Administration

Security

To be administrator you must have 2FA enabled on accounts that give you access to DSC Community resources, for example your GitHub account and the account that access DSC Community Azure DevOps organization.

GitHub

Create GitHub organization Team

Repository Maintainer Team

Each repository that is created in a DSC Community GitHub organization should have at least one team for maintainers. This team should be a child team of the GitHub organization team Maintainers.

  1. Browse to https://github.com/orgs/dsccommunity/teams/maintainers/teams.
  2. Click on Add a team.
  3. In the search box, write the repository name and then click Create team.
  4. In the new team dialog:
    • In the field Team name write the repository name, e.g. PasswordPolicyDsc.
    • In the Description field write the repository name followed by the word “Maintainers”, e.g. PasswordPolicyDsc Maintainers.
    • Make sure the Parent team is set to Maintainers and Team visibility is set to Visible.
  5. Click Create team.
  6. When the team is created, click on the Members tab.

You should see yourself as a member since you created the team. Continue with the section Add members to an organization team.

Add members to an organization team
  1. Browse to the team you want to add a member to; https://github.com/orgs/dsccommunity/teams/{repository_name}/members
  2. Click on Add a member to invite a new member to the Team.
  3. If the member becomes a maintainer of a DSC module then also update the Maintainers section for the DSC Community site.

Create GitHub repository

To create a new GitHub repository in the DSC Community organization, browse to https://github.com/dsccommunity and click on New.

All repositories should always be added with MIT licensing.

NOTE: To be able create repositories you must be an owner of the GitHub DSC Community organization. See GitHub DSC Community organizational owners.

Connect a GitHub organization team to a repository

Each repository should have a DSC Community GitHub organization team connected to it to easily manage maintainers. See the section Repository Maintainer Team on how to create this team.

  1. Browse to repository access page: https://github.com/dsccommunity/{repository_name}/settings/access.
  2. Click on Invite teams or people.
  3. In the searchbox write the repository name, e.g. PasswordPolicyDsc.
  4. Click on the organization team name to add it (the team name shows as dsccommunity/passwordpolicydsc)
  5. Choose the correct role for the team. The repository Maintainer team should have Admin as the role.

Azure DevOps organization

DSC Community has its own Azure DevOps Organization; https://dev.azure.com/dsccommunity/.

Create Azure DevOps project

Always create an Azure DevOps project with the same name as the GitHub repository.

NOTE: To be able to do this you need to be a member of the Azure DevOps group Project Collection Administrators.

  1. Create a new project at https://dev.azure.com/dsccommunity/ with the same name as the GitHub repository name, make sure to set visibility to public.

Add maintainer as a stakeholder

Stakeholders are always added in the Azure DevOps organization level, not directly on the Azure DevOps project.

You will need either the users Azure Active Directory-account, personal Microsoft-account, or GitHub account. Read more in the article Add users to your organization or project.

The Azure DevOps project should be created before adding stakeholders (maintainers) to the Azure DevOps organization (so that you can connect the project to the maintainer directly).

  1. Add (invite) a stakeholder by going to the Azure DevOps Organization Users, and click on Add user.

  2. Add the maintainer as a stakeholder, add one or more projects, then add the maintainer as member of the Azure DevOps project group Project Contributors.

  3. Make sure to have checked the Send email invites so that the maintainer gets the invite and are able to join.

    Azure DevOps Organization Add User

NOTE: To be able to do this you need to have sufficient privileges in the Azure DevOps Organization. If not then contact @gaelcolas on the Slack #DSC channel and provide him with the e-mail or account (see above) the maintainer has, and the Azure DevOps project the maintainer should have access too.

Create pipeline in Azure Pipelines

Prior to doing this, make sure that the working branch was pushed to the upstream repository since you need to have access to the file azure-pipelines.yml in the next step.

  1. In the new project under Pipelines, create a new pipeline and choose GitHub as where the source resides
    1. Under My repositories in the drop-down choose All repositories.
    2. Choose the the upstream repository, e.g. dsccommunity/SqlServerDsc.
  2. Choose Existing Azure Pipelines YAML file and then to choose the file azure-pipelines.yml by browsing the branch you just pushed above. Then on the box that says Run, instead just choose Save in the drop-down list.
Add access tokens to an Azure Pipeline
  1. Browse to the pipeline, then click Edit.
  2. When viewing the YAML file, click on Variables
  3. Add these two variables.
    • GitHubToken - This should have the value of the GitHub repository Personal Access Token (PAT)
    • GalleryApiToken - This should have the value of the PowerShell Gallery API key

Create the GitHub Personal Access Token (PAT)

The Personal Access Token (PAT) that is used by the pipeline is from the @dscbot account (the DSC Community GitHub account).

Log in to the @dscbot account and from there take out a Personal Access Token.

Permissions for the PAT:

  • repo
  • delete:packages
  • read:packages
  • write:packages

Personal Access Token (PAT) expire after 12 months from creation, so every 12 months the PAT must be renewed.

NOTE: There can only be one holder of the DSC Community GitHub account since it is (obviously) using 2FA. Currently the account holder is @johlju.

The DSC Community PowerShell Gallery API key used by the pipeline is created per package so that each key can only publish new version of that specific package.

NOTE: There can only be one holder of the DSC Community PowerShell Gallery account since it is (obviously) using 2FA. Currently the account holder is @gaelcolas.

Add or remove a DSC Community committee member

The steps that should be taken when a new committee member should be added.

  1. Update the page DSC Community Committee.
  2. Update the DSC Community GitHub organization team Committee.
  3. Update the DSC Community Azure DevOps organization group Admins under the organizational permissions.

Updated on 17 Jan 2020