Update project infrastructure documentation #879
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -3,12 +3,15 @@ | |||||
| The OpenJS Foundation provides a number of services to support critical infrastructure for hosted projects. We expect projects to be respectful of these services, to abide by their terms of use, and to be put into use for the good of the project and the OpenJS Foundation. | ||||||
|
|
||||||
| ## Billing for services and mitigating the bus factor | ||||||
| **For all project services, please add an OpenJS or Linux Foundation account at an owner or highest-level of permission access.** This helps ensure continuity by reducing the bus factor on the project, and ensures you are never locked out. It is also **required** in order for the OpenJS Foundation to pay service fees on behalf of your project. Access to the OpenJS Foundation administrator/owner account will never be shared with others, and will only be granted to operations, IT, and finance staff at the Linux Foundation. | ||||||
|
There was a problem hiding this comment. Adding a "Linux Foundation" account creates an additional risk for continuity should the OpenJSF decide to rely on a different service provider at some point. There was a problem hiding this comment. the LF isn’t a service provider, it’s the parent organization as i understand it - it’s not likely to ever change. There was a problem hiding this comment. So it's somewhere in the middle, OpenJS Foundation is a separately incorporated entity but it is fully managed by the LF through a multi-year management services agreement. Many other things would need to be untangled if that ever were to change, and generally speaking from personal experience, adding the Linux Foundation accounts directly will be more operationally efficient. There was a problem hiding this comment. Centralization is always more operationally efficient. It also creates vendor lock-in (which negatively impacts an org's ability to negotiate agreements, even if intends to stay with the same vendor). As always, balancing between the two should be done on a case per case basis (it's basically a cost/benefit ratio analysis). Here, given that projects had to include the OpenJSF's GitHub account up until now, opening that up to now also include the LF's GitHub account isn't going to create any operational efficiency (unless there's a plan to deprecate the OpenJSF account down the line). |
||||||
|
|
||||||
| If you don’t know the name of the OpenJS Foundation account for a service, please contact [email protected]. | ||||||
|
|
||||||
| ## Websites | ||||||
| Digital Ocean offers free droplets to OpenJS Foundation projects, or projects can use GitHub Pages for free. Projects are solely responsible for the content and design of their websites. | ||||||
|
|
||||||
| Resources and base themes (please contribute other templates as you find them): | ||||||
| * The [Amethyst theme](https://github.com/qunitjs/jekyll-theme-amethyst) is maintained by @krinkle for use with GitHub Pages. | ||||||
|
Comment on lines
+13
to
+14
There was a problem hiding this comment. Extremely -1 on us calling out free things in this document. It devalues the non-free things that the Foundation does provide. |
||||||
|
|
||||||
| ## Servers | ||||||
| Additional servers needed to run scripts, bots, or other project applications may also be deployed on Digital Ocean. These resources are generously provided by Digital Ocean for free, so please be respectful of the arrangement and do not deploy overly intensive workloads such as CI/CD without discussion with the Foundation. Additional servers can be procured on behalf of the project pending request and budget approval. | ||||||
|
|
@@ -19,10 +22,10 @@ The OpenJS Foundation will register and manage each project’s primary domain, | |||||
| The OpenJS Foundation can either manage your DNS for you, or delegate to one of your own nameservers. This is often required if you use a CDN (see below). | ||||||
|
|
||||||
| ## SSL Certificates | ||||||
| The OpenJS Foundation will purchase 2-year wildcard SSL certs for each project's managed domains if Let's Encrypt is not an appropriate solution. | ||||||
|
|
||||||
| ## Source Control | ||||||
| By default all OpenJS Foundation projects have open source repositories in their own GitHub Organizations. The `thelinuxfoundation` admin account must be added as owner for each organization. Two-factor authentication must be required for everyone in the organization. | ||||||
|
There was a problem hiding this comment. Same concern as above. What's the argument for entangling the OpenJSF's recovery planning with the LF's? There was a problem hiding this comment. FWIW this is not the case for |
||||||
|
|
||||||
| ## Build (CI/CD) | ||||||
| Projects which require CI/CD should attempt to use solutions which are free to open source projects. Non-free options may be requested, subject to budget approval. | ||||||
|
|
@@ -33,10 +36,13 @@ Projects with a technical need for a CDN should attempt to use no-cost services | |||||
| ## Website Monitoring | ||||||
| The OpenJS Foundation can provide website downtime and performance monitoring through StatusCake or Pingdom. | ||||||
|
|
||||||
| ## Security scanning | ||||||
| The Linux Foundation offers scanning through [LFX Security](https://lfx.linuxfoundation.org/tools/security/). There is no cost for this service. | ||||||
|
|
||||||
|
Comment on lines
+39
to
+41
There was a problem hiding this comment. AFAIK this is free for anyone, and should not be included here. |
||||||
| ## Open Source Dependency Monitoring (FOSSA) | ||||||
|
There was a problem hiding this comment. We should probably drop this? Unclear, it's just a heading. |
||||||
|
|
||||||
| ## Credential Storage | ||||||
| The OpenJS Foundation can provide credential storage and sharing. Because the credentials are shared through a LastPass Enterprise account, each user only needs a free account to receive them. Managed credentials may include: | ||||||
|
There was a problem hiding this comment. Do we still use LastPass Enterprise? |
||||||
|
|
||||||
| * Usernames / Passwords | ||||||
| * Secret keys | ||||||
|
|
@@ -46,14 +52,14 @@ The OpenJS Foundation can provide credential storage and sharing through LastPas | |||||
| The OpenJS Foundation uses Groups.io for mailing lists on the openjsf.org domain. All projects are welcome to request their own lists on the @lists.openjsf.org subdomain. | ||||||
|
|
||||||
| ## Slack | ||||||
| Projects are welcome to create channels on the [OpenJS Foundation Slack](https://openjs-foundation.slack.com), or set up their own free Slack workspace. | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
|
|
||||||
| ## Zoom | ||||||
| Projects may request that standing meetings be added to the [OpenJS Foundation calendar](https://calendar.openjsf.org). The OpenJS Foundation currently has multiple Zoom accounts capable of livestreaming. Please be mindful of conflicts with other projects by requesting your meeting be scheduled on the shared calendar via email to [email protected]. | ||||||
|
There was a problem hiding this comment. This feels like it should probably be two separate points - calendar being one, streaming being another. |
||||||
|
|
||||||
| All OpenJS Foundation Zoom accounts can host up to 500 participants, and meetings can be recorded as an .mp4 for posting to a project’s YouTube channel. | ||||||
|
|
||||||
| Impact projects and At Large projects with an approved Growth Plan can request a dedicated Zoom account. | ||||||
|
|
||||||
| ## Other services | ||||||
| We recognize that some projects may have needs not addressed by the above list. For no-cost services, please let us know what you’re using at [email protected] so that we can add the service to our inventory. For services with a fee, please reach out to [email protected] to coordinate a proposal and budget request. | ||||||
|
|
||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be made a little more explicit. Especially "the LF" needs to be at the very least expanded. Ideally an email address or link to a ticketing system should be provided.