a8n: Status of Automation RFCs

Created by: mrnugget

Overview

RFCs that are implemented completely:

• RFC 28: Campaign Management for 3.8 milestone (subset of RFC 20) ✅
• RFC 42: Find and replace code across multiple repositories using Comby ✅

RFCs not implemented completely, or not fully planned yet, or currently WIP:

• RFC 20: Monitoring existing campaigns 🍽 Leftovers!
• RFC 36: Campaign Creation (public milestone, splitted up into multiple technical milestones) 🏃 Meta RFC
• RFC 73: Campaigns to find and remove credentials 🏃 WIP

RFC 20: Monitoring existing campaigns

We already show open/merged/close & review status of changesets, but what's missing:

• Show commit statuses status of all changesets in the campaign #7093 (closed)
• Show comments of all changesets in campaign #7548 (closed)
• Show labels of all changesets in campaign #7549 (closed)
• Querying/filtering by all of those criteria (including open/merged/close & review status) #7550 (closed)
• Show combined event timeline from all threads, with PR/issue comments #7551 (closed)
• Shows the set of participant users involved in the campaign #7552 (closed)

We have a campaign overview, but it doesn't show progress and it's not filterable by namespaces, that means, this is missing:

• An overall campaign list shows all active campaigns (globally, and for a specific namespace) and some indication of their progress #7553 (closed)

RFC 36: Campaign Creation

This RFC is special, because it's a "meta RFC" that constitutes a public milestone, and will result in multiple technical milestones that are written down as RFCs themselves.

It's already split up into RFC 42 and RFC 73.

In regards to "implementation status" that means we haven't planned to be finished with RFC yet.

But out of the things in the RFC that we haven't planned/implemented yet, there are notable ones that touch the things we've already built:

• ✅ Campaigns can be closed. After a campaign is closed, any user visiting the campaign will be prompted to close all changesets in the campaign if any are open. Upon clicking this button, all of those changesets will be closed on the code host. https://github.com/sourcegraph/sourcegraph/issues/7082
• When updating a campaign (i.e. changing the plan so that a new diff will be computed), users can see a preview of the delta for existing changesets and new changesets. RFC 95
• 🏃 A campaign can be created as a "draft". https://github.com/sourcegraph/sourcegraph/issues/7217

Then there are the things we haven't planned yet and that are "orthogonal" to what we've built:

• Updating Ruby gem dependency #7557 (closed)
• Upgrading Guava in a Gradle project and rewriting call sites using Comby syntax #7558 (closed)
• Permission model #7559 (closed)

RFC 73: Campaigns to find and remove credentials

We're working on this RFC in this iteration and we've finished everything up to and including the "Enhanced workflow".

Not currently planned to be implemented this iteration are all the stretch goals (see this section):

• All other token types #7561 (closed)
• Support deleting and gitignoring .npmrc files as an option instead of always just removing the portion that is a token. #7562 (closed)
• A way to automatically revoke tokens that are found (similar to GitHub's token scanning for public repositories). #7563 (closed)
• A way to include additional information about the token in the changeset description, such as when the token was created, who created it, what its scope is, where it is used, etc. This information would be helpful to assess the severity of the leak. #7564 (closed)
• A way to periodically (in the background) run this, so that it doesn't only re-scan all repositories when a user interactively visits and updates the campaign in their web browser. #7565 (closed)
• A way to detect tokens proactively (e.g., pre-push). #7566 (closed)