You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Github orgs with a diverse set of projects and stakeholders (e.g., filecoin-project) have inherent risks by using github-mgmt/github-as-code. They ideally want a diverse-enough set of representatives with push access to filecoin-project/github-mgmt, but anyone who has push access can effectively make large permissions changes on projects that are unrelated to their own. It would be ideal for example if lotus maintainers could approve permissions changes to their repos or teams but not to other groups' repos and teams.
Ideas
If instead of having one large .yaml file there were multiple YAML files (one per repo or team), codeowners could be used and branch protection to require PR approval from a codeowner.
If gihtub-mgmt CI checks were intelligent to identify which resource or repo was modified, they could wait to pass until someone with write access to that repo or team approved the PR.
The text was updated successfully, but these errors were encountered:
Problem
Github orgs with a diverse set of projects and stakeholders (e.g., filecoin-project) have inherent risks by using github-mgmt/github-as-code. They ideally want a diverse-enough set of representatives with push access to filecoin-project/github-mgmt, but anyone who has push access can effectively make large permissions changes on projects that are unrelated to their own. It would be ideal for example if lotus maintainers could approve permissions changes to their repos or teams but not to other groups' repos and teams.
Ideas
The text was updated successfully, but these errors were encountered: