Corobo Integration,Security and Enhancements.

[sladyn98]

Potential Mentor: @nvzard @Vamshi99
Integration

1. Corobo can be used to display the status of the Continuous Integration services on the private chatroom in gitter and display the SPF (Single Point of Failure) on the chat.
   Rebuild CIs using corobo corobo#190.
2. Leverage of corobo's current architecture to build commits from the chat itself:
   corobo rebuild travis|circle|appveyor <PR number>.
3. Display status of builds of current PR numbers using fixed commands:
   corobo status travis|circle|appveyor <PR number>.
4. Suggestion of newcomer issues for ease of selection.

Security

1. We could possible seperate out the major modules of corobo as different microservices which could avoid the single point of failure that corobo is so exposed to right now.

Implementation Details:
Trigger Travis CI builds using the API V3 by sending a POST request to /repo/{slug|id}/requests:
This can be leveraged in building the project.

[jayvdb]

This is an odd assortment of issues. Please provide more clarity on the goal of the project proposal.

Random features are not a GSoC project.

[sladyn98]

Okay I will try and compile a more fixed goal.The main goal of the project was the improvement of corobo so should I focus on only one aspect like integration. Should I resubmit the form or just make the project description more clear

…

On Sun, Nov 11, 2018, 7:26 AM John Vandenberg ***@***.*** wrote: This is an odd assortment of issues. Please provide more clarity on the goal of the project proposal. Random features are not a GSoC project. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#688 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AbgGHqgflPNY66gcqZgDfU_yCGl1qoGUks5ut4O7gaJpZM4YS9xc> .

[jayvdb]

Add more comments here, and discuss with potential mentors on gitter.

[sladyn98]

Can you suggest any potential mentors or any feedback?

[jayvdb]

You should be able to determine who the potential mentors are. If not, you have not done enough work on developing your idea.

[sladyn98]

As per his consent and agreement I have tagged @nvzard as a potential mentor for this project.

[nvzard]

Possible ideas. Maybe these implementations plus ideas by students can be a potential project.
cc @meetmangukiya @Vamshi99

• Listen for org invite acceptance and provide more info - Listen for org invite acceptance and provide more info corobo#480
• Implement protocol to eliminate fishy accounts by disabling corobo for them.
• Adapt LabHub plugin to use the most recent release of iGitt.
• Deprecate use of github3 and migrate plugins to use iGitt.
• Implement better configuration and eliminate the use of environment variables - [Poll]: Configuration of corobo corobo#574 (comment) Maybe set-up configuration using Python's built-in ConfigParser.
• Implement/Modify plugins to make handling of events like GCI/GSoC easy.
• Find a way to handle a person with a different GitHub and GitLab usernames.
• Congratulate people who have their first commit merged corobo#173 Congratulate people who have their first commit merged.
• Try to handle other backends, mainly Zulip
• Currently the use of DefaultConfigMixin is not the best solution for configuration. We'll need a solution so that other orgs won't need the Mixin while configuring their plugins. Convince at least 1 other org to use corobo in their chat room.
• Document complete setup and testing of corobo. Possibly make a setup video for newcomers to easily set up the bot.
• corobo Usage Stats corobo#311 corobo Usage Stats
• Delay loading GitHub org member list corobo#388 Delay loading GitHub org member list
• Allow short and partial issue/PR URIs corobo#350 Allow short and partial issue/PR URIs
• Vote plugin corobo#38 Vote plugin

[sladyn98]

• Delegated authentication so that users can open issues via their own username ,perhaps we would need to store their personal access tokens or either make corobo an Oauth Application. Would need your thoughts on it..
  @nvzard @Vamshi99 @meetmangukiya

[sladyn98]

@nvzard When opening an issue on the projects page could you separate it into security features and enhancements.

[sladyn98]

@abhishalya your inputs would be highly valuable as well 👍

[meetmangukiya]

What are the upsides of doing this? Just because the user who opened the issue becomes the owner of the issue..? Not a good enough reason to implement the whole OAuth flow, and if it is through personal access tokens, I guess those maybe possible, but those are more manual steps on user sides and not such a good UX. Anyways, we still need a good enough reason to do this I guess.

[sladyn98]

cc : @Makman2 @nvzard @Vamshi99
Security Hardening:
a) Make the ACL plugin more extensible allowing custom acess control features.
b) Diabling autoinvite instead placing invites in a queue for maintainers to approve.
c) Many of the commands have a low test coverage, maximising test coverage for them
Enhancements:
(IGITT Enhancements)
a) Adapt LabHub plugin to use the most recent release of iGitt.
b) Deprecate use of github3 and migrate plugins to use iGitt.
(GCI Improvements)
During the period of GCI, we need to block assignments of all “area/gci initiative” tagged issues from all coala repos.

1. We need to create a new team called “GCI members” and invite all GCI students.
2. Then, grant access of assignments of “area/gci initiative” tagged issues to GCI members team
3. create a new plugin “current event”, which mentions the current event going on

Features:
a) Find a way to handle a person with a different GitHub and GitLab usernames.
b) Running auto builds on travis ci and checking their status on github via a status CI #PRnumber
c) Vote Plugin
d) Command for low effort questions coala/corobo#314
e) Corobo stats plugin to show how cool out bot is :P