[RFC 0019] RFC for a maintainers file #19
Conversation
|
We introduced the GitHub CODEOWNERS file a while back. |
|
I didn't know about the Github CODEOWNERS file. There is probably a documentation problem, what is the best place to put it? Could the RFC be extended to include the places where the CODEOWNERS would be used? I also found https://github.com/softprops/git-codeowners which looks really nice, let's get that packaged in. |
|
|
|
So apparently, CODEOWNERS only works if the people have push access to the repo. This is something we want to avoid in the long run. isaacs/github#989 (comment) |
|
Hmm... Just to bounce back on “only works if the people have push access to the repo. This is something we want to avoid in the long run.” In my opinion having github able to add a backdoor into nixpkgs is an issue with the current setup (likely noone would notice an additional commit added by github). In order to solve this issue, I see no other solution than signing all git commits (I wanted to write and submit an RFC somewhere down these lines, but will wait until #18 is solved, given a single RFC stuck in limbo is enough for me). This way each git commit, so each change of the nixpkgs repository, would have a single person asserting “this is not a backdoor that I know of,” and access could be revoked if it was maliciously used. However, this scheme is pretty much incompatible with not giving people push access to the repo. Or do I misunderstand? (BTW, a scheme where all commits are pgp-signed could also enforce that only certain OpenPGP keys are allowed to change some directories, once the scripts are setup to check for it on each pull and on hydra, so I guess that it could interoperate nicely with a MAINTAINERS or CODEOWNERS file?) Edit (after @FRidh's comment): Sorry if I was unclear: I wasn't trying to raise the issue of commit signing, which is indeed a different issue, just to say it doesn't look incompatible to me unless removing push access from maintainers to give them instead to the bot -- in which case the two ideas will likely come into conflict. |
|
@Ekleog signing of commits is a different issue, please discuss that elsewhere. @zimbatm why would we want to avoid that? The following is written in the header of our We have code-owners, and maintainers. The code-owners have merge-rights and own "the bigger picture" and maintainers (who may not have merge-rights) maintain individual expressions. |
rfcs/0019-maintainers.md
Outdated
| <!-- Why are we doing this? --> | ||
| There is no explicit (machine-readable) description of who maintains what. | ||
|
|
||
| Currently, a bot is used to ping people based on the heuristic of who authored |
There was a problem hiding this comment.
That bot was replaced a while ago by the CODEOWNERS file.
rfcs/0019-maintainers.md
Outdated
| [motivation]: #motivation | ||
|
|
||
| <!-- Why are we doing this? --> | ||
| There is no explicit (machine-readable) description of who maintains what. |
There was a problem hiding this comment.
CODEOWNERS file describes who owns portions.
The maintainers fields describe who maintain certain expressions.
rfcs/0019-maintainers.md
Outdated
| might open further automation to delegate merge access. | ||
|
|
||
| <!-- What use cases does it support? --> | ||
| With a maintainers file, we can ping the correct maintainer(s) on a PR. |
There was a problem hiding this comment.
We can already. By evaluating Nixpkgs we see which derivations are affected and can thus ping those maintainers. We just need a bot for it.
|
Erm, why do we want to limit push access to the repo exactly? Liberal granting of the commit bit is a great policy IME. |
|
It's a bit early for the feedback, @moretea and me are still working on the RFC and the rationale will be made clearer when it will be submitted for wider review. I hope that all these questions will be answered by then. |
There was a problem hiding this comment.
Generally, as I've said before and this being supplementary to the nixbot efforts, @grahamc and I are mostly working on reusing effort by @LnL7 and @domenkozar, I agree with this RFC mostly.
A few important points we have to make sure are respected:
- We have to make sure not to duplicate
meta.maintainerswith a MAINTAINERS file, this has to only be supplementary for paths not being possible to be specified bymeta.maintainerse.g. lib; most of the rest should be possible with nix. - IMHO the format of the MAINTAINERS file will have to be specified here before accepting the RFC
rfcs/0019-maintainers.md
Outdated
| [motivation]: #motivation | ||
| <!-- Why are we doing this? --> | ||
| Currently we have two mechanism in place that explictly describes who the owner is. | ||
| It either is defined in the `metadata.maintainers` in a `stdenv.mkDerivation`, or when it matches a |
rfcs/0019-maintainers.md
Outdated
| It either is defined in the `metadata.maintainers` in a `stdenv.mkDerivation`, or when it matches a | ||
| pattern in `CODEOWNERS` file. | ||
|
|
||
| The metadata.maintainers only covers the packages, and does not used to determine reviewers |
rfcs/0019-maintainers.md
Outdated
| This makes further delegation of maintainer responsibilities harder. | ||
|
|
||
| These two systems do not integrate together. | ||
| The meta data in` pokgs/*` is used by Hydra packages break, and the CODEOWNERS is only used by |
rfcs/0019-maintainers.md
Outdated
| This script will read in a MAINTAINERS files, with support for nested delegation like how the | ||
| `.gitignore` files work. | ||
|
|
||
| For files in `pkg/`, the script will try to use the metadata in the packages to find the maintainer. |
rfcs/0019-maintainers.md
Outdated
| - Use Nix file + script to invoke this. | ||
|
|
||
| ## Implementation | ||
| In order to facilitate integration in the GitHub PR + Hydra work by @globin and @gchristensen, |
There was a problem hiding this comment.
