Skip to content
This repository has been archived by the owner on Jun 12, 2023. It is now read-only.

Latest commit

 

History

History
193 lines (135 loc) · 20.6 KB

MAINTAINERS.md

File metadata and controls

193 lines (135 loc) · 20.6 KB

SPIRE Maintainership Guidelines and Processes

This document captures the values, guidelines, and processes that the SPIRE project and its maintainers adhere to. All SPIRE maintainers, in their independent and individual capacity, agree to uphold and abide by the text contained herein.

This process can be changed, either permanently or as a one-time exception, through an 80% supermajority maintainer vote.

For a list of active SPIRE maintainers, please see the CODEOWNERS file.

General Governance

The SPIRE project abides by the same governance procedures as the SPIFFE project, and ultimately reports to the SPIFFE TSC the same way that the SPIFFE project and associated maintainers do.

TSC members do not track day-to-day activity in the SPIFFE/SPIRE projects, and this should be considered when deciding to raise issues to them. While the SPIFFE TSC has the ultimate say, in practice they are only engaged upon serious maintainer disagreement. To say that this would be unprecedented is an understatement.

Maintainer Responsibility

SPIRE maintainers adhere to the requirements and responsibilities set forth in the SPIFFE governance document. They further pledge the following:

  • To act in the best interest of the project at all times.
  • To ensure that project development and direction is a function of community needs.
  • To never take any action while hesitant that it is the right action to take.
  • To fulfill the responsibilities outlined in this document and its dependents.

Number of Maintainers

The SPIRE project keeps a total of five maintainer seats. This number was chosen because 1) it results in a healthy distribution of responsibility/load given the current volume of project activity, and 2) an odd number is highly desirable for dispute resolution.

We strive to keep the number of maintainers as low as is reasonably possible, given the fact that maintainers carry powerful privileges.

This section of the document can and should be updated as the above considerations fluctuate. Changes to this section of the document fall under the same requirements as other sections. When changing this section, maintainers must re-review and agree with the document in its entirety, as other guidelines (e.g. voting requirements) will likely change as a result.

Changes in Maintainership

SPIRE maintainers are appointed according to the process described in the governance document. Maintainers may voluntarily step down at any time. Unseating a maintainer against their will requires a unanimous vote with the exception of the unseated.

Unseating a maintainer is an extraordinary circumstance. A process to do so is necessary, but its use is not intended. Careful consideration should be made when voting in a new maintainer, particularly in validating that they pledge to uphold the terms of this document. To ensure that these decisions are not taken lightly, and to maintain long term project stability and foresight, no more than one maintainer can be involuntarily unseated in any given nine month period.

The CNCF MUST be notified of any changes in maintainership via the CNCF Service Desk.

Onboarding a New Maintainer

New SPIRE maintainers participate in an onboarding period during which they fulfill all code review and issue management responsibilities that are required for their role. The length of this onboarding period is variable, and is considered complete once both the existing maintainers and the candidate maintainer are comfortable with the candidate's competency in the responsibilities of maintainership. This process MUST be completed prior to the candidate being named an official SPIRE maintainer.

The onboarding period is intended to ensure that the to-be-appointed maintainer is able/willing to take on the time requirements, familiar with SPIRE core logic and concepts, understands the overall system architecture and interactions that comprise it, and is able to work well with both the existing maintainers and the community.

Change Review and Disagreements

The SPIRE project abides by the same change review process as the SPIFFE project, unless otherwise specified.

The exact definition/difference between "major" and "minor" changes is left to maintainer's discretion. Changes to particularly sensitive areas like the agent's cache manager, or the server's CA, are always good candidates for additional review. If in doubt, always ask for another review.

If there is a disagreement amongst maintainers over a contribution or proposal, a vote may be called in which a simple majority wins. If any maintainer feels that the result of this vote critically endangers the project or its users, they have the right to raise the matter to the SPIFFE TSC. If this occurs, the contribution or proposal in question MUST be frozen until the SPIFFE TSC has made a decision. Do not take this route lightly (see General Governance).

