Configure sagemath organization Teams, branch protection rules

[mkoeppe]

As sketched in https://github.com/sagemath/trac-to-github/blob/master/docs/Migration-Trac-to-Github.md#proposed-permissions-and-protections

Also,

• Should (temporary) public collaboration branches (like public/.... on Trac) be allowed on sagemath/sage?

[mkoeppe]

@sagemath/core We should probably review membership in the "core" team https://github.com/orgs/sagemath/teams/core/members
Any thoughts on others that should be added to "core" and on retirements of inactive "core" members?
(The "core" team overlaps with but is not identical to the "owner" role in the org.)

[nthiery]

Not being very active myself these days, to say the least. I let you judge depending on the roles of each team whether I should be there or not. Cheers, Nicolas

[kwankyu]

Just to start a discussion: will we have this hierarchy?

1. owners - full power; keep three owners always?
2. core team - what permissions or privileges? release-manager belongs here?
3. reviewer team - what permissions or privileges?
4. ad-hoc team - what permissions or privileges?
5. member - what permissions?
6. non-member - what permissions?

Who can make a team? Or who can assign what permissions to a team?

[jasongrout]

Not being very active myself these days, to say the least. I let you judge depending on the roles of each team whether I should be there or not.

Same for me.

[kwankyu]

This is the document about roles and permissions:

https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/repository-roles-for-an-organization

[kwankyu]

"Read" "Triage" "Write" "Maintain" "Admin" are all available roles (each of which is a bundle of permissions) in our organization (since we cannot make custom roles).

So what we need to do here is to distribute these roles to each team in the hierarchy?

[kwankyu]

?

Team	Role	Number	Number of PRs
Owner	Admin	3	.
Release manager	Maintain	1
Core	Maintain		>= 100
Team manager	Write	1 for each team	>= 50
Member	Triage		>= 10
non-Member	Read

[kwankyu]

?

branch	branch protection rules
develop	require a pull request require 1 approving review require all CI tests pass require branches to be up to date restrict who can push disallow force-push disallow deletion
master(or main or release)	restrict who can push

[kwankyu]

This is the documentation for branch protection rules:

https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches

[tobiasdiez]

Like this for the develop branch (with the correct ci workflows obviously)?

(not sure if "lock branch" is overwritten by "restrict who can push")

[mkoeppe]

"require linear history" should be off

[tobiasdiez]

why? squash and an occasional rebase merge seems good enough, or not?

[mkoeppe]

Because it's not the standing practice of this project, and it's not part of the migration to change everything.