Skip to content

Community Duty Tasks

Jump to bottom
Josh Cummings edited this page Feb 18, 2025 · 5 revisions

Tasks 🪑

One day each week, each contributor should do the following:

Triage Issues

To triage an issue, search for the label status: waiting-for-triage and follow these steps.

If it's something you feel like you cannot triage, assign it to another team member who you feel can.

Otherwise, do the following:

  1. Assign the ticket to yourself.
  2. If the ticket appears to be accidental, incomplete, or not following our code of conduct, close the issue with status: invalid (i.e. a 400 error). As needed, explain why it was marked as invalid in a comment.
  3. Label the issue with the appropriate in: xyz label.
  4. Correct any incorrect labels.
  5. If it's a duplicate, label it as a status: duplicate and close the issue with a comment linking to the issue.
  6. If it's a question, label it as type: stackoverflow, and close with a comment inviting them to use StackOverflow

(If a feature is brand new, still consider answering the question. The reason for this is that the likelihood that it is a bug or a much-needed feature is higher and so it is worth it to allow those questions as an exception to the rule.)

If it's a type: bug, also do the following:

  1. Consider the urgency of the issue:
  • Does it affect many users? ⬆️
  • Has it been around for a long time and we are just hearing about it now? ⬇️
  • Is it part of a new feature? ⬆️
  • Is there an easy workaround? ⬇️
  1. Reproduce it. If you don't have enough information, ask and label with status: waiting-for-feedback.
  2. If not a bug, label with status: declined.
  3. If a high-urgency bug, assign to the next patch release of the earliest supported version.
  4. If a low-urgency bug, assign to the earliest supported .x milestone.
  5. Develop a workaround and post it as a comment.
  6. If an ideal-for-contribution bug, label it as status: ideal-for-contribution and invite the poster to contribute
  7. Add any additional needed explanation in a comment.
  8. If at this point the bug is addressed, close it.

If it's a type: enhancement, do the following:

  1. Evaluate it. If you don't have enough information, ask and label with status: waiting-for-feedback.
  2. If you disagree, mark the ticket as status: declined.
  3. If you agree, assign the appropriate milestone; either "General Backlog" or the next .x generation where it will fit. You might remind the contributor that tickets with votes usually happen before tickets that don't.
  4. For an ideal-for-contribution feature, label it as status: ideal-for-contribution and invite the poster to contribute.
  5. Add any additional needed explanation in a comment.
  6. If at this point the feature is addressed, close it.

At this point, also remove the status: waiting-for-triage label. If there is more work to be done and you want to do it, leave it assigned to yourself; otherwise, unassign.

Respond to Issues

Look for unassigned status: feedback-provided issues and follow the same steps as Triage Issues.

Triage Dependabot PRs

For each Dependabot PR, investigate why it failed to merge and address the issue, ensuring that the upgrade gets performed. If upgrading is impossible, add those details to the ticket.

Triage Contributed PRs

For each contributed PR:

  1. Follow the same rules as Triage Issues.
  2. If ready to merge, merge the PR. These are usually unassigned PRs where any requested changes have been approved and the issue has a concrete milestone and not just a .x milestone.
  3. If there is an issue linked to the PR, close the issue, mark it as status: duplicate, and include some comment like Superceded by {the PR number}.
  4. If it is a simple PR, like a typo, an obvious fix, a formatting or naming convention improvement or the like, ready it for merging.

Answer Questions on StackOverflow

  1. Search for questions on StackOverflow with the tags spring-security, spring-session, spring-security-oauth, spring-authorization-server, and spring-ldap. You might also search for those with spring-boot that also mention security.
  2. As part of your answer, if there is an improvement that can be made to Spring Security that this question uncovers, open an issue or provide the improvement. An common example is the need for clearer documentation.

Triage Commercial Dependabot PRs

For each PR, do the same as Triage Dependabot PRs.

Check the spring-security Chat Channels

  1. Check the internal channel and either answer questions or ping the right person.
  2. Check the gitter channel and either answer questions or ping the right person.

Schedule 📆

The current schedule is:

Clone this wiki locally