Security and Usability

SPIRE solves a complicated problem, and is developed and maintained by people with deep expertise. SPIRE maintainers must ensure that new features, log and error messages, documentation and naming choices, are all easily accessible by those who may not be very familiar with SPIFFE or authentication systems in general.

Decisions should favor "secure by default" and "it just works" anywhere possible, and in that order. The number of configurables should be minimized as much as possible, especially in cases where it's believed that many users would need to invoke it, or when their values (and extremes) could significantly affect SPIRE performance, reliability, or security.

A good measure is the "beginner" measure. A beginner should be able to easily and quickly understand the configurable/feature, and its potential uses/impacts. They should also be able to easily and quickly troubleshoot a problem when something important goes wrong - and not to mention, be clearly informed of such a condition!

Review Guidelines

The SPIFFE governance document, its section on review process, and the SPIRE contribution guidelines, must all be applied for any SPIRE review.

While reviewing, SPIRE maintainers should ask questions similar to the following:

  • Do I clearly understand the use case that this change is addressing?
  • Does the proposed change break any current user's expectations of behavior (i.e. regression)?
  • Is it possible for this change to be misconfigured? If it is, what is the impact?
  • Does the proposed change adhere to the SPIRE compatibility guarantee?
  • What are the failure modes? Can SPIRE keep running?
  • If something goes wrong, will it be clear to the operator what it was and how to fix it?
  • If this change introduces additional configurables, is it possible to replace some or all of them with a programmatic decision?

The above list is advisory, and is meant only to get the mind going.

Release and Branch Management

The SPIRE project maintains active support for both the current and the previous major versions. All active development occurs in the main branch. Version branches are used for minor releases of the previous major version when necessary.

Version Branches

When a bug is discovered in the latest release that also affects releases of the prior major version, it is necessary to backport the fix.

If it is the first time that the prior major version is receiving a backported patch, then a version branch is created to track it. The version branch is named vX.Y where X and Y are the two most significant digits in the semantic version number. Its base is the last tag present in main for the release in question. For example, if SPIRE is on version 0.9.3, and the last 0.8 release was 0.8.4, then a v0.8 branch is created with its base being the main commit tagged with v0.8.4.

Once the version branch is created, the patch is either cherry picked or backported into a PR against the version branch. The version branch is maintained via the same process as the main branch, including PR approval process etc.

Releases for the previous major version are made directly from its version branch. Ensure that the CHANGELOG is updated in both the main and the version branch to reflect the new release.

Releasing

The SPIRE release machinery is tag-driven. When the maintainers are ready to release, a tag is pushed referencing the release commit. While the CI/CD pipeline takes care of the rest, it is important to keep an eye on its progress. If an error is encountered during this process, the release is aborted.

The first two releases that a new maintainer performs must be performed under the supervision of maintainer that has already satisfied this requirement.

SPIRE releases are authorized by its maintainers. When doing so, they should carefully consider the proposed release commit. Is there confidence that the changes included do not represent a compatibility concern? Have the affected codepaths been sufficiently exercised, be it by automated test suite or manual testing? Is the maintainer free of general hesitation in releasing this commit, particularly with regards to safety and security? If the answer to any of these questions is "no", then do not release.

A simple majority vote is required to authorize a SPIRE release at a specific commit hash. If any maintainer feels that the result of this vote critically endangers the project or its users, they have the right to raise the matter to the SPIFFE TSC. If this occurs, the release in question MUST be frozen until the SPIFFE TSC has made a decision. Do not take this route lightly (see General Governance).

Checklist

This section summarizes the steps necessary to execute a SPIRE release. Unless explicitly stated, the below steps must be executed in order.

