Open Source Governance @ FactSet
If you are an employee at FactSet, please refer to FactSet's Open Source Code Use Policy on the corporate intranet, for details about our corporate policies with respect to Open Sourcing existing software, contributing to Open Source software during work, and contributing to Open Source software outside of work
This document is intended to capture our policies for maintaining Open Source projects under the FactSet organization on GitHub.
There are a few tasks that will need to be completed prior to joining the FactSet organization as an employee or outside collaborator.
Some tasks are requirements stemming from corporate policies while others will improve your experience, and the experience of others in our organization.
Required
Please setup your GitHub account with 2FA authentication enabled with GitHUb.
On your profile settings page please use your full name on your public profile so that it's easy for members within the organization, and non-organization contributors, to find you.
An example of using a person's first name to discover them using GitHub's mention feature.
Once you have a new project on FactSet's organization (created through FactSet's Open Source Code Use Policy process), it's time to get your project setup with a few things to make your life easier.
You may setup your project with several platforms to provide your team with feedback on code quality, security, team health, etc.
FactSet’s GitHub Admin team provides some support for the following platforms:
- GitHub, including (Please feel free to use any feature available in GitHub Enterprise Cloud)
- Automated Dependency Updates - Renovate
To further improve your productivity consider installing the following browser extensions:
- Inline Code Intelligence - Sourcegraph
To help with issue and pull request management, we recommend a set of GitHub Labels in this project's labels.json
file.
To deploy these labels to a project, we recommend using a tool called @hutson/github-metadata-sync
, download the labels.json
file (or clone this repository), and run the following:
github-metadata-sync --config labels.json --token [PERSONAL ACCESS TOKEN]
Note: Please create a Personal Access Token with repository access to all repositories listed in the
labels.json
file and pass that token to the--token
flag.
All packages published to a third-party package repository such as Nuget, Npm, PyPI, etc., from a FactSet Open Source project on github.com/factset
must be published under an account owned and managed by FactSet’s Open Source Committee (OSC).
If you do not intend to publish your project to a third-party package repository, or don't plan to at this time, then no action is required on your part.
Our policy is to ensure our company retains control over the published package for the duration of its use at FactSet.
We currently support publishing under accounts for the following package repositories:
We are adding support for additional package repositories: including Conan, Nuget, Circle CI Orbs, and Maven. If we’re not supporting a package repository that you need, please @mention the @cid-support
team.
Though you are publishing under an account managed by the OSC, you may continue to manage your release workflow, deciding when its best to publish a new version of your project.
While working on Open Source projects under the FactSet organization you may encounter the following common issues.
In the event that you disable, and then re-enable, 2FA, please reach out to a member of the organization to be re-invited.
Warning: If you're a member, billing manager, or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner.