Skip to content

Updating the Concourse WG charter to enable automated user management#1540

Open
taylorsilva wants to merge 1 commit into
cloudfoundry:mainfrom
taylorsilva:concourse-wg-user-automation
Open

Updating the Concourse WG charter to enable automated user management#1540
taylorsilva wants to merge 1 commit into
cloudfoundry:mainfrom
taylorsilva:concourse-wg-user-automation

Conversation

@taylorsilva

Copy link
Copy Markdown
Contributor
  • Tagged the "Roles & Technical Assets" block as YAML so CFF automation can pick it up
  • Updated the list of repositories that are archived and sorted the existing list
  • Added our bots to the bots section

TODO's and Questions before merging

@taylorsilva

Copy link
Copy Markdown
Contributor Author

@beyhan I'm mostly looking for confirmation that the team names are what I expect them to be. Once that item is cleared and I merge concourse/ci#430, this PR can then be merged.

@beyhan beyhan requested review from a team, Gerg, beyhan, cweibel, rkoster and stephanme and removed request for a team July 1, 2026 06:19
@beyhan beyhan added the toc label Jul 1, 2026
@beyhan

beyhan commented Jul 1, 2026

Copy link
Copy Markdown
Member

@taylorsilva to my knowledge yes, but @stephanme could you please confirm this.

@stephanme stephanme left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition, I have to add the concourse github org to the managed orgs in python coding and to orgs.yml.

Ideally, this PR and the changes to orgs.yml + python coding are merged atomically after reviewing the resulting orgs.out.yml (= the input file for peribolos which does the heavy lifting).

I will prepare the changes in the org automation.

Comment thread toc/working-groups/concourse.md
@stephanme

Copy link
Copy Markdown
Member

The team names will be:

  • wg-concourse (includes all leads and approvers)
  • wg-concourse-leads
  • wg-concourse-bots
  • wg-concourse-core-[approvers/reviewers]

(final prove is the output file of the org automation)

stephanme added a commit that referenced this pull request Jul 2, 2026
- concourse wg definition taken from #1540
- Tagged the "Roles & Technical Assets" block as YAML and added the
  `org` key so CFF automation can pick it up
- Updated the list of repositories that are archived and sorted the
  existing list

Signed-off-by: Taylor Silva <dev@taydev.net>
@taylorsilva taylorsilva force-pushed the concourse-wg-user-automation branch from 5fecc51 to 317a5c9 Compare July 2, 2026 17:34
stephanme added a commit that referenced this pull request Jul 3, 2026
- concourse wg definition taken from #1540
@stephanme

Copy link
Copy Markdown
Member

The PR validation fails now because the concourse org is not yet onboarded as "managed org".

I prepared the necessary changes in #1545 and copied the the yaml block of the Concourse WG charter.

Next steps:

  • I'm currently validating a workflow (Dump Github Organization Settings) in the cloudfoundry org because it didn't run for very long time.
  • You need to install the "CF Foundation Community Automation" github app in your org and grant it the following permissions to all repos (these are the permissions granted in the cloudfoundry org):
    • Read access to metadata
    • Read and write access to administration, checks, code, commit statuses, environments, issues, members, organization administration, organization user blocking, and pull requests
    • Admin access to organization projects and repository projects
  • I will adapt the Dump Github Organization Settings workflow to export the concourse org and run it. It creates a PR that contains the repo list needed for orgs.yaml. If it succeeds we also know that the github app is properly configured and authorization works.
  • I will manually run the org automation Python program and copy the resulting org and branchprotection output for concourse into Add concourse github org to org automation #1545 for a final review.
  • Finally, you and TOC approves Add concourse github org to org automation #1545, it gets merged and we will see what happens. Expectation is that the teams are created, repo access is managed by those teams and that the branchprotection is configured for all repos.
  • Cleanup: archive unmanaged repos (repos in the concourse org that are not listed in your WG charter), delete any direct repo access (bypassing the teams created by the org automation).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

Status: Inbox

Development

Successfully merging this pull request may close these issues.

3 participants