mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-07 04:24:10 +01:00
Code Issues
master
infrastructure/.gitlab/issue_templates/New Official Project.md
Sven-Hendrik Haase 99b77cb5b2
Adapt docs for new GitLab UI
2024-10-10 00:04:11 +02:00

98 lines
5.5 KiB
Markdown
Raw Permalink Blame History

<!--
This template should be used by DevOps members when adding a repository to GitLab.
It can be used for migrations as well as new projects.
-->
# Procedure for adding an official project to GitLab
## Details
- **Project name**: my-example
- **Type**: MIGRATION or NEW PROJECT <!-- delete one of these -->
- **Current location**: git.archlinux.org/my-example.git <!-- delete this line if it's a new project and not a migration -->
## New repo checklist
If you want to add a new official project, here are some guidelines to follow:
1. [ ] Evaluate whether the project can sit in the official [GitLab Arch Linux group](https://gitlab.archlinux.org/archlinux)
or whether it needs its own group. It only needs its own group if the primary
development group is somehow detached from Arch Linux and only losely related (for instance: [pacman](https://gitlab.archlinux.org/pacman))
1. [ ] After project creation (use the GitLab import function if you migrate a repo), add the responsible people to the project
in the *Members* page (https://gitlab.archlinux.org/archlinux/my-example/-/project_members)
and give them the `Developer` role. The idea is to let these people mostly manage their own project while not giving them
enough permissions to be able to misconfigure the project.
1. [ ] If mirroring to github.com is desired, work through the **GitHub.com mirroring checklist**
below and then return to this one.
1. [ ] If the project needs a secure runner to build trusted artifacts, coordinate with
the rest of the DevOps team and if found to be reasonable, assign a secure runner
to a protected branch of the project.
1. [ ] If a secure runner is used, create an MR to make sure the project's `.gitlab-ci.yml` specifies
`tags: secure`.
1. [ ] Make sure that the *Push Rules* in https://gitlab.archlinux.org/archlinux/my-example/-/settings/repository
reflect these values:
- `Reject unverified users`: `on`
- `Reject unsigned commits`: `on`
- `Do not allow users to remove tags with git push`: `on`
- `Check whether author is a GitLab user`: `on`
- `Prevent pushing secret files`: `on`
- All of these should be activated by default as per group rules but it's good to check.
1. [ ] The *Protected Branches* in https://gitlab.archlinux.org/archlinux/my-example/-/settings/repository should specify
`Allowed to merge` and `Allowed to push` as `Developers + Maintainers.`
1. [ ] Disable unneeded project features under *Visibility, project features, permissions* (https://gitlab.archlinux.org/archlinux/my-example/edit)
Always:
- `Users can request access`: `off`
Often, but not always:
- Repository -> Container registry
- Repository -> Git Large File Storage (LFS)
- Repository -> Packages
- Analytics
- Requirements
- Security & Compliance
- Wiki
- Operations
## GitHub.com mirroring checklist
### GitLab side
1. [ ] If you want to mirror your repository "my-example" from gitlab.archlinux.org to the github.com/archlinux organization,
you should create an empty project for your project at github.com/archlinux/my-example or
if that's an existing repository, make sure that the current histories of the source and
target repository are exactly the same.
1. [ ] Go to https://gitlab.archlinux.org/archlinux/my-example/-/settings/repository and open
*Mirroring repositories*. Make sure it has these settings:
- `Git repository URL`: `ssh://git@github.com/archlinux/my-example.git`
- `Mirror direction`: `Push`
- `Authentication method`: `SSH public key`
- `Only mirror protected branches` : `off`
1. [ ] Click `Mirror repository`.
1. [ ] A new entry will pop up which has a button titled `Copy SSH public key`. Click that to copy the public key to your clipboard.
### GitHub side
1. [ ] Log in with your primary GitHub account.
1. [ ] Go to https://github.com/archlinux/my-example/settings/access and assign the `Admin` role to the GitHub account
`archlinux-github`.
1. [ ] Log in as the `archlinux-github` technical user. This is important as otherwise pushes won't be associated correctly.
1. [ ] Go to https://github.com/archlinux/my-example/settings/keys and add a new deploy key.
1. [ ] Name it "gitlab.archlinux.org" so we know where it's from.
1. [ ] Paste the public key you copied from GitLab earlier.
1. [ ] Check `Allow write access`.
1. [ ] Click `Add key`.
1. [ ] Verify the push mirror works by clicking the `Update now` button.
1. [ ] In the repository settings on GitHub's side you should disable a few things to clean up the project page:
- `GitHub Actions`
- `Wiki`
- `Issues`
- `Projects`
1. [ ] Go to https://github.com/archlinux/my-example/settings/hooks and add a new webhook
- `Payload URL`: `$(misc/get_key.py misc/vaults/vault_github.yml github_pull_closer_webhook_url)`
- `Content type`: `application/json`
- `Which events would you like to trigger this webhook?`
- `Let me select individual events.`: `Pull requests`
1. [ ] In the GitHub description of the mirrored project, append " (read-only mirror)" so that people know it's a mirror.
1. [ ] Disable `Packages` and `Environments` from being shown on the main page.
1. [ ] In the website field put the full url to the repository on our GitLab.
1. [ ] Go to https://github.com/archlinux/my-example/settings/access and remove the GitHub account `archlinux-github`
1. [ ] Go to https://github.com/orgs/archlinux/teams/read-only-mirrors/repositories and add the repository with `write` permission
View Git Blame Copy Permalink