Skip to content

Migrate mkinitcpio-nfs-utils

Procedure for adding an official project to GitLab

Details

New repo checklist

If you want to add a new official project, here are some guidelines to follow:

  1. Evaluate whether the project can sit in the official GitLab Arch Linux group or whether it needs its own group. It only needs its own group if the primary development group is somehow detached from Arch Linux and only losely related (for instance: pacman)
    Moved to the mkinitcpio group
  2. After project creation (use the GitLab import function if you migrate a repo), add the responsible people to the project in the Members page (https://gitlab.archlinux.org/archlinux/my-example/-/project_members) and give them the Developer role. The idea is to let these people mostly manage their own project while not giving them enough permissions to be able to misconfigure the project.
  3. If mirroring to github.com is desired, work through the GitHub.com mirroring checklist below and then return to this one. (not relevant)
  4. If the project needs a secure runner to build trusted artifacts, coordinate with the rest of the DevOps team and if found to be reasonable, assign a secure runner to a protected branch of the project. (not relevant)
  5. If a secure runner is used, create an MR to make sure the project's .gitlab-ci.yml specifies tags: secure. (not relevant)
  6. Make sure that the Push Rules in https://gitlab.archlinux.org/archlinux/arch-boxes/-/settings/repository reflect these values:
    • Committer restriction: on
    • Reject unsigned commits: on
    • Do not allow users to remove tags with git push: on
    • Check whether author is a gitlab user: on
    • Prevent committing secrets to git: on
    • All of these should be activated by default as per group rules but it's good to check.
  7. The Protected Branches in https://gitlab.archlinux.org/archlinux/my-example/-/settings/repository should specify Allowed to merge and Allowed to push as Developers + Maintainers.
  8. Disable unneeded project features under Visibility, project features, permissions (https://gitlab.archlinux.org/archlinux/my-example/edit)
    Always:
    • Users can request access: off
      Often, but not always:
    • Repository -> Container registry
    • Repository -> Git Large File Storage (LFS)
    • Repository -> Packages
    • Analytics
    • Requirements
    • Security & Compliance
    • Wiki
    • Operations
Edited by Kristian Klausen
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information