sandbox icon indicating copy to clipboard operation
sandbox copied to clipboard
verified publisher icon cncf

[PROJECT ONBOARDING] Hyperlight

Open mrbobbytables opened this issue 9 months ago • 7 comments

Welcome to CNCF Project Onboarding

Sandbox Application reference issue: https://github.com/cncf/sandbox/issues/312

This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project.

We would like your project to complete onboarding within one month of acceptance.

Please track your progress by using "Quote reply" to create your own copy of this checklist in an issue, so that you can update the status as you finish items.

REQUIRED BEFORE PROCEEDING WITH ONBOARDING

A "Project Contribution Agreement" must be completed and any existing trademarks MUST be transferred to the Linux Foundation BEFORE CNCF staff onboarding tasks can be completed. Other tasks can be done by projects in the meantime.

  • [x] Review and understand the CNCF IP Policy. Ensure you are using a CNCF compatible license; inbound projects must use the Apache 2.0 license or seek approval for exceptions. Licenses for dependencies are covered separately below.
  • [x] Review and understand the LF trademark guidelines. Let the TOC know if you plan to change your project name.
  • [ ] Transfer any trademark and logo assets to the Linux Foundation via the Contribution Agreement. CNCF staff will send this document to the contact emails listed in the Sandbox application.

Review and understand other documents

Contribute and transfer other materials

  • [x] Move your project to its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account. If it's already in a GHE account, you will need to remove it from that first.
  • [x] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project.
  • [x] Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace. CNCF staff can help.
  • [x] Join the #maintainers-circle Slack channel.
  • [ ] Transfer your domain to the CNCF. The "LF Stakeholder email" is [email protected]. The "Project" is CNCF.
  • [x] Submit a pull request with your artwork.
  • [ ] Transfer website analytics to [email protected]. CNCF staff can help.

Update and document project details

  • [ ] Ensure that DCO (preferred) or CLA are enabled for all GitHub repositories of the project.
  • [ ] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README.md on GitHub.
  • [ ] Ensure LF footer is on your website and guidelines are followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README.md file). The project-specific footer text you should use will be provided in the Contribution Agreement instructions.
  • [ ] Create a maintainer list and add it to the aggregated CNCF maintainer list via pull request.
  • [ ] Provide emails for the maintainers to get access to the maintainers mailing list and Service Desk. Email them to [email protected].
  • [ ] Start working on written, open governance and consider adding this to a GOVERNANCE.md file at the root of your repo.
  • [ ] Start on an OpenSSF Best Practices Badge.

CNCF staff tasks to support the project

mrbobbytables avatar Mar 04 '25 14:03 mrbobbytables

Welcome to the CNCF Sandbox!

We’re preparing your Contribution Agreement (CA) and will email it to the contacts on your Sandbox application soon. Here’s a preview of a generic CA, which sets up a legal entity for the project and assigns trademarks and logos to the Linux Foundation.

In the meantime, you can tackle some onboarding tasks that don’t depend on the CA, like reviewing documents, outlining any existing governance, and preparing your maintainer lists.

krook avatar Mar 05 '25 22:03 krook

DevStats instance added.

lukaszgryglicki avatar Mar 07 '25 12:03 lukaszgryglicki

Project added to All CNCF DevStats instance and also to Projects Health dashboard.

lukaszgryglicki avatar Mar 10 '25 05:03 lukaszgryglicki

The Landscape entry - https://github.com/cncf/landscape/pull/4266

idvoretskyi avatar Mar 10 '25 20:03 idvoretskyi

Project has been added to CLOMonitor

cynthia-sg avatar Mar 11 '25 10:03 cynthia-sg

Now that your project is in the CNCF GitHub Enterprise account we're going to do these two tasks on our side:

  • Add thelinuxfoundation as an an organization owner, if it's not already one.
  • Use that id to install the "LFX CM" GitHub app which will feed read-only, public activity to LFX Insights.

krook avatar Mar 12 '25 21:03 krook

This is the comment where I keep track of the checklist.

  • [x] Review and understand the CNCF IP Policy. Ensure you are using a CNCF compatible license; inbound projects must use the Apache 2.0 license or seek approval for exceptions. Licenses for dependencies are covered separately below.
  • [x] Review and understand the LF trademark guidelines. Let the TOC know if you plan to change your project name.
  • [x] Transfer any trademark and logo assets to the Linux Foundation via the Contribution Agreement. CNCF staff will send this document to the contact emails listed in the Sandbox application.

