PyCQA
bot to automate adding team members
A heroku like bot to add team members
The reality we all have to accept here is that Microsoft/GitHub aren't catering their badges to open source organizations like ours. We really are abnormal to them. This is why they broke the ability for team maintainers to invite people to the team on behalf of the org. It's because organizations are really "corporations" as far as they're concerned. They won't fix that or introduce a permission for it, so it means that while I'm not the only person who can invite folks here, I'm the only one who does that work.
Originally posted by @sigmavirus24 in https://github.com/PyCQA/meta/issues/39#issuecomment-685776006
So the only bots I'm aware of are ones like jazzband use which indiscriminately add people to the org. If there's a way to have it require approval from someone already in the org whose trying to do the invite, that'd be nicer. I've had people email me privately to be added to the org for their resume even though they don't work on projects and have never bothered contributing
@sigmavirus24 if gitlab is better for this, then should I move PyCQA/modernize there?
I don't recall if gitlab's any better. I'm open to automation to do this, I just have specific thoughts about how it should work. Gitlab's been making weird choices lately too that cater entirely to the 'Enterprise'
If there's a way to have it require approval from someone already in the org whose trying to do the invite, that'd be nicer.
There could be a members list in this repo, and PRs to change it with upvote/downvote from existing members
@sigmavirus24 I'm reminded of the github project a while ago that had a bash script that ran daily and merged any positively voted PRs. Because the script had full access to the repository API key on the default branch this effectively democratised all automation.
It rapidly descended into chaos, but it might work for invite-only
edit: https://news.ycombinator.com/item?id=14399610 here it is, it's "dead" now though
heh. There are many bots that do stuff like that. That said, I'm not even sure upvote/downvote would need to happen so long as folks approve/merge the PR. I'm thinking team maintainers would get added to a team that can read/write on the access control repo. Means that one person sends the PR to invite someone, and another person approves and either of them merge it.
There's https://probot.github.io/apps/settings/ which maybe relevant.
That seems to focus on per-repository configuration. I've built GitHub Apps in the past, it shouldn't be too terrible to do this. I just don't have the time to do it.
something like this, but the opposite: https://probot.github.io/apps/remove-outside-collaborators/
@sigmavirus24 I think this is a good fit: https://github.com/erickzhao/invite-contributors
It will invite anyone who gets a PR merged into a pycqa repository to the pycqa org
it's a bit of a looser than my proposal but fits this part of the spec:
've had people email me privately to be added to the org for their resume even though they don't work on projects and have never bothered contributing
I'm not sure what permissions a user in the organization but not in any teams has, I think it's None, and they get a neat badge on their profile
@sigmavirus24 I think this is a good fit: https://github.com/erickzhao/invite-contributors
It will invite anyone who gets a PR merged into a pycqa repository to the pycqa org
it's a bit of a looser than my proposal but fits this part of the spec:
've had people email me privately to be added to the org for their resume even though they don't work on projects and have never bothered contributing
This could actually work to automate adding people to the org. However, it means that each team will have its corresponding repository (for eg a repository called team-pydocstyle-dev with the appropriate .github/invite-contributors.yml) and PRs to the repository can be something like adding your name to the Readme and it should only be merged in if we want to invite them to the team. It would've been great if this worked on some folder level and we could instead use the meta repo to manage this. I don't think it will be a lot of trouble to adapt this bot to do this and I can take a shot at it this weekend.
Related: this is the bot that powers the @python-trio org — https://github.com/python-trio/snekomatic. Nathaniel made it like 5+ years ago. It is made to auto-invite people right when their first contributions are merged.