The following steps must be completed one week prior to release:

  • Ensure all changes intended to be included in the release are fully merged.
  • Identify a specific commit as the release candidate.
  • Create a draft pull request against the main branch with the updates to the CHANGELOG following these guidelines. This allows those tracking the project to have early visibility into what will be included in the upcoming release and an opportunity to provide feedback. The release date can be set as "TBD" while it is a draft.
  • Raise an issue "Release SPIRE X.Y.Z", and include the release candidate commit hash. Reference the pull request with the updates to the CHANGELOG.
  • If the current state of the main branch has diverged from the candidate commit due to other changes than the ones from the CHANGELOG:
    • If there is not a version branch for this release, create a branch following the guidelines described in Version branches.
    • Create a GitHub project named Release vX.X.X to identify the PRs that will be cherry-picked. The project should have two statuses to track the progress: one to identify the PRs to be cherry-picked and one for those that have been merged in the version branch.
    • Make sure that the version in the branch has been bumped to the version that is being released and that the upgrade integration test is updated.
    • Cherry-pick into the version branch the commits for all the changes that must be included in the release.

If this is a major release, the following steps must be completed before releasing:

  • Review and exercise all examples in spiffe.io and spire-examples repo against the release candidate hash.
  • Raise a PR for every example that updates included text and configuration to reflect current state and best practice.
    • Do not merge this PR yet. It will be updated later to use the real version pin rather than the commit hash.
    • If anything unusual is encountered during this process, a comment MUST be left on the release issue describing what was observed.

The following steps must be completed to perform a release:

  • Mark the pull request to update the CHANGELOG as "Ready for review". Make sure that it is updated with the final release date. At least two approvals from maintainers are required in order to be able to merge it. If a version branch was created for the realease, cherry-pick the final CHANGELOG changes into the version branch once they are merged.
  • If releasing from main and the current state of the main branch has diverged from the candidate commit due to just the CHANGELOG changes, the candidate commit is now the one that includes the updated CHANGELOG. If releasing from a version branch, the candidate commit is now the one that has the CHANGELOG changes cherry-picked in the branch.
  • Cut an annotated tag against the release candidate named vX.X.X, where X.X.X is the semantic version number of SPIRE.
    • The first line of the annotation should be vX.X.X followed by the CHANGELOG. There should be a newline between the version and the CHANGELOG.
  • Push the annotated tag to SPIRE, and watch the build to completion.
    • If the build fails, or anything unusual is encountered, abort the release.
      • Ensure that the GitHub release, container images, and release artifacts are deleted/rolled back if necessary.
  • Visit the releases page on GitHub, copy the release notes, click edit and paste them back in. This works around a GitHub rendering bug that you will notice before completing this task.
  • Close the GitHub project created to track the release process.
  • Open and merge a PR to bump the SPIRE version to the next projected version and update the upgrade integration test.
    • For example, after releasing 0.10.0, update the version to 0.10.1, since it is more likely to be released before 0.11.0.
    • Ideally, this is the first commit merged following the release.

If this is a major release, the following steps must be completed no later than one week after the release:

  • PRs to update spiffe.io and spire-examples repo to the latest major version must be merged.
    • Ensure that the PRs have been updated to use the version tag instead of the commit sha.
  • Broadcast news of release to the community via available means: SPIFFE Slack, Twitter, etc.

Community Interaction and Presence

Maintainers represent the front line of SPIFFE and SPIRE community engagement. They are the ones interacting with end users on issues, and with contributors on their PRs.

SPIRE maintainers must make themselves available to the community. It is critical that maintainers engage in this capacity - for understanding user needs and pains, for ensuring success in project adoption and deployment, and to close feedback loops on recently-introduced changes or features... to name a few.

PR and Issue management/response is a critical responsibility for all SPIRE maintainers. In addition, maintainers should, whenever possible:

  • Be generally available on the SPIFFE Slack, and engage in questions/conversations raised in the #help and #spire channels.
  • Attend SPIFFE/SPIRE community events (physically or virtually).
  • Present SPIFFE/SPIRE at meetups and industry conferences.

