[SANDBOX PROJECT ONBOARDING] Kairos

[jeefy]

Welcome to CNCF Project Onboarding!

This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project into the Sandbox.

We would like to complete onboarding within one month of acceptance.

From the project side, please ensure that:

• [x] You understand the project proposal process and requirements: https://github.com/cncf/toc/blob/main/process/README.md
• [x] You understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
• [x] You ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
• [x] You review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
• [x] You understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
• [x] You understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
• [x] Your project is working on written, open governance. See https://contribute.cncf.io/maintainers/governance/
• [x] Your Slack channels are migrated to the Kubernetes or CNCF Slack workspace. See https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
• [x] Your project in its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account.
• [x] You submit a pull request to add your project as a Sandbox project to https://landscape.cncf.io
• [x] You create maintainer list + add to aggregated https://maintainers.cncf.io list by submitting a PR to it
• [x] You submit a pull request to https://github.com/cncf/artwork with your artwork
• [x] You transfer your domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63

Things that CNCF will need from the project:

• [x] Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and Service Desk - [email protected] is the best email to send those to
• [ ] Transfer any trademark and logo assets to the Linux Foundation via the Contribution Agreement.
• [x] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project
• [x] Ensure that DCO or CLA are enabled for all GitHub repositories of the project
• [x] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
• [x] Ensure LF footer is on your website and guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README file of your project on GitHub).
• [x] Transfer website analytics to [email protected]
• [x] Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en

Things that the CNCF will do or help the project to do:

• [x] Add your project to DevStats https://devstats.cncf.io/
• [x] Add your project to LFX Insights https://insights.v3.lfx.linuxfoundation.org/. This is a read-only app added to the GitHub organization once your project is in the CNCF GitHub Enterprise account and we add thelinuxfoundation as an organization owner.
• [x] Update relevant marketing intros and slide decks
• [x] Update event call for papers, registration, and CFP area forms
• [x] Confirm maintainers have read about what's available through the Service Desk https://www.cncf.io/services-for-projects/
• [x] CNCF sends a welcome email to confirm maintainer list access
• [x] Book time with the team using http://project-meetings.cncf.io
• [x] Create space for meetings/events on https://community.cncf.io, e.g., https://community.cncf.io/pravega-community/ - (https://github.com/cncf/communitygroups/blob/main/README.md#cncf-projects)
• [x] Adopt a license scanning tool, like FOSSA or Snyk

[lukaszgryglicki]

DevStats instance added, adding to "All CNCF" instance in progress, researching affiliations in progress.

[lukaszgryglicki]

Project added to All CNCF DevStats instance, also included in projects health dashboards here and there.

[mudler]

Hello @jeefy !

We have already addressed the following items from the list:

• [x] You understand the project proposal process and requirements: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
• [x] You understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
• [ ] You ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
• [x] You review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
• [x] You understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
• [x] You understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
• [x] Your project is working on written, open governance. See https://contribute.cncf.io/maintainers/governance/
• [ ] Your Slack channels are migrated to the Kubernetes or CNCF Slack workspace. See https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details) Your project in its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account.
• [x] You submit a pull request to add your project as a Sandbox project to https://landscape.cncf.io/
• [x] You create maintainer list + add to aggregated https://maintainers.cncf.io/ list by submitting a PR to it https://github.com/cncf/foundation/pull/782 https://github.com/kairos-io/community/blob/main/MAINTAINERS.md
• [x] You submit a pull request to https://github.com/cncf/artwork with your artwork https://github.com/cncf/artwork/pull/472
• [ ] You transfer your domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63

Things that CNCF will need from the project:

• [ ] Provide emails for the maintainers added to https://maintainers.cncf.io/ in order to get access to the maintainers mailing list and Service Desk - [email protected] is the best email to send those to
• [ ] Transfer any trademark and logo assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
• [x] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project
• [ ] Ensure that DCO or CLA are enabled for all GitHub repositories of the project
• [x] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub https://github.com/kairos-io/community/blob/main/CODE_OF_CONDUCT.md
• [ ] Ensure LF footer is on your website and guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README file of your project on GitHub).
• [x] Transfer website analytics to [email protected]
• [ ] Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en

[jeefy]

Updated the top-level checklist, thanks!

