Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
python-tuf/.github/workflows/maintainer-permissions-reminder.yml
dependabot[bot] 4d6a9310ee
build(deps): bump actions/github-script from 6.4.1 to 7.0.1 
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](d7906e4ad0...60a0d83039)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-20 10:13:14 +00:00

55 lines
2.6 KiB
YAML
Raw Blame History

name: Maintainer review reminder
on:
schedule:
- cron: '10 10 10 2 *'
workflow_dispatch:
permissions:
issues: write
jobs:
file-reminder-issue:
name: File issue to review maintainer permissions
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "Yearly maintainer permissions review",
body: `
This is a checklist for evaluating python-tuf maintainer accounts and permissions. This issue is automatically opened once a year.
### Tasks
1. Update this list to include any new services
2. Evaluate the accounts and permissions for each service on the list. Some rules of thumb:
* Critical services should have a minimum of 3 _active_ maintainers/admins to prevent project lockout
* Each additional maintainer/admin increases the risk of project compromise: for this reason permissions should be removed if they are no longer used
* For services that are not frequently used, each maintainer/admin should check that they really are still able to authenticate to the service and confirm this in the comments
3. Update MAINTAINERS.txt to reflect current permissions
4. (Bonus) Update significant contributors in README.md#acknowledgements
### Critical services
* [ ] **PyPI**: maintainer list is visible to everyone at https://pypi.org/project/tuf/
* Only enough maintainers and org admins to prevent locking the project out
* [ ] **GitHub**: release environment reviewers listed in https://github.com/theupdateframework/python-tuf/settings/environments
* Maintainers who can approve releases to PyPI
* [ ] **GitHub**: permissions visible to admins at https://github.com/theupdateframework/python-tuf/settings/access
* "admin" permission: Only for maintainers and org admins who do project administration
* "push/maintain" permission: Maintainers who actively approve and merge PRs (+admins)
* "triage" permission: All contributors trusted to manage issues
### Other
* [ ] **ReadTheDocs**: admin list is visible to everyone at https://readthedocs.org/projects/theupdateframework/
* [ ] **Coveralls**: everyone with github "admin" permissions is a Coveralls admin: https://coveralls.io/github/theupdateframework/python-tuf
`
})
console.log("New issue created.")
Reference in a new issue View git blame Copy permalink