per the recent discussion around the moderation team and importing/exporting the blocklist across our three orgs (nodejs, pkgjs, and nodejs-private), I went ahead and built out a GitHub Action that allows us to import blocklists from one organization to another organization. In practice, this means that if someone is blocked in the nodejs org, that block can be imported to the other organizations automatically (presumably on a cron or manual run of the Action, rather than being directly triggered by the block event).
You can find the code in cutenode/action-import-blocklist. Implementing it requires a PAT from an account (presumably, in our case, the Node.js bot account) that has the full admin:org permissions, which is required by the GitHub API.
@nodejs/tsc @nodejs/actions want to get feedback on this. My proposal:
- implement syncing to
pkgjs and nodejs-private by setting up .github repositories in both and adding workflows. I'm happy to help with this, but it's pretty trivial.
- alternatively, implement syncing by setting up a
.github repo in the nodejs org, allowing us to have control within the project of where our blocklist is being exported to and not providing admin:org tokens to those orgs (pkgjs is notably more permissive).
questions I have:
- currently, the Action uses
console.log() to output what's happening. This does include usernames. Is this okay, or would we want to omit those?
- I'd prefer to move the action to a project-owned organization. Does this belong under
nodejs or under pkgjs?
per the recent discussion around the moderation team and importing/exporting the blocklist across our three orgs (nodejs, pkgjs, and nodejs-private), I went ahead and built out a GitHub Action that allows us to import blocklists from one organization to another organization. In practice, this means that if someone is blocked in the
nodejsorg, that block can be imported to the other organizations automatically (presumably on a cron or manual run of the Action, rather than being directly triggered by the block event).You can find the code in cutenode/action-import-blocklist. Implementing it requires a PAT from an account (presumably, in our case, the Node.js bot account) that has the full
admin:orgpermissions, which is required by the GitHub API.@nodejs/tsc @nodejs/actions want to get feedback on this. My proposal:
pkgjsandnodejs-privateby setting up.githubrepositories in both and adding workflows. I'm happy to help with this, but it's pretty trivial..githubrepo in thenodejsorg, allowing us to have control within the project of where our blocklist is being exported to and not providingadmin:orgtokens to those orgs (pkgjs is notably more permissive).questions I have:
console.log()to output what's happening. This does include usernames. Is this okay, or would we want to omit those?nodejsor underpkgjs?