|
 |
4084c7 |
# Best practices for the usage of the CentOS namespace on gitlab
|
|
|
4084c7 |
|
|
|
4084c7 |
This document highlights the best practices SIGs interested in using the CentOS namespace on gitlab.com
|
|
|
4084c7 |
should follow.
|
|
|
4084c7 |
|
|
|
4084c7 |
## Login in
|
|
|
4084c7 |
|
|
|
4084c7 |
To login via ACO on gitlab.com, you must use the following link:
|
|
|
4084c7 |
|
|
|
4084c7 |
## Content
|
|
|
4084c7 |
|
|
|
4084c7 |
Any and all content hosted on gitlab.com should follow the Requirements the CentOS project has specified
|
|
|
4084c7 |
for SIGs: [https://wiki.centos.org/SpecialInterestGroup#Requirements](https://wiki.centos.org/SpecialInterestGroup#Requirements)
|
|
|
4084c7 |
|
|
|
4084c7 |
## Access
|
|
|
4084c7 |
|
|
|
4084c7 |
It is expected that access levels are managed via groups on accounts.centos.org (ACO). There are different
|
|
|
4084c7 |
ways this can be achieved.
|
|
|
4084c7 |
|
|
|
4084c7 |
### Simple case
|
|
|
4084c7 |
|
|
|
4084c7 |
For SIGs who are fine with everyone getting the same level of access, a single group can be created on
|
|
|
4084c7 |
https://accounts.centos.org where all the SIG members will be added. This group can then be mapped to that
|
|
|
4084c7 |
SIG’s namespace under gitlab.com/centos and be given `owner` access level.
|
|
|
4084c7 |
|
|
|
4084c7 |
This means, everyone added to this group on accounts.centos.org will be granted `owner` access to each and
|
|
|
4084c7 |
every project placed under that SIG’s namespace. This also means, that anyone **not** in this group will have
|
|
|
4084c7 |
no access at all.
|
|
|
4084c7 |
|
|
|
4084c7 |
### More complex case
|
|
|
4084c7 |
|
|
|
4084c7 |
For SIGs who want or need a more fine tuned model, it is recommended that they create a `groups` namespace under
|
|
|
4084c7 |
the SIG’s namespace. In the group namespace will be placed all the groups needed by the SIG and each of this
|
|
|
4084c7 |
group will be mapped to a corresponding group on ACO. There should be no project under the `groups` namespace.
|
|
|
4084c7 |
The groups can then be given access to any project and the access level of the group can be picked on a
|
|
|
4084c7 |
per-project basis.
|
|
|
4084c7 |
|
|
|
4084c7 |
Here is an example of the structure recommended for the complex case:
|
|
|
4084c7 |
|
|
|
4084c7 |
```
|
|
|
4084c7 |
SIG's namespace
|
|
|
4084c7 |
│
|
|
|
4084c7 |
├── groups
|
|
|
4084c7 |
│ ├── group1-developers [grp1]
|
|
|
4084c7 |
│ ├── group2-maintainers [grp2]
|
|
|
4084c7 |
│ └── sig [sg]
|
|
|
4084c7 |
│
|
|
|
4084c7 |
├── rpms
|
|
|
4084c7 |
│ └── pkg [grp1+grp2]
|
|
|
4084c7 |
│
|
|
|
4084c7 |
├── src
|
|
|
4084c7 |
│ └──source_tree [grp1]
|
|
|
4084c7 |
│
|
|
|
4084c7 |
└── sig [sg]
|
|
|
4084c7 |
```
|
|
|
4084c7 |
|
|
|
4084c7 |
## Group membership refresh
|
|
|
4084c7 |
|
|
|
4084c7 |
To login via ACO on gitlab.com, you must use the following link:
|
|
|
4084c7 |
|
|
|
4084c7 |
Group memberships are refreshed upon login into gitlab.com. So if someone is added to a group in ACO, they
|
|
|
4084c7 |
will need to visit that link again: XXX to have their membership refreshed.
|
|
|
4084c7 |
|
|
|
4084c7 |
## Group names
|
|
|
4084c7 |
|
|
|
4084c7 |
It is expected that groups on ACO that are created to manage access on gitlab.com should follow the
|
|
|
4084c7 |
corresponding pattern: `<sig>-gitlab-<name>`
|
|
|
4084c7 |
|
|
|
4084c7 |
Some examples:
|
|
|
4084c7 |
|
|
|
4084c7 |
- hyperscale-gitlab-maintainers
|
|
|
4084c7 |
- automotive-gitlab-kernel-maintainer
|
|
|
4084c7 |
- automotive-gitlab-sig-owner
|
|
|
4084c7 |
- docs-gitlab-members
|
|
|
4084c7 |
- …
|
|
|
4084c7 |
|
|
|
4084c7 |
## Requesting a namespace or a group
|
|
|
4084c7 |
|
|
|
4084c7 |
To request a namespace under gitlab.com/centos or the creation of a group on ACO, simply open a ticket at:
|
|
|
4084c7 |
[https://pagure.io/centos-infra/](https://pagure.io/centos-infra/)
|
|
|
4084c7 |
|