Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added docs on how to remove a member #72

Merged
merged 5 commits into from
Sep 11, 2024
Merged
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ To learn more, check out:
* Yes, it's confusing to have a `.github` and `github` directory. That is how gitub-mgmt was originally setup an we're living with it. (At least of 2024-09-05, there is [no backlog item for cleaning this up](https://github.com/ipdxco/github-as-code/issues?page=1&q=is%3Aissue+is%3Aopen).)
* Not all [organization-level roles](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization) are assignable through github-mgmt. For example, organization moderators, billing managers, and ecurity managers need to set through the GitHub UI.
* github-mgmt calls [GitHub organization owners](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-owners) as "admins" in [filecoin-project.yml](https://github.com/filecoin-project/github-mgmt/blob/master/github/filecoin-project.yml). These terms are used interchangably in comments/docs.
* At least as of 202409, AWS resources that terraform uses behind the scenes (e.g., S3 bucket, DDB table) are all stored in an ipdx.co-managed AWS account.

## Organization Owner SOPs
Below is documentation/expecations [filecoin-project owners](https://github.com/orgs/filecoin-project/people?query=role%3Aowner).
Expand All @@ -39,3 +40,19 @@ Below is documentation/expecations [filecoin-project owners](https://github.com/
> Reason: why_the_request_is_being_made
> Approver: who_the_approver_is
> App Installation Link: https://github.com/organizations/filecoin-project/settings/installations/######

### Removing Members From the Organization
Removing members from the organization with github-mgmt has been disabled (see [here](https://github.com/filecoin-project/github-mgmt/blob/master/terraform/resources.tf)). This is a security measure; org member removals are hard to revert because to re-invite someone, they have to accept the invitation.

To remove someone, we follow these steps:
BigLep marked this conversation as resolved.
Show resolved Hide resolved
1. (anyone) Open a PR that removes the member from all teams and repositories and leaves a comment next to their name saying they'll be manually removed via the UI. We do this so there is record in the commit history of the intent of the change.
2. Get the PR approved per normal process.
3. (github-mgmt-steward) Merge the PR.
4. (org owner) Confrim in https://github.com/filecoin-project/github-mgmt/actions that the actions are applied.
5. (org owner) Access the user in the GitHub UI at https://github.com/orgs/filecoin-project/people/USERNAME
6. (org owner) Remove the user from the organization via the "Remove from organization" button.
7. (org owner) Grab a screenshot
8. (org owner) [Run the sync workflow](https://github.com/filecoin-project/github-mgmt/actions/workflows/sync.yml) to remove the user from the terraform state
9. (org owner) Post back in the original PR that the user has been fully removed, including the screenshot and a link to the sync workflow run.

https://github.com/filecoin-project/github-mgmt/pull/66 is an example of this process.
Loading