[krook]

Your project in its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account.

@mudler it looks like this is already done: https://github.com/kairos-io

If so, I can invite that org to the CNCF GHE. Once the invite is accepted and onboarded, we can then add thelinuxfoundation id as an org Owner and begin the LFX Insights onboarding step.

[mudler]

Your project in its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account.

@mudler it looks like this is already done: https://github.com/kairos-io

If so, I can invite that org to the CNCF GHE. Once the invite is accepted and onboarded, we can then add thelinuxfoundation id as an org Owner and begin the LFX Insights onboarding step.

Invite accepted and I've just sent an invite to thelinuxfoundation to being added as owner

[mudler]

• [ ] Transfer website analytics to [email protected]

We don't collect any analytics on the website, so we can mark also this as done

[mudler]

* [ ]  Your Slack channels are migrated to the Kubernetes or CNCF Slack workspace. See https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)

@krook @jeefy I've created the #kairos channel on the CNCF slack and created the export file - however I cannot import as I don't see the option in Slack - how can we proceed with migrating the Slack channel?

[mauromorales]

Quick question, how is https://www.cncf.io/sandbox-projects/ updated? We've added the artwork, but it's still missing from this website, I'm not sure if I'm missing a PR somewhere else or is just a matter of time

[krook]

@krook @jeefy I've created the #kairos channel on the CNCF slack and created the export file - however I cannot import as I don't see the option in Slack - how can we proceed with migrating the Slack channel?

@RobertKielty can you please take a look?

[RobertKielty]

Hi @mudler I will DM you on the CNCF Slack to arrange to get acces to the export file. Then I can do that import for you.

[RobertKielty]

@mauromorales I have created a Kairos Team on CNCF FOSSA and a Kairos Organziation under the CNCF Group on Snyk, let me know which you prefer for running license scans.

You are free to use either service (or both) for tracking the project's compliance with the CNCF License Policy

We can work through the setup of either or both of these static code checkers when ever suits you.

[mauromorales]

Thanks, @RobertKielty, we'd prefer to use Snyk for the scans. For the setup, do we need to plan a call? Or is it just following some docs. If it's a call, as long as its EU working hours, I can make time for it

[krook]

Kairos is now in GHE with thelinuxfoundation as an owner, and it's onboarded to Insights.

[RobertKielty]

FOSSA and Snyk have Karios added but both have zero memebership.

No email addresses recoreded internally, so cannot send out email invites to join.

@Cmierly let me know when we have maintainer email addresses then I will add them to either the CNCF FOSSA or Snyk setups (or both!)

[mudler]

Updating where we are as today:

• [x] You understand the project proposal process and requirements: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
• [x] You understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
• [x] You ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
• [x] You review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
• [x] You understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
• [x] You understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
• [x] Your project is working on written, open governance. See https://contribute.cncf.io/maintainers/governance/
• [x] Your Slack channels are migrated to the Kubernetes or CNCF Slack workspace. See https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details) Your project in its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account.
• [x] You submit a pull request to add your project as a Sandbox project to https://landscape.cncf.io/
• [x] You create maintainer list + add to aggregated https://maintainers.cncf.io/ list by submitting a PR to it https://github.com/cncf/foundation/pull/782 https://github.com/kairos-io/community/blob/main/MAINTAINERS.md
• [x] You submit a pull request to https://github.com/cncf/artwork with your artwork https://github.com/cncf/artwork/pull/472
• [ ] You transfer your domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63

Things that CNCF will need from the project:

• [x] Provide emails for the maintainers added to https://maintainers.cncf.io/ in order to get access to the maintainers mailing list and Service Desk - [email protected] is the best email to send those to
• [ ] Transfer any trademark and logo assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
• [x] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project
• [x] Ensure that DCO or CLA are enabled for all GitHub repositories of the project
• [x] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub https://github.com/kairos-io/community/blob/main/CODE_OF_CONDUCT.md
• [x] Ensure LF footer is on your website and guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README file of your project on GitHub).
• [x] Transfer website analytics to [email protected]
• [ ] Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en

Regarding the trademarks assignments, who shall we send the signed papers? Also, to who we should transfer the DNS domains?