Review and understand other documents

Contribute and transfer other materials

  • [x] Move your project to its own separate neutral GitHub organization. This will make it transferable to the CNCF's GitHub Enterprise account. If it's already in a GHE account, you will need to remove it from that first.
  • [x] Accept the invite to join the CNCF GitHub Enterprise account. We'll then add thelinuxfoundation as an organization owner to ensure neutral hosting of your project.
  • [x] Migrate your Slack channels (if any) to the Kubernetes or CNCF Slack workspace. CNCF staff can help.
  • [x] Join the #maintainers-circle Slack channel.
  • [x] Transfer your domain to the CNCF. The "LF Stakeholder email" is [email protected]. The "Project" is CNCF.
  • [x] Submit a pull request with your artwork.
  • [x] Transfer website analytics to [email protected]. CNCF staff can help.

Update and document project details

  • [x] Ensure that DCO (preferred) or CLA are enabled for all GitHub repositories of the project.
  • [x] Ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README.md on GitHub.
  • [x] Ensure LF footer is on your website and guidelines are followed (if your project doesn't have a dedicated website, please adopt those guidelines for the README.md file). The project-specific footer text you should use will be provided in the Contribution Agreement instructions.
  • [x] Create a maintainer list and add it to the aggregated CNCF maintainer list via pull request.
  • [x] Provide emails for the maintainers to get access to the maintainers mailing list and Service Desk. Email them to [email protected].
  • [x] Start working on written, open governance and consider adding this to a GOVERNANCE.md file at the root of your repo.
  • [x] Start on an OpenSSF Best Practices Badge.

CNCF staff tasks to support the project

benazirk avatar Mar 18 '25 17:03 benazirk

  • Add thelinuxfoundation as an an organization owner, if it's not already one.
  • Use that id to install the "LFX CM" GitHub app which will feed read-only, public activity to LFX Insights.

This has now been done by CNCF staff.

krook avatar Mar 31 '25 10:03 krook

Welcome email sent from new mailing list

riaankleinhans avatar Apr 11 '25 15:04 riaankleinhans

Hi @benazirk 🙂 I can set you up on either FOSSA or Snyk so that Hyperlight project repos can be scanned for compliance with the CNCF's 3rd Party License Policy.

Let me know if the project team have a prefence for FOSSA or Snyk and I will get that setup for you.

RobertKielty avatar Apr 28 '25 12:04 RobertKielty

Hi @RobertKielty, thanks for reaching out 🙂 We'd like to proceed with FOSSA. Could you please let us know by when this will be set up? Thank you.

benazirk avatar Apr 29 '25 16:04 benazirk

@RobertKielty anything left to do here for the FOSSA setup?

krook avatar May 12 '25 19:05 krook

Hi @krook, this is in progress so I have checked it off our list of tasks: https://github.com/hyperlight-dev/hyperlight/issues/541

benazirk avatar Jun 02 '25 10:06 benazirk

Hi @krook, this is in progress so I have checked it off our list of tasks: hyperlight-dev/hyperlight#541

Thanks @benazirk, I've checked that off.

@RobertKielty can you please help with FOSSA/Snyk?

krook avatar Jun 02 '25 11:06 krook

@benazirk I've sent you a message on cloud-native Slack to see which license checker tool the project would like to use, FOSSA or Snyk.

RobertKielty avatar Jun 02 '25 12:06 RobertKielty

@benazirk I've sent you a message on cloud-native Slack to see which license checker tool the project would like to use, FOSSA or Snyk.

Hi @RobertKielty, we'd like to proceed with FOSSA, see: https://github.com/cncf/sandbox/issues/348#issuecomment-2839588778 Thanks for setting this up! :)

benazirk avatar Jun 02 '25 14:06 benazirk

I've invited all Hyperlight maintainers to join the CNCF FOSSA Org.

Once the first invite is accepted, I MUST add that person to the team I have set up for you. They will be added as a Team Admin. Team Admins can add people to their team, so as the remaining maintainers accept their invitations, existing Team Admins can add them to the Team.

The key point here is to ensure you are first added to your Team before you start importing code for license scanning.

Then the final step is for the team members to review the FOSSA Docs on importing Projects (your code repos) into FOSSA and carry out the import.

https://docs.fossa.com/docs/quick-import

RobertKielty avatar Jun 02 '25 15:06 RobertKielty

Congrats on completing onboarding Hyperlight team 🎉

krook avatar Jun 17 '25 15:06 krook