| Re: [cross-project-issues-dev] Fwd: [eclipse-mdt/.eclipsefdn] chore(otterdog): updating configuration due to blueprint `add-dot-github-repo` (PR #1) |
Hi Ed,some time ago it was communicated that the EF will start pushing various security related things to projects. This includes things like a default security policy and preventing force pushes for repositories hosted on GitHub.In order to streamline the process and also help the community, we started the work on something we call "Blueprints". These are little helpers that you can define in your .eclipsefdn repository and instruct the self-service todo something automatically depending on some condition. Examples are creating a certain workflow in multiple repositories or pin actions in workflows. More information and currently supported blueprint types can be found here: https://otterdog.readthedocs.io/en/latest/reference/blueprints/.Today we started to enable some global blueprints that are activated for all projects:- create a .github repo if it does not exist yet- create a standard SECURITY.md file in the .github repo if it does not exist yetThe way the self-service operates these blueprints are as follows:- check if the blueprint is already satisfied- if not satisfied, open a PR to remediate the situation- if the PR gets closed, the blueprint will be dismissed for the repo, no further checks will be made- if the PR gets merged, it will be further checked for compliance if some commits are pushed to the main branchFor the .github repo, it was chosen to also include all committers of the project as reviewers for the PR. The main reason for that was to raise awareness in the community about these blueprints.I admit it might not have been the best choice, and we will resort to not use projects committers as reviewers for changes like that to reduce noise.Best regards,Thomas on behalf of the Eclipse Security Team_______________________________________________On Tue, Dec 10, 2024 at 8:32 PM Ed Willink via cross-project-issues-dev <cross-project-issues-dev@xxxxxxxxxxx> wrote:_______________________________________________Hi
I seem to have been inundated with 40 copies of some form of PR that I did not expect, do not understand, and do not know what to do with. I am unclear from the CC's who they are from and whether they are addressed to me.
I propose to ignore them since at least 30 are for projects that I have no influence over.
If the EF have something to communicate/change, I suggest a clear cross-project-dev should precede the SPAM.
Since all the target repos were set up by the EF, I am guessing that something was not set up right so the EF should be explaining it to us prior to correcting it as a creation erratum.
Regards
Edward Willink
-------- Forwarded Message --------
Subject: Re: [eclipse-mdt/.eclipsefdn] chore(otterdog): updating configuration due to blueprint `add-dot-github-repo` (PR #1) Date: Tue, 10 Dec 2024 06:25:02 -0800 From: Ed Merks <notifications@xxxxxxxxxx> Reply-To: eclipse-mdt/.eclipsefdn <reply+AAGNRTL6P7GXFVM7N5PGMY6FMQYD5EVBNHHKFO5FVE@xxxxxxxxxxxxxxxx> To: eclipse-mdt/.eclipsefdn <.eclipsefdn@xxxxxxxxxxxxxxxxxx> CC: Ed Willink <ed@xxxxxxxxxxxxx>, Review requested <review_requested@xxxxxxxxxxxxxxxxxx>
@merks approved this pull request.
I suggest you just proceed with these additions in general across the projects because I know I'm going to miss some of these links with dozens of email flooding my reader.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because your review was requested.
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev