Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blocklist import/export #659

Open
bnb opened this issue Feb 8, 2022 · 5 comments
Open

blocklist import/export #659

bnb opened this issue Feb 8, 2022 · 5 comments

Comments

@bnb
Copy link
Contributor

bnb commented Feb 8, 2022
edited
Loading

per the recent discussion around the moderation team and importing/exporting the blocklist across our three orgs (nodejs, pkgjs, and nodejs-private), I went ahead and built out a GitHub Action that allows us to import blocklists from one organization to another organization. In practice, this means that if someone is blocked in the nodejs org, that block can be imported to the other organizations automatically (presumably on a cron or manual run of the Action, rather than being directly triggered by the block event).

You can find the code in cutenode/action-import-blocklist. Implementing it requires a PAT from an account (presumably, in our case, the Node.js bot account) that has the full admin:org permissions, which is required by the GitHub API.

@nodejs/tsc @nodejs/actions want to get feedback on this. My proposal:

  • implement syncing to pkgjs and nodejs-private by setting up .github repositories in both and adding workflows. I'm happy to help with this, but it's pretty trivial.
  • alternatively, implement syncing by setting up a .github repo in the nodejs org, allowing us to have control within the project of where our blocklist is being exported to and not providing admin:org tokens to those orgs (pkgjs is notably more permissive).

questions I have:

  • currently, the Action uses console.log() to output what's happening. This does include usernames. Is this okay, or would we want to omit those?
  • I'd prefer to move the action to a project-owned organization. Does this belong under nodejs or under pkgjs?
@Trott
Copy link
Member

Trott commented Feb 9, 2022

@nodejs/tsc PTAL. Also, this would be good to at least mention, if not discuss, at the TSC meeting on Thursday.

@ljharb
Copy link
Member

ljharb commented Feb 9, 2022

I think pkgjs is probably a better place for it.

@mhdawson mhdawson mentioned this issue Feb 14, 2022
Closed
@mhdawson mhdawson mentioned this issue Feb 21, 2022
Closed
@mhdawson mhdawson mentioned this issue Feb 28, 2022
Closed
@mhdawson mhdawson mentioned this issue Mar 7, 2022
Closed
@Trott Trott removed the tsc-agenda label Mar 10, 2022
@bnb
Copy link
Contributor Author

bnb commented Mar 15, 2022

@Trott has there been any decision from the TSC on implementing this?

@mhdawson
Copy link
Member

@bnb my recollection is that there were no concerns raised and understanding was that it could move forward.

@bnb
Copy link
Contributor Author

bnb commented Mar 24, 2022

I've moved the repo to pkgjs/action-import-blocklist and have opened nodejs/.github#1 which adds the Action to our organization. I specifically put it in our organization because I'd like to keep control of our data and PATs within the org we more aggressively maintain.

I will need to add a token to the nodejs/.github repo from an account that has admin:org permissions in both organizations. My assumption is that @nodejs-github-bot is the correct account for this. I've created #672 to request this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ljharb @bnb @Trott @mhdawson