toc
toc copied to clipboard
cncf
[SANDBOX PROJECT ONBOARDING] OpenFGA
Welcome to CNCF Project Onboarding! This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project. We would like to complete onboarding within one month of acceptance.
From the project side, please ensure that you:
- [x] Understand the project proposal process and reqs: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
- [x] Understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
- [x] Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
- [x] Review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
- [x] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
- [x] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
- [x] Is your project working on written, open governance? see https://contribute.cncf.io/maintainers/governance/
- [ ] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
- [ ] Is your project in its own separate neutral github organization?
- [x] Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io
- [x] Create maintainer list + add to aggregated https://maintainers.cncf.io list by submitting a PR to it
- [x] Have added your project to https://github.com/cncf/contribute
- [ ] Artwork: Submit a pull request to https://github.com/cncf/artwork with your artwork
- [ ] Domain: transfer domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63
Things that CNCF will need from the project:
- [x] Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk
- [ ] Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
- [ ] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership
- [ ] GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
- [ ] GitHub: ensure that hat the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
- [ ] Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
- [x] Website: Analytics transferred to [email protected]
- [x] CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en
Things that the CNCF will do or help the project to do:
- [x] Devstats: add to devstats https://devstats.cncf.io/
- [x] Marketing: update relevant intro + slide decks
- [x] Events: update CFP + Registration + CFP Area forms
- [ ] ServiceDesk: confirm maintainers have read https://www.cncf.io/services-for-projects/
- [ ] CNCF Welcome Email Sent to confirm maintainer list access, welcome email has monthly project sync details
- [ ] Create space for meetings/events on https://community.cncf.io, e.g., https://community.cncf.io/pravega-community/ - (https://github.com/cncf/communitygroups/blob/main/README.md#cncf-projects)
- [ ] Adopt a license scanning tool, like FOSSA or Snyk
@amye our CI/CD pipeline currently uses tools like Semgrep/Snyk for vulnerability scanning/FOSSA for licensing, in their non-free tiers, paid by Okta. Those runs from Github Actions.
I see we can get FOSSA with CNCF's help, not sure if we can get Snyk for vulnerability scanning.
Can we keep using Snyk for vulnerability scanning and the paid Semgrep tier, or should we move to free tiers?
Thanks
- [X] Understand the project proposal process and reqs: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
- [X] Understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
- [X] Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
- [X] Review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
- [X] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
- [X] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
- [X] Is your project working on written, open governance? see https://contribute.cncf.io/maintainers/governance/
- [] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
We are currently using Discord. Should we start using Slack?
- [X] Create maintainer list + add to aggregated https://maintainers.cncf.io list by submitting a PR to it https://github.com/cncf/foundation/pull/422
- [X] Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk
Adrian Tam [email protected] (@adriantam) Andres Aguiar <[email protected] (@aaguiarz) Craig Pastro [email protected] (@craigpastro) Damian Schenkelman [email protected] (@dschenkelman) Jakub Hertyk [email protected] (@curfew-marathon) Jonathan Whitaker [email protected] (@jon-whit) Maria Ines Parnisari [email protected] (@miparnisari) Mat Dupont [email protected] (@matldupont) Matthew Pereira [email protected] (@matthewpereira) Raghd Hamzeh [email protected] (@rhamzeh) Yamil Asusta [email protected] (@elbuo8)
- [X] GitHub: ensure that hat the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub https://github.com/openfga/.github/blob/main/CODE_OF_CONDUCT.md
- [X] CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en
https://bestpractices.coreinfrastructure.org/en/projects/6374
GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
Do you have a preference?
We are currently using https://cla-assistant.io/ for CLAs, can we use https://easycla.lfx.linuxfoundation.org/#/ instead?
- Website: Analytics transferred to [email protected]
We don't have analytics on the website. Should we integrate an analytics service? Any preference?
- Website: Analytics transferred to [email protected]
We don't have analytics on the website. Should we integrate an analytics service? Any preference?
If you don't already have one, no need!
GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
Do you have a preference?
