Set repository permissions using organisation teams

[eddybrando]

GitHub gives us the option to create teams at the organisation level.

The teams feature is active in the qiskit-community organisation, were many of our repositories live: https://github.com/orgs/qiskit-community/teams.

We can leverage this feature to simplify the access permission management.

I created two teams to test this out:

• https://github.com/orgs/qiskit-community/teams/digital-applications-devs (Devs only)
• https://github.com/orgs/qiskit-community/teams/digital-applications (Not devs)

We might want to consider adding "digital-applications-designers", for example, as well.

This makes it much easier to give quick access to the relevant repositories for our team members, instead of having to add them one by one.

And it also still gives us the option to add them one by one if needed.

This proposal is to review this teams and adjust the permissions in the relevant Digital Applications repositories to prefer team permissions over individual user permissions.

And additional advantage, is that we could add a team to the CODEOWNERS files in the repositories to automatically assign code reviews to all dev team members, and have only one central place that need to be changed to makes changes in the case of team updates.

[techtolentino]

I love this idea, @eddybrando - thanks for informing us of this feature and for thinking of the ways it can benefit the team. I'd be willing to give it a try.

[vabarbosa]

@eddybrando good idea..... definitely, prefer team permissions over individual permissions

[abdonrd]

I think it's great to organize permissions by teams! 👏🏻

Regarding the CODEOWNERS I do not agree so much. I think it would be better to assign just the most involved people to each project. Otherwise we all get too many notifications for all the PRs. Which is something that is already happening.

[eddybrando]

That's a very valid point you bring up @abdonrd. And I actually thought the same.

But with the main Qiskit Digital Application development projects, we might indeed want every Qiskit Digital Application dev to be on the loop and be able to also switch between multiple projects if needed.

This wouldn't apply to "side-projects", "beta-projects", projects no directly owned by the Qiskit Digital Application team.

And there is also the possibility to adjust the personal notification settings per repository.

[abdonrd]

[...] we might indeed want every Qiskit Digital Application dev to be on the loop and be able to also switch between multiple projects if needed.

Just with the permissions by teams we will achieve that, right?

And we also can watch the repositories that we want to follow in more detail, without having to be forced as reviewers (with its consequent notification). Which still allows any of us to make a valid review (since we will have permissions due to permissions per team) if they want and have time.

[vabarbosa]

now we also have these teams in Qiskit org:

• https://github.com/orgs/Qiskit/teams/qiskit-digital/members
• https://github.com/orgs/Qiskit/teams/qiskit-digital-devs/members

[eddybrando]

Conclusion

We'll use the newly created "qiskit-digital" and "qiskit-digital-devs" teams in both the Qiskit and qiskit-community orgs to manage the repository permissions of our projects, but we'll not use it to automatically assign pull requests to all team members.

We can continue talking about what to do with pull requests auto assigns in another discussion.

[eddybrando]

• The "qiskit-digital" teams will have the Triage role.
• The "qiskit-digital-devs" teams will have the Write role.

Additional roles (like Admin) can still be applied to individual users.

Is this OK, @vabarbosa?