[RobertKielty]

@mudler @jimmykarily @itxaka @mauromorales

I have sent out invites to join the CNCF Group on Snyk as members of the Kairos team I have created there.

I just need one of you to accept the invite, import your code repo(s) and run a licesne scan there we can call this done. And issues reach out to me here or on CNCF Slack.

[mudler]

@mudler @jimmykarily @Itxaka @mauromorales

I have sent out invites to join the CNCF Group on Snyk as members of the Kairos team I have created there.

I just need one of you to accept the invite, import your code repo(s) and run a licesne scan there we can call this done. And issues reach out to me here or on CNCF Slack.

Hi @RobertKielty , I've tried that today, but it fails to accept the invite with:

[Itxaka]

@mudler @jimmykarily @Itxaka @mauromorales

I have sent out invites to join the CNCF Group on Snyk as members of the Kairos team I have created there.

I just need one of you to accept the invite, import your code repo(s) and run a licesne scan there we can call this done. And issues reach out to me here or on CNCF Slack.

Hi @RobertKielty , I've tried that today, but it fails to accept the invite with:

I had to create an user with the spectro address as login to be able to accept it. Check if it's that?

Wait. It says one if you... Maybe the invitation was valid only for one user? Shiit, sorry I accepted it but could not add it due to not being a Kairos-io admin

[jimmykarily]

But @Itxaka I see your projects there (I accepted the invitation too). Maybe you added your projects accidentally?

[Itxaka]

Yes I was playing there with the imports and such and messed up and imported my whole user while trying to give permissions to the Kairos or in GitHub. I also dropped my account to see if I could remove those by that, as it was a manual one by one removal otherwise.

Now my account won't have Kairos access in snyk anymore but my projects seem to be there lol.

I messed it up, sorry about that

[RobertKielty]

Hi @Itxaka thank you for taking on this task. Yes you are correct to say that we need the main project repos added from the kairos-io org. I will remove the projects you added and see if we can start over.

[RobertKielty]

@Itxaka @jimmykarily On Snyk, I deleted the Kairos organizaion and re-invited the project maintainers to join. So please accept the new invites. And add the project repos from the kairos-io org for license scanning.

[Itxaka]

@RobertKielty I think you picked the wrong org, I got an invitation to Kubeslice :D

[RobertKielty]

Thank you for letting me know! I'll re-send the invite.

[mauromorales]

I have access to Snyk, and a kairos org, but I don't see any projects, are we missing to add them or am I stuck in snyk limbo? :P

[RobertKielty]

@mauromorales thank you for accepting the invite!

Yes, you are correct; you need to import the project code repos for scanning.

Use a GitHub account that has access to the main Kairos code repo and also has the email address that I used for you invite to import the project.

You will get a first read on where the project code complies with the CNCF License policy and where it is non-compliant

The license policiy is configured at the Snyk CNCF Group level so you do not need to do anything on that.

One your repo is imported and scanned you can visit

Dependancies > Licenses

to see a list of licenses that the project is using. Look out for medium and high priority issues and then we can take if from there.

To start this off today you can visit

https://docs.snyk.io/scan-using-snyk/start-scanning-using-the-cli-web-ui-or-api

and follow the directions for Scanning using the WebUi.

[mauromorales]

@RobertKielty thanks for the detailed instructions

@mudler I don't seem to have access to import the repos, could you check if you do?

[RobertKielty]

@mudler, @jimmykarily, @itxaka, @mauromorales

@mauromorales is still the only maintainer who has accepted the invite to join the Kairos team on CNCF Snyk. EDIT : I also see @itxaka on the team.

I have re-issued the invites so they do not expire.

As a team, can you either

grant @mauromorales repo access to they can import the project into Snyk

-or-

have one the remaining maintainers who has repo access, accept the invite and import code repos for the project into Snyk.

Snyk invites have been sent to the email addresses that we have on record as maintainers of the project.

Thank you.

[mudler]

@RobertKielty thank you - however there is still something that doesn't work here. I receive the invitation, but as soon as I click on the "Accept invitation" it says that the invitation is not valid: I am logging with my github account here (@mudler) as the maintainer email is an alias to my mail addresses.