Name		Name	Last commit message	Last commit date
parent directory ..
committee-code-of-conduct		committee-code-of-conduct
committee-oversight		committee-oversight
committee-steering		committee-steering
committee-trademark		committee-trademark
fake		fake
wg-productivity		wg-productivity
wg-security		wg-security
Makefile		Makefile
OWNERS		OWNERS
README.md		README.md
client.go		client.go
config.yaml		config.yaml
go.mod		go.mod
go.sum		go.sum
groups.yaml		groups.yaml
groups_test.go		groups_test.go
reconcile.go		reconcile.go
reconcile_test.go		reconcile_test.go
restrictions.yaml		restrictions.yaml
service.go		service.go
service_test.go		service_test.go

README.md

Automation of Google Groups maintenance for `knative.team`

Making changes
Manual deploy

Making changes

Edit your WGs's groups.yaml, e.g. [wg-security/groups.yaml][/groups/wg-security/groups.yaml]
If adding or removing a group, edit [restrictions.yaml] to add or remove the group name
Use make test to ensure the changes meet conventions
Open a pull request
When the pull request merges, the post-k8sio-groups job will deploy the changes

The project name has a max length of 18 characters.

Manual deploy

Must be run by someone who is a member of the [email protected] group
Run gcloud auth application-default login to login
Use make run to dry run the changes
Use make run -- --confirm if the changes suggested in the previous step looks good

How does this work?

The groups are managed with the Google Admin SDK Groups API
Google has a process called Domain Wide Delegation(DWD) that allows a Google Service Account to impersonate a google workspace user. https://developers.google.com/admin-sdk/directory/v1/guides/delegation
Configuring DWD is one time process as long as the Google Service Account impersonating is not deleted.