In line with our policy for user account decommissioning, on June 14th at 3:00PM we will be starting the decommissioning process for user accounts that have been marked as separated from the university for one month or more. At the time of writing, this will remove approximately 621 user accounts. One week after the archive process, the accounts will be deleted from github.ncsu.edu. This post will detail what happens during this process, and what things users should look out for (even if they are not the ones being decommissioned).
User Decommissioning Process
Every day, all users that exist in github.ncsu.edu are checked against HR and SIS data to determine if they are still a member of the university. When a user no longer has an active employee record, and is not registered for classes, and does not have an active academic plan, the user is marked as “separated”, and the date of separation is recorded. After a user has been separated for at least one month, they are eligible for removal from NC State GitHub. At the moment, we do not automate the decommissioning schedule, and instead run the process manually, since it is still new and we prefer to watch it for a while.
When the decommissioning process is run, all user accounts flagged for removal have an SSH key and Personal Access Token added to their account that the system uses to create an archive of their data. We use the python-github-backup tool to create the archive. All content that is owned by the user is downloaded and packed into a tarball, which is then sent to the user via Google Drive to their UnityID@ncsu.edu email address.
Only content directly owned by the user will be included in the archive. The following data will NOT be included in the archive:
– Repositories owned by organizations the user is a member of
– Issues, commits, wiki pages, etc in repositories owned by other users
– Forks of repositories the user owned
In cases where the user is the only owner of an organization, a service account controlled by the GitHub Service Team will be granted ownership rights to the organization. If there are any other members of the organization, they may contact the service team to request ownership of the organization.
Organizations must have an owner, and GitHub will not allow the deletion of a user account if they are the last owner of an organization, therefore we grant the service account ownership rights as a means of working around this issue. In cases where the user is an owner of an organization and there are other owners, the organization will be left alone.
One week after the user account archives have been created, the accounts are deleted from GitHub.
Affects on Other Users
Although a user decommission mainly affects the user account being decommissioned, there are a few cases where it can have impacts on other users. Here are a few examples of things that can happen.
Every mention of the decommissioned user’s username is replaced with “Ghost”. This includes references in commits, issues, comments, pull requests, wiki pages, etc. All the content is still there, but it has been re-owned to the Ghost account.
Forks of public repositories owned by the decommissioned user will be re-owned to the user account who forked them.
Forks of private repositories owned by the decommissioned user will be deleted. This is how GitHub handles private forks when a user account is deleted. Also keep in mind that the forks of a private repository are not included in the archive sent to the user. We have ~30 days of backups that we can restore data from, but after the 30 day window we cannot assist in recovering data.
Important Data Owned by the User
There may be cases where the decommissioned user was the owner of an important repository that active users rely on. When a user’s account is decommissioned, all their repositories are deleted. We highly recommend transferring ownership of a repository to another user before leaving the university if it is important to active users. Even better would be to create an organization, and transfer ownership to the organization.