This is the issue wrt the comment: mayflower/nixborg#9
rfcs/0019-maintainers.md
Outdated
| currently people either have full commit access, or none at all. | ||
|
|
||
| Therefore, we should implement a format and automation to handle both the data from the | ||
| `metadata.maintainers` and some maintainers file. |
|
@globin yes, the intention is that pkgs/* is special cased in the script, as is described in the RFC. |
edolstra
changed the title
|
Previous related discussion: NixOS/nixpkgs#13602 |
rfcs/0019-maintainers.md
Outdated
| `.gitignore` files work. | ||
|
|
||
| For files in `pkgs/`, the script will try to use the metadata in the packages to find the maintainer. | ||
| If this information cannot be retrieved, it falls back to the rules in the MAINTAINERS file. |
There was a problem hiding this comment.
It should also use the meta.maintainers field of NixOS modules.
rfcs/0019-maintainers.md
Outdated
| There are two high level options to take: | ||
| - Data format, such as toml, yaml, or the | ||
| [Linux kernel's maintainer file format](https://github.com/torvalds/linux/blob/master/MAINTAINERS) | ||
| - Use Nix file + script to invoke this. |
There was a problem hiding this comment.
This seems like a good option, since then we can include lib/maintainers.nix from that file. And it can easily be converted to JSON for processing by other tools (nix eval --json). The format could be something like:
with import lib/maintainers.nix;
[
{ description = "Stdenv";
paths = [ "pkgs/stdenv/*" ... ];
maintainers = [ eelco ... ];
}
{ description = "Haskell Infrastructure";
paths = [ "pkgs/top-level/haskell-packages.nix"
"pkgs/development/compilers/ghc/*"
"pkgs/development/haskell-modules/lib.nix"
];
maintainers = [ peti ... ];
}
]
|
@Shley Whether we want to require approval from maintainers is a policy issue separate from having a maintainers file. The latter is useful in any case, because it enables the bot to automatically ping the maintainers who are responsible for the files changed by the PR. I do think requiring approval for core subsystems or cross-cutting concerns is a good idea, since the situation where any of >80 committers can change (say) stdenv or lib is pretty scary. |
|
I would like to go ahead with this, perhaps with some minor changes:
@moretea Are you still interested in implementing a bot to auto-assign PRs based on the maintainers file? |
|
|
||
| ## Maintainers file format | ||
| The maintainers file format will be a Nix expression. | ||
| This allows easy integration and sharing of the data in `lib/maintainers.nix`, |
There was a problem hiding this comment.
has now moved to maintainers/maintainer-list.nix
| It is not used to determine reviewers on GitHub. | ||
|
|
||
| The [`CODEOWNERS`](https://help.github.com/articles/about-codeowners/) | ||
| is only used to help GitHub select a reviewer and is centrally managed in a single file. |
There was a problem hiding this comment.
- it is used to define ownership over scopes that are not or cannot be set with
meta.maintainers. Examples are additional scripts and structure of and routines for a package set, and thus also library functions. - automatically selecting a reviewer is a nice benefit. Because the
mention-bothad become unreliable and discussion onMAINTAINERSfile was stalled, theCODEOWNERSfile was adopted.
|
|
||
| The [`CODEOWNERS`](https://help.github.com/articles/about-codeowners/) | ||
| is only used to help GitHub select a reviewer and is centrally managed in a single file. | ||
| One of the problems is that this loses the data locality, unlike the `.gitignore` files, on which |
There was a problem hiding this comment.
How so? Because we have two places we describe maintainers? What about nested .gitignore files?
| This makes further delegation of maintainer responsibilities harder. | ||
|
|
||
| These two systems do not integrate together. | ||
| The meta data in `pkgs/*` is used by Hydra packages break, and the `CODEOWNERS` is only used by |
|
|
||
| These two systems do not integrate together. | ||
| The meta data in `pkgs/*` is used by Hydra packages break, and the `CODEOWNERS` is only used by | ||
| GitHub for reviews. |
There was a problem hiding this comment.
And by individuals who simply want/need to know who owns something?
| The `CODEOWNERS` format is not extensible at all; there is no way to specify e.g. that some parts | ||
| require one positive review of the maintainers and others might require more than one. | ||
|
|
||
| Furthermore, GitHub is not suitable to handle the permission that the Nix community needs; |
There was a problem hiding this comment.
This is quite a different topic. I agree with it, but is authorization also within the scope of this RFC? If not, drop it.
| used. --> | ||
|
|
||
| ## Requirements | ||
| The input to the maintainers script is a list of files the output will be a machine readable list |
| of maintainers. It will support a `--why` option to print out which decisions points were | ||
| encountered, in order to debug why someone is a maintainer of a file. | ||
|
|
||
| This script will read in a maintainers files, with support for nested delegation like what is |
There was a problem hiding this comment.
What is the motivation for nested files?
| ``` | ||
|
|
||
| ## Evaluation of rules | ||
| The first rule int the list that matches is accepted. |
|
Closing all draft RFCs. Please feel free to reopen when this is ready for general community review and the RFC shepherd process. |
Rendered