Skip to content

Latest commit

 

History

History
30 lines (19 loc) · 2.39 KB

using-github-extensions.md

File metadata and controls

30 lines (19 loc) · 2.39 KB

Using GitHub Apps, Extensions, and bots

In OpenTelemetry it is critically important to preserve code integrity, including copyright.

Extensions, apps, or bots that can arbitrarily modify code are NOT allowed. Read-only code access, opening pull requests from another fork, or bug triage bots can be considered to be installed.

Requesting installing of Apps, Extensions, or bots

  • The default answer for installing third party tools in the org is "NO". Justification needs to be provided and supported by multiple org members.
  • Open an issue at https://github.com/open-telemetry/community/issues
    • Include reasoning and SIG(s) requesting this
    • Requests from maintainers typically carry higher weight; please make sure to discuss in the SIG you participate.
    • List permissions required by this extension, app, or bot.
    • If possible: point to other uses of this extensions in OSS.
  • GC member needs to approve with no other GC members raising concerns. It is recommended to discuss each extension, app, or bot that is about to be installed at GC meeting for awareness.
  • Once GC approval received, TC member will install the extension.

Writing your GitHub Actions pipelines

Many GitHub Action workflows do not require a dedicated GitHub account. Good examples are auto-assign workflows for issues and PRs such as the one used in specifications repo.

There are cases when a dedicated account is needed to perform some higher privilege operations. In this cases the recommendation for maintainers is to use their accounts. See example.

Bot accounts are not recommended, as they require special work to pass CLA checks. If pushing automatically-generated, non-copyrightable code using a bot account is required, an explanation should be sent to the Governance Committee for review and forwarding to the EasyCLA team to exempt the bot's commits from the CLA requirement.

OpenTelemetry does not provide org-level access bot accounts. See discussion here: open-telemetry/community#551.

Creating your own GitHub extensions for OpenTelemetry

We didn't encounter these requests yet. The policy will be created once it will become a problem.