We are currently using https://cla-assistant.io/ for CLAs, can we use https://easycla.lfx.linuxfoundation.org/#/ instead?
Yes, the EasyCLA team is at https://jira.linuxfoundation.org/plugins/servlet/theme/portal/4/create/143 - they'll be able to help you out!
@amye our CI/CD pipeline currently uses tools like Semgrep/Snyk for vulnerability scanning/FOSSA for licensing, in their non-free tiers, paid by Okta. Those runs from Github Actions.
I see we can get FOSSA with CNCF's help, not sure if we can get Snyk for vulnerability scanning.
Can we keep using Snyk for vulnerability scanning and the paid Semgrep tier, or should we move to free tiers?
Thanks
@jeefy can help with Synk or FOSSA
jeefy can help with Synk or FOSSA
@amye Can we keep Semgrep using our Okta license, or do we need to move to create an account for OpenFGA and move to a free tier?
Thanks!
For transferring the domain here https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63 should I set it this way?
Project: "None" LF Stakeholder email: @caniszczyk's Community Stakeholder email: mine
Thanks!
For transferring the domain here https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63 should I set it this way?
Project: "None" LF Stakeholder email: @caniszczyk's Community Stakeholder email: mine
Thanks! You want Project to be 'CNCF'.
- [X] Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io/ https://github.com/cncf/landscape/pull/2766
- [X] Artwork: Submit a pull request to https://github.com/cncf/artwork with your artwork https://github.com/cncf/artwork/pull/362
@amye Is it OK if we send the agreement in https://github.com/cncf/foundation/tree/main/agreements to @caniszczyk 's email through DocuSign? Should we send it to someone else?
@amye Is it OK if we send the agreement in https://github.com/cncf/foundation/tree/main/agreements to @caniszczyk 's email through DocuSign? Should we send it to someone else?
Send it to [email protected]
- [X] Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
- [X] Is your project in its own separate neutral github organization?
- [X] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership
@amye In our notice.txt files we have "Copyright 2022 Okta, Inc.". I see other projects use "The <Project> Authors". Is it OK if we use "The OpenFGA Project Authors"? Should we mention CNCF?
Andres, please see: https://github.com/cncf/foundation/blob/main/copyright-notices.md#copyright-notices
On Thu, Oct 20, 2022 at 8:44 AM Andrés Aguiar @.***> wrote:
@amye https://github.com/amye In our notice.txt files we have "Copyright 2022 Okta, Inc.". I see other projects use "The Authors". Is it OK if we use "The OpenFGA Project Authors"? Should we mention CNCF?
— Reply to this email directly, view it on GitHub https://github.com/cncf/toc/issues/921#issuecomment-1285568975, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAPSINN5DWYJGCXCUWY6Z3WEFEELANCNFSM6AAAAAAQLVWZDI . You are receiving this because you were mentioned.Message ID: @.***>
-- Cheers,
Chris Aniszczyk https://aniszczyk.org
- [X] Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
Check https://openfga.dev/
Also make sure you work on any issues found here :) https://clomonitor.io/projects/cncf/openfga
On Fri, Oct 21, 2022 at 7:28 AM Andrés Aguiar @.***> wrote:
- Website: ensure LF footer is there and website guidelines https://github.com/cncf/foundation/blob/master/website-guidelines.md followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
Check https://openfga.dev/
— Reply to this email directly, view it on GitHub https://github.com/cncf/toc/issues/921#issuecomment-1286896194, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAPSIOQTJUNDPE5WQXRYVTWEKD7ZANCNFSM6AAAAAAQLVWZDI . You are receiving this because you were mentioned.Message ID: @.***>
-- Cheers,
Chris Aniszczyk https://aniszczyk.org
@jeefy now the Github org is part of CNCF's org, would it be possible to setup the integration with Synk and FOSSA? Thanks a lot.
@amye can you confirm if I should use @caniszczyk 's emails as "LF Stakeholder" when transferring the domains? Thanks!
- [X] Domain: transfer domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63
https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-24780
I think we are done from our side, we still need help to:
- Setup EasyCLA
- Setup FOSSA/Snyk
Thanks for your help!