toc icon indicating copy to clipboard operation
toc copied to clipboard

Published 20 hours ago verified publisher icon cncf

[SANDBOX PROJECT ONBOARDING] SOPS

Open amye opened this issue 2 years ago • 16 comments

Welcome to CNCF Project Onboarding! This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project. We would like to complete onboarding within one month of acceptance.

From the project side, please ensure that you:

Things that CNCF will need from the project:

  • [x] Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk - [email protected] is the best email to send those to
  • [x] Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
  • [x] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership that we will onboard to our GitHub Enterprise instance: https://github.com/enterprises/cncf
  • [x] GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
  • [ ] GitHub: ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
  • [ ] Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
  • [ ] Website: Analytics transferred to [email protected]
  • [ ] OpenSSF Best Practices Badge: Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en

Things that the CNCF will do or help the project to do:

amye avatar May 17 '23 16:05 amye

DevStats page added. Will also be added to All CNCF around Monday next week.

lukaszgryglicki avatar May 20 '23 04:05 lukaszgryglicki

Also added to All CNCF, table.

lukaszgryglicki avatar May 21 '23 05:05 lukaszgryglicki

Checking in on this one: @hiddeco -

  • Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io/

This both puts your project on the landscape and the CNCF projects page, so it's pretty important!

amye avatar Jun 07 '23 17:06 amye

Checking in on this one: @hiddeco -

  • Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io/

This both puts your project on the landscape and the CNCF projects page, so it's pretty important!

Quick ping on this, this gets you on the sandbox project page on the website. @hiddeco - anyone else I should work with on this?

amye avatar Jun 14 '23 21:06 amye

I am still awaiting the official handover from Mozilla Foundation, which is blocking further announcements.

hiddeco avatar Jun 15 '23 13:06 hiddeco

I am still awaiting the official handover from Mozilla Foundation, which is blocking further announcements.

Ah, got it! I will hold then.

amye avatar Jun 15 '23 19:06 amye

Bit of a jigsaw puzzle here in terms of getting things done in the right order, as we are lacking an artwork at present which seems to be pretty much required for the landscape.

I am working on resolving the maintainers list first, will then get us onto https://maintainers.cncf.io, to then make use of the ServiceDesk.

However, I can confirm at present:

  • [x] Understand the project proposal process and reqs: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
  • [x] Understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
  • [x] Review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
  • [x] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
  • [x] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
  • [x] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
  • [x] Is your project in its own separate neutral github organization?

Plus:

  • [x] GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project

hiddeco avatar Jun 30 '23 23:06 hiddeco

As licensing scanning tool, my preference would go out to FOSSA.

hiddeco avatar Jun 30 '23 23:06 hiddeco

Aha! This explains a bunch of things. Ok. @RobertKielty for FOSSA for next week.

amye avatar Jun 30 '23 23:06 amye

I'll set up a team, send out invites.

RobertKielty avatar Jun 30 '23 23:06 RobertKielty

@RobertKielty Hi! Were the FOSSA invites sent?

Cmierly avatar Sep 28 '23 23:09 Cmierly

We have been invited, project should be available in FOSSA dashboard now. We are running into a

You are not permitted to edit this project.

however (using a push-only API key generated from my account), see: https://github.com/getsops/sops/pull/1308

hiddeco avatar Sep 29 '23 07:09 hiddeco

@RobertKielty - what might be the hangup here?

amye avatar Oct 09 '23 22:10 amye

Added to LFX Insights

krook avatar Jan 09 '24 21:01 krook

I have sent out an email to [email protected] with details of the FOSSA Setup and I DM'd @sabre1041 on Slack to share credentials.

I will mark FOSSA setup as complete when @sabre1041 has let me know that that SOPS repos are being scanned.

RobertKielty avatar Mar 11 '24 15:03 RobertKielty

SOPS Are scanning 5 projects with FOSSA

RobertKielty avatar Mar 14 '24 14:03 RobertKielty