CE-51 Give BTR Commit Access to Lilac Branches

Owned by Sarina Canelake (Do Not Use) (Deactivated)
Last updated: Oct 20, 2022 by Feanil Patel
2 min read

Problem Statement

The Build Test Release working group (BTR) could use core committer (“write”) access to particular branches. Specifically, it would be beneficial to grant access to the branch “open-release/lilac.master” in 36 repos to the BTR so they could manage the Lilac Open edX release (and subsequent releases) without edX, Inc intervention. Cutting edX, Inc out of the BTR process means the community can be self-service on all named release issues, including porting bugfixes, security patches, and releasing point releases.

Specifics:

  • BTR needs to create release branches (twice per year, in all repos)

  • BTR needs to create tags on the release branches (3-5 times per release, in all repos)

  • BTR needs to cherry-pick/merge fixes to release branches (dozens of times per release, mostly in just a few repos)

Technical Limitations

GitHub does not allow granting access to a repo’s branch to someone who does not already have access to that repo. That is, only someone who already has write access to a repo can have write access to a particular branch.

Proposal 1

This proposal would probably help us for Lilac, but may take too long to get consensus

In order to grant BTR members write access to release branches, we will need to:

  1. Grant BTR members write access to the relevant repos;

  2. Branch-protect master so that the BTR members who do not have Core Committer access to those repos cannot push to master. See https://ben.balter.com/2017/04/14/create-an-open-source-moderator-role-with-protected-branches-on-github/

This is simple but also a big ask. I have not dived into our GitHub groups to figure out how easy or hard it would be to do this; that should be documented, along with the process of how to add a new BTR member and how to add a new Core Committer/edX employee so that the branch protection does its job properly.

Proposal 2

It’s unlikely that this proposal would help us for Lilac

Write a bot that would understand finer-grained permissions, and let certain people direct it to merge or cherry-pick onto the release branch.

Note: the bot could allow only cherry-picking existing commits from master, which could lessen the need for training of authorized cherry-pickers, but we need Legal guidance on that idea.

Proposal 3

This proposal would be most expedient for Lilac

  1. Grant a few BTR members write access to the relevant repos, with the understanding that they should only touch the lilac.master branch.

  2. Trust but verify.

Proposal 4

Fork all relevant repos into the openedx GitHub organization.