Contrib.social

Streamline Git Access Agreement/username assignment

Open on Drupal.org →
Created on 26 August 2021, almost 3 years ago
Updated 6 March 2024, 4 months ago

Problem/Motivation

Imagine the scenario:

  • You can now create an account on d.o with your GitLab.com credentials
  • Someone swings by to open a PR on some module in Contrib
  • They get to the repository in our GitLab instance - click create account
  • Get redirected/popup for SSO D.O account creation

Today:

  • They have to create a separate d.o account without an sso/social sign on kickstarting the profile
  • They have to verify email
  • They have to find the git access section of their profile
  • They have to accept separate terms and conditions
  • They have to set a git username
  • They (optionally) have to provide an ssh key

How minimal could we make that account creation friction so that when we redirect them back to that repo they can immediately start on that PR?

Proposed resolution

After some investigation of GitLab features, we believe we have a fairly straightforward solution - use the GitLab ToS feature itself:

  • Turn on the Terms of Service acceptance feature of GitLab itself, and populate with the Git Terms of Service .
  • This requires any user, new or existing, to accept the terms of service before they can use the GitLab UI
  • Today, Drupal.org users are not granted GitLab accounts until after they have accepted the terms of service. Under this model, we can't use that as a trigger to create the account. Instead, we may want to provision the GitLab account once the user has become 'confirmed'.
    • Note also: today you can comment on issues without accepting Git ToS - but once all issues are on GitLab you will need a GitLab account to comment, and will therefore also have to accept git terms.
  • If we use GitLab’s ToS functionality, we need to have all the bots agree to it, particularly https://git.drupalcode.org/drupalbot, also Tugboat.

Remaining tasks

Some information to validate this plan:

  • Done:
  • Verify whether this requires users to accept before interacting with GitLab on the command line - people will see this message and not have access
    $ git ls-remote git@gitlabstg1-aws.drupalsystems.org:project/drupalorg.git
remote:
remote: ========================================================================
remote:
remote: You (@drumm) must accept the Terms of Service in order to perform this action. To accept these terms, please access GitLab from a web browser at https://git.code-staging.devdrupal.org.
remote:
remote: ========================================================================
remote:
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
  • Verify what happens if someone doesn't ever accept the ToS - what should happen, they simply cannot access GitLab or git.drupalcode.org via command line git
  • Verify whether any non-GitLab operations depend on knowing a users Git ToS acceptance state
    • In the transitional state before issues are on GitLab, we need to see how this affects things like 'granting access' to issue forks and MRs from the issue queue buttons, for example
    • Looks like for everyone else, it is a regular GitLab user account, they can be made maintainers, etc

Then need to implement:

  • Enable ToS in GitLab
  • Remove separate Git ToS checkbox on D.O profiles

Approvals

User interface changes

  • Removal of Git ToS from Drupal.org user profile

Notes from #GitLab Initiative meeting

3️⃣ Next steps: A 'quick win' was proposed to unify the git access agreement with the regular terms of service - we can discuss here EDIT: Needs issue created for this thread (edited) 

Deployment

Feature request
Status

Fixed

Version

3.0

Component

GitLab integration

Created by

🇺🇸United States hestenet Portland, OR 🇺🇸

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 4 months ago
    🇺🇸United States drumm NY, US

    Updating TODOs about how GitLab accounts behave

    Looks like for everyone else, a ToS non-agreed account is a regular GitLab user account, they can be made maintainers, etc

    For new users, command line Git access is irrelevant, they won't be able to add an SSH key or set up access tokens until they have agreed. Need to see how it does for existing accounts when ToS is enforced.

  • Comment 4 months ago
    🇺🇸United States drumm NY, US

    For command-line access, people will see:

    $ git ls-remote git@gitlabstg1-aws.drupalsystems.org:project/drupalorg.git
remote:
remote: ========================================================================
remote:
remote: You (@drumm) must accept the Terms of Service in order to perform this action. To accept these terms, please access GitLab from a web browser at https://git.code-staging.devdrupal.org.
remote:
remote: ========================================================================
remote:
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

    So we will want to do a decent amount of communication about this upcoming change since it will be a little disruptive.

  • Merge request !229Remove Git access agreement, and set up GitLab account immediately when possible → (Merged) created by drumm
  • Status changed to Needs review 4 months ago
  • Comment 4 months ago
    🇺🇸United States drumm NY, US

    Adding deployment notes

  • Pipeline finished with Skipped
    4 months ago
    #100997
  • Pipeline finished with Skipped
    4 months ago
    #100999
  • Comment 4 months ago
    System Message
    • drumm committed 34fd146c on 7.x-3.x 
      Issue #3230072: Remove Git ToS acceptance, GitLab will take over, and...
  • Status changed to Fixed 4 months ago
  • Comment 4 months ago
    🇺🇸United States drumm NY, US
  • Comment 4 months ago
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024