PCM Development/Roles and rights management
Palladio Developer Wiki
Overview
We currently use the following technologies to administrate the Palladio development process:
- GitHub organization: source code management
- JIRA: project management and issue tracking
Motivation
- Current situation: Project participants must be recorded and managed redundantly in GitHub organization and JIRA
- Problem: change of team members too dynamic, results in high maintenance effort
- Thus: Team structures (team organization) should not be mapped in GitHub organization and JIRA, but only access management (technical rights view)
Goal
- Unification of roles & rights management for GitHub organization and JIRA
- MDSD Tools GitHub organization should also be managed with downstream rules for Palladio GitHub organization.
General role concept
Overview on the identified cross-organizational roles
| Cross-organizational roles | Member |
|---|---|
| Administrators | JIRA: Rollen/PCM Strategisch, Rollen/Jira] (https://sdqweb.ipd.kit.edu/wiki-intern/Rollen) |
| Employees | Doktoranden, Professoren; Lehrstuhl KIT, FZI, Lehrstuhl Stuttgart |
| studentische wissenschaftliche Mitarbeiter in the context of Palladio | HIWIs |
| Students & external partners | e.g. Industriepartner |
Overview on the role assignment for GitHub organization and JIRA (incl. read/write rights); these are statically guaranteed by the GitHub rights management.
| General | GitHub-Orga | Jira |
|---|---|---|
| Administrators | Owner | site-admins/jira-administrators |
| Employees | Member (in Repos Write/Maintain/Admin) | jira-developers |
| studentische wissenschaftliche Mitarbeiter | Member (NO admin in repos) | jira-developers |
| Students & external partners | outside collaborator (min. in 1 Repo.) (NO admin in repos) | jira-user |
| Others | outside collaborator (first time contributor) | jira-software-users |
Further information on GitHub roles:
- Repository roles: https://docs.github.com/en/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization#permissions-for-each-role
- Outside Collaborators: https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#outside-collaborators
- Organization members: https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-members
- Organization owners: https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#organization-owners
Best practices: Rules for working with GitHub
- Employees can add their own students as admins, but must also remove them
- Employees can create their own repositories in the organization
- follow naming convention
- define (normally creator of the repo)
- topic 'incubation' should be assigned (repo is therefore not part of the update site, the release and the product)
- Employees are responsible for the maintenance of their created repos (i.e. archiving, making decisions about end-of-life, transferring responsibility to the community if necessary) -> Assume responsibilities according to https://sdqweb.ipd.kit.edu/wiki/Code_Repositories#Repository_Owners
- Best practice in dealing with merge strategy
- Employees in the role of admin can push directly to the master on their created repos
- for everyone else, branch protection should be enabled on the 'master' branch within the repos; Source code contributions can only be integrated via pull request (PR)
- for more details see https://sdqweb.ipd.kit.edu/wiki/PCM_Development/Build_Infrastructure/Github_Repository_Organization
Workflows
JIRA
- Registration: Developers/users must log in to JIRA by registering (the same workplace email address should be used as for git account to enable assignment during development work)
- Joining the group:
- by default (role: jira-software-users); have only read rights but no write permissions
- for write permissions: JIRA admins must become active and assign a role to the registered user( default: jira-user, for developers jira-developer)
GitHub
- Registration with GitHub: Create user account on GitHub
- Joining the organization 'Palladio' (as member or outside collaborator)
- member: GitHub administrators must become active and assign corresponding roles according to table see above.
- outside collaborator: repository owner must become active and assign corresponding roles to repo access