Communication Values

SPIRE maintainers always engage in a respectful and constructive manner, and always follow the SPIFFE Code of Conduct.

It is very important for maintainers to understand that contributions are generally acts of generosity, whether it be creating an issue or sending a pull request. It takes time to do these things. In the vast majority of cases, the motivating factor for taking the time to do this is either to improve the quality of the project for others, or to enable the project to (more easily?) solve a problem that it could not previously. Both of these factors are positive.

Considering the above, optimism and friendliness should be liberally applied to all PR/Issue responses. End users and contributors likely mean their best, and are likely trying their best. It is important to work with them - understand their problem or goal, and constructively work towards a mutually beneficial solution.

This is a very important aspect of SPIRE maintainership. Adoption and contribution decisions are often made on the basis of the attitude (and timeliness) of maintainer responses. This applies not just to GitHub PRs and Issues, but also to the Slack channel and community events. Discouraging or disparaging speech in any arena, like that described in the code of conduct, is unacceptable whether it be intentional or unintentional.

Product Management and Roadmap Curation

In addition to the maintainer seats, the SPIRE project designates one product manager seat. While maintainers strive to ensure that project development and direction is a function of community needs, and interact with end users and contributors on a daily basis, the product manager works to clarify user needs by gathering additional information and context. This includes, but is not limited to, conducting user research and field testing to better inform maintainers, and communicating project development information to the community.

Maintainers are expected to have heavy participation in the community, but it may be impractical to dedicate themselves to gathering and analyzing community feedback and end-user pain points. Based on data collection, the role of the product manager is intended to aid maintainers to validate the desirability, feasibility, and viability of efforts to help drive project direction and priorities in long term planning.

The role has three primary areas of focus: roadmap management and curation (to ensure the project direction is representative of the community's needs), program management (to help the project deliver on its strategy and meet its intended outcomes), and project management (to align day-to-day activities to meet the SPIRE project requirements).

The product manager must:

  • Work with the maintainers to continually ensure a high-quality release of the projects including owning project management, issue triage and identifying all features in the current release cycle.
  • Regularly attend maintainer sync calls.
  • Participate actively in Request for Comments and feature proposal processes.
  • Track feature development and ongoing community undertakings.
  • Coordinate changes that result from new work across the larger project and provide clarity on the acceptance, prioritization and timeline for all workstreams and efforts.
  • Communicate major decisions involving release planning to the developer and end user communities through the project media, communication channels, and community events.
  • Manage the relationship between SPIFFE/SPIRE and the CNCF.
  • Support the marketing and promotion of the SPIFFE and SPIRE project through the CNCF with the objective to foster a more secure cloud native ecosystem.
  • Coordinate and facilitate discussions on policy review and changes with the TSC.

The product manager makes the same pledge as maintainers do to act in the best interest at all times and its seat follows the same change guidelines as maintainer seats as described in the governance document. Unseating a product manager against their will requires a unanimous vote by the maintainers.

Community Facilitation and Outreach

The project designates a community chair to work with the product manager seat to focus on growing awareness of the project and increasing community engagement. In this role, the community chair is responsible for community outreach and outbound communication.

The responsibilities of the community chair are as follows:

  • Maintain, share with the community and execute a plan for proposed marketing and community outreach activities every release cycle.
  • Coordinate and facilitate community events (online and in-person).
  • Maintain and manage the spiffe.io website, ensuring that it stays available and up-to-date.
  • Coordinate social media communications.
  • Ensure that all community events and meetings are recorded, and make the recordings available and discoverable on YouTube.
  • Ensure that all community meeting notes, discussions, and designs are easily discoverable on Google Docs.
  • Encourage use of project official channels for all technical and non-technical discussions.
  • Periodically communicate marketing and community activity to maintainers and the TSC
  • Protect the privacy and confidentiality of non-public community information, including personal contact information such as email addresses and phone numbers.
  • Onboard contributors and welcome them into the community.