@bkchr I have a draft Pull Request that is fetching the fellow's handles here: paritytech/review-bot#79 |
|
I have two more sub tasks:
I will finish those today and have the release ready. In the meanwhile, do you know what kind of rules will you be requiring? the config is extremely similar to PRCR, so I can adapt it to review-bot. |
|
For the pr adding the bot, I propose we let everyone from rank 2 voting. Rank - 1 should be your "voting power". All approvals together should be above 20 voting power. We can then discuss the proper configuration in your pr. |
|
@Bullrich I see all your tasks are finished? Could you please open a pr to add the bot to the repo? |
Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require fellows to review pull requests before allowing the PR to be merged. The user's information is fetched always from the chain after every event. It looks in the fellows data for a field named GitHub and it extracts the handle from there. This resolves polkadot-fellows#7 (you can find more information about the request there) This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets.
Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require fellows to review pull requests before allowing the PR to be merged. The user's information is fetched always from the chain after every event. It looks in the fellows data for a field named GitHub and it extracts the handle from there. This resolves polkadot-fellows#7 (you can find more information about the request there) This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets.
* add review-bot to require fellows as reviewers Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require fellows to review pull requests before allowing the PR to be merged. The user's information is fetched always from the chain after every event. It looks in the fellows data for a field named GitHub and it extracts the handle from there. This resolves #7 (you can find more information about the request there) This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets. * removed non existent directory * Apply suggestions for required rankings Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: joe petrowski <25483142+joepetrowski@users.noreply.github.com> * merged system parachains with relay files * updated minFellowsRank for .github files Co-authored-by: Bastian Köcher <git@kchr.de> * updated file to new version Version 2.0.0 requires new types and fields. This will help us so we can develop custom rules in the future. * added CHANGELOG to 'Relay and System files' rule --------- Co-authored-by: Bastian Köcher <git@kchr.de> Co-authored-by: joe petrowski <25483142+joepetrowski@users.noreply.github.com>
Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require more fine tuned requirements to review pull requests before allowing the PR to be merged. This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets. All the rules have been copied from the original `.github/pr-custom-review.yml` file. I want to clarify, this particular commit is **not intended to replace PRCR yet**. # Advantages it brings over `PRCR` Most of the features available in `PRCR` have been duplicated and enhanced. For a complete detailed write up, please see: - paritytech/pr-custom-review#114 -> Proposal for the rewrite - [Review Bot Documentation](https://github.com/paritytech/review-bot/blob/main/README.md) The most important features are: - `include` and `exclude` fields now accept an array, making it easier to read the regular expressions. - Ability to skip a rule - We can set that PRs coming from a particular user or team will cause the rule to be skipped. - This is used in the `Audit rule`, which was requested by @the-right-joyce. - This resolves paritytech/pr-custom-review#136 - Ability to request fellows instead of teams - As requested in polkadot-fellows/runtimes#7, this bot has the ability to request fellows by rank instead of users. - We currently have polkadot-fellows/runtimes#31 which is using that feature. Aside from all the rules available in `PRCR` I have added a particular rule to lock the review-bot files and require a review from the `locks-review` team, the @paritytech/ci team and the @paritytech/opstooling team to ensure that the file has been written correctly. ## Next steps The next steps will consist on paritytech/review-bot#53, once this issue has been resolved, and `review-bot` has worked without any issues on this repository for a while, we will upgrade it to be able to fully replace `PRCR`.
Fellowship members should be getting approval/merge rights based on their rank like it is done on chain. So, to merge a pull request it will require X members to pass "the voting" to get the approval to merge. The list of fellowship members is maintained on chain, so it would introduce extra overhead to maintain the list on github as well. Like having teams for each rank and then having some CI check that succeeds when "the voting" has passed. As already said, the list and the associated rank is already on chain and we should use this directly in the CI. There exists the pr-custom-review github action from Parity that already overs fine grained control on the approval process. This should be augmented with a script that is using smoldot to fetch the latest list of fellowship members, their ranks and their identities from the latest block. This will require that every fellowship member also provides their github account as part of their on chain identity. Then the CI job will be able to map from a github name to the fellowship rank to do "the voting".
The text was updated successfully, but these errors were encountered: