Hello Team,

Please approve GitHub for Jira addon integration user to below repositories:
Glenda Leonard (cc'ed on the bug) and the team want to integrate GitHub PR and commits with their Ads Engineering Jira project for deployment and for testing development issues.
Please enable on the requested repo.

Below are my answers to the standard questions for this request:

** Which repositories do you want to have access?
https://github.com/mozilla-services/mars
https://github.com/mozilla-it/webservices-infra
https://github.com/mozilla-it/global-platform-admin
https://github.com/mozilla-sre-deploy/deploy-ads

** Is the repository private or public? Public

** Provide link to vendor's description of permissions needed and why
https://github.com/atlassian/github-for-jira/blob/master/README.md#Authorization

** Provide the Install link for a GitHub app
https://marketplace.atlassian.com/apps/1219592/github-for-jira?tab=overview&hosting=cloud

Thank you
Shraddha

Alright - The Jira app is approved without oversight for private repos per secops here. And all these repos are private.

Jira was already installed in the Mozilla-IT org - and has been enabled for the webservices-infra and global-platform-admin repos in that org.
Similarly with the mozilla-services org - and the mars repo is enabled.

However, the mozilla-sre-deploy org did NOT have that app installed. The initial app installation requires that the installer be a FULL admin of the jira environment, AND a full owner of the org in question.
Per our runbooks (See "Special cases") - we'll need to schedule a time where we can make the data-sync-user a temporary owner of the org, then you can go through the install and initial configuration, and then I can remove you from ownership of the org. (:jdirx has done this several times)

Let me know when you might be available to do that work.

Thanks (In reply to Chris Knowles [:cknowles] from comment #1)

Alright - The Jira app is approved without oversight for private repos per secops here. And all these repos are private.

Jira was already installed in the Mozilla-IT org - and has been enabled for the webservices-infra and global-platform-admin repos in that org.
Similarly with the mozilla-services org - and the mars repo is enabled.

However, the mozilla-sre-deploy org did NOT have that app installed. The initial app installation requires that the installer be a FULL admin of the jira environment, AND a full owner of the org in question.
Per our runbooks (See "Special cases") - we'll need to schedule a time where we can make the data-sync-user a temporary owner of the org, then you can go through the install and initial configuration, and then I can remove you from ownership of the org. (:jdirx has done this several times)

Let me know when you might be available to do that work.

Thanks [:cknowles] I can meet Thursday(06/20) between 10-11 PST

Alright, I've sent a meeting request for that time - please make sure you have the GitHub login credentials for the data-sync-user (including 2FA)

sure,thanks

Met, got Shraddha made a temporary owner, and installed Jira in the mozilla-sre-deploy org. Then after it appeared to work, demoted her to member status.

Based on how the other orgs are looking, Shraddha asked that she be made a member of the mozilla-it and mozilla-services orgs, so she can get better queries from the Jira side of status.

So, for the ORGNAME = mozilla-it, mozilla-services:
You will be getting two invites. First from people.m.o invites to the group ghe_ORGNAME_users - please accept this before proceeding.
Next, from GitHub to whatever email address you have associated with your GitHub account. The invites to the ORGNAME org(s) - once you accept these and sign into GitHub you'll be a member of the org(s), and the requested teams.

If you can't find that GitHub invite, go to the following link and next to the desired organization name, there should be an option to accept an invite. https://github.com/settings/organizations

Note that invites expire after a week, and so if you need things re-sent please update this bug.

Once you’re signed into the org, there may be some changes you need to make if you use PAT/SSH/gh cli/other-tools - directions for that live here: https://wiki.mozilla.org/GitHub/GHE_SAML_User_FAQ#Alright.2C_I.27ve_SAML.27d_what_now.3F

Please let us know if there's any questions or concerns

I'm going to leave this bug open until you confirm that all is working and you're happy.

And I lied - you're already a member of the mozilla-it org - so no additional invites needed there. I have sent the invites to the mozilla-services org though.

Alright - so mozilla-sre-deploy is working. However, the mozilla-it and mozilla-services new repos are NOT ... and we've tried making Shraddha a GitHub owner of the org and reconnecting and reconfiguring the app - to no avail, Jira just isn't seeing the new repos. But the ownership on the GitHub side should remove any concern that it's a permissions problem on that side. (there's literally no higher permission level we can grant.)

At this point, I've reverted Shraddha to a member of the orgs, and stand ready to help with any troubleshooting that other Jira admins recommend, or Jira support.

Let me know how I can help.

Hi - Glenda here, requester of this change :-)

If you remove mozilla-sre-deploy can another repo then be added? wondering if there is a config setting to allow more than one repo to be linked to a Jira project. The DENG project does have a multi repo config so it is possible somehow.

This is an example of the end result with multi repos for the DENG project https://mozilla-hub.atlassian.net/browse/DENG-946

I think this is directed at Shraddha - From the GitHub side, I don't have any knobs around what jira items things go against. We merely add the orgs/repos to the app. And then Jira is supposed to detect them and allow for configuration (which is part that isn't working for the other new repos)

Let me know if there's anything a GH owner can do to help.

Hi Chris,
Thanks for working on the "mozilla-sre-deploy" org.

Can you please similarly grant me the owner permissions for orgs below?
https://github.com/mozilla-services
https://github.com/mozilla-it

Let me know if i missed anything.

Thanks

Talked with Shraddha and James in zoom - We've added the data-sync-user as a writer to all intended repos in this bug - as we were seeing that the working repos had this as well.

However, it didn't appear to SOLVE anything.

At this point, I think Shraddha and James are going to work with Jira support. I remain available to help diag and try things from the GitHub end to get things working.