- Overview
- Current Maintainers
- Maintainer Responsibilities
- Becoming a Maintainer
- Removing a Maintainer
This document explains who maintainers are, what they do in various repos of opensearch-project, and how they should be doing it. If you're interested in contributing, see CONTRIBUTING.
Each repo contains a MAINTAINERS.md file that lists current maintainers, and points to this document.
Maintainers are active and visible members of the community, and have maintain-level permissions on a repository. Use those privileges to serve the community and evolve code as follows.
Model the behavior set forward by the Code of Conduct and raise any violations to other maintainers and admins.
Security is your number one priority. Maintainer's Github keys must be password protected securely and any reported security vulnerabilities are addressed before features or bugs.
Note that this repository is monitored and supported 24/7 by Amazon Security, see Reporting a Vulnerability for details.
Review pull requests regularly, comment, suggest, reject, merge and close. Accept only high quality pull-requests. Provide code reviews and guidance on incoming pull requests. Don't let PRs be stale and do your best to be helpful to contributors.
Manage labels, review issues regularly, and triage by labelling them.
All repositories in this organization have a standard set of labels, including bug
, documentation
, duplicate
, enhancement
, good first issue
, help wanted
, blocker
, invalid
, question
, wontfix
, and untriaged
, along with release labels, such as v1.0.0
, v1.1.0
, v2.0.0
, patch
, and backport
.
Use labels to target an issue or a PR for a given release, add help wanted
to good issues for new community members, and blocker
for issues that scare you or need immediate attention. Request for more information from a submitter if an issue is not clear. Create new labels as needed by the project.
There are many tools available in GitHub for controlling labels on issues and pull requests. Use standard issue templates in the ./.github/ISSUE_TEMPLATE directory to apply appropriate labels such as bug
and untriaged
. Repositories can choose to use GitHub actions such as add-untriaged.yml to apply labels automatically.
Respond to enhancement requests, and forum posts. Allocate time to reviewing and commenting on issues and conversations as they come in.
Keep the main
branch at production quality at all times. Backport features as needed. Cut release branches and tags to enable future patches.
Maintaining up-to-date dependencies on third party projects reduces the risk of security vulnerabilities. The Open Source Security Foundation (OpenSSF) recommends either dependabot or renovatebot. Both of these applications generate Pull Requests for dependency version updates.
- Renovate is integrated as part of the Remediate app in Mend for Github, which is enabled on all opensearch-project repositories. It can be enabled in the
.whitesource
configuration file as described in the Mend Remediate and Renovate documentation. The Merge Confidence feature can be configured to provide maintainers more information on the age, adoption rate, and percent test passing rate of other repositories. Mend maintains a "Dependency Dashboard" Issue in the repository with centralized information on pending version update PRs. - Dependabot is integrated with GitHub and can be enabled by adding a
dependabot.yml
file to the repo. Dependabot does not have any centralized management dashboard, so maintainers may use tags or other PR filters to track pending updates.
Ensure the repo highlights features that should be elevated to the project roadmap. Be clear about the feature’s status, priority, target version, and whether or not it should be elevated to the roadmap. Any feature that you want highlighted on the OpenSearch Roadmap should be tagged with "roadmap". The OpenSearch project-meta maintainers will highlight features tagged "roadmap" on the project wide OpenSearch Roadmap.
Add integration checks that validate pull requests and pushes to ease the burden on Pull Request reviewers.
Use and enforce semantic versioning and do not let breaking changes be made outside of major releases.
Make frequent project releases to the community.
Assist, add, and remove MAINTAINERS. Exercise good judgement, and propose high quality contributors to become co-maintainers. See Becoming a Maintainer for more information.
Make sure the repo has a well-written, accurate, and complete description. See opensearch-project/.github#38 for some helpful tips to describe your repo.
You can become a maintainer by actively contributing to any project, and being nominated by an existing maintainer.
Any current maintainer starts a private e-mail thread (until we have a better mechanism, e-mail addresses can usually be found via MAINTAINERS.md + DCO) with all other maintainers on that repository to discuss nomination using the template below. In order to be approved, at least three positive (+1) maintainer votes are necessary, and no vetoes (-1). In rare cases when there are fewer than three maintainers, the positive (+1) votes from all maintainers are required. Any disagreements can be escalated to the repo admin.
The nomination should clearly identify the person with their real name and a link to their GitHub profile, and the rationale for the nomination, with concrete example contributions.
Upon receiving at least three positive (+1) maintainer votes, and no vetoes (-1), from existing maintainers after a one week period, the nominating maintainer asks the nominee whether they might be interested in becoming a maintainer on the repository via private e-mail message.
This is great work! Based on your valuable contribution and ongoing engagement with the project, the current maintainers invite you to become a co-maintainer for this project. Please respond and let us know if you accept the invitation to become maintainer.
Individuals accept the nomination by replying, or commenting, for example "Thank you! I would love to."
Upon receiving three positive (+1) maintainer votes, and no vetoes (-1), from other maintainers, and after having privately confirmed interest with the nominee, the maintainer opens a pull request adding the proposed co-maintainer to MAINTAINERS.md. The pull request is approved and merged.
Content from the above nomination.
The maintainers have voted and agreed to this nomination.
The repo admin adjusts the new maintainer’s permissions accordingly, and merges the pull request.
Removing a maintainer is a disruptive action that the community of maintainers should not undertake lightly. There are several reasons a maintainer will be removed from the project, such as violating the code of conduct, or taking other actions that negatively impact the project.
There are plenty of reasons that might cause someone to want to take a step back or even a hiatus from a project. Existing maintainers can choose to leave the project at any time, with or without reason, by making a pull request to move themselves to the "Emeritus" section of MAINTAINERS.md, and asking an admin to remove their permissions.
Maintainer status never expires. If a maintainer becomes inactive for a time (usually several months), the repo admin may revoke maintainer level access to the repository for security reasons. A maintainer can reach out to the repo admin to get their permissions reinstated.
If the repo is left without any maintainers, either by maintainer inactivity or moving on, the repo is considered unmaintained. The repo admin will seek out new maintainers and note the maintenance status in the repo README file.
Actions that negatively impact the project will be handled by the admins, in coordination with other maintainers, in balance with the urgency of the issue. Examples would be Code of Conduct violations, deliberate harmful or malicious actions, and security risks.