As Flutter-Global expands and evolves, ensuring consistency, quality, and security across our shared codebases has become essential. To support this, we’re launching the Minimum Standards Campaign—an initiative aimed at building a strong foundation for security, collaboration, and long-term sustainability across the organization.
What is the Minimum Standards Campaign?
The Minimum Standards Campaign is all about ensuring that our capabilities meet a consistent set of security and quality standards. By rolling out these minimum standards and best practices, we aim to create a more reliable and sustainable environment for everyone.
The campaign will include a comprehensive review of all existing capabilities. During this process, we’ll identify and address any misconfigurations or gaps in alignment with our organizational standards. Even if your capability configuration is already correct, a Pull Request will still be opened for you to confirm its compliance. Automation will play a key role, generating pull requests (PRs) for each capability in the org-config repository to streamline the process.
What are the Minimum Standards?
The Minimum Standards are a set of guidelines that every capability must follow. These standards are organized into two main categories (for Shared Platforms Capabilities and Flutter-Global capabilities):
For Shared Platforms Capabilities
The following rules must be applied to ensure consistency and security for all gbp and CPP capabilities. These are divided into requirements for the _defaults.yml file and the repository config file:
_defaults.yml File Requirements
description: <Required>
remove-inactive-maintainers: <Required and must be set to `true`>
defaults:
branch-protections:
- patterns: <For default branch (main, master, etc.)>
parameters:
required-reviews-count: <Required, minimum value of `1`>
requires-codeowner-reviews: <Required and must be set to `true`>
contributors:
teams: <Required, Must include [all-flutter-global, maintainers-cap-shared-platforms-ops]>
unsafe-admins:
users: <If present, users must be members of the service-accounts team>
admins:
teams: <Required, must include [sp-admins]>
labels:
issue-author-division: <Required and must be set to `true`>
pr-reviewer-division: <Required and must be set to `true`>
pr-size-reminder: <Required and must be set to `true`>
delete-branch-on-merge: <Required and must be set to `true`>
Repository Configuration File Requirements
description: <Required>
branch-protections:
- patterns: <For default branch (main, master, etc.)>
parameters:
required-reviews-count: <If present, minimum value of `1`>
requires-codeowner-reviews: <If present, must be set to `true`>
contributors:
teams: <If present, must include [all-flutter-global, maintainers-cap-shared-platforms-ops]>
unsafe-admins:
users: <If present, users must be members of the service-accounts team>
admins:
teams: <If present, must include [sp-admins]>
labels:
issue-author-division: <If present, must be set to `true`>
pr-reviewer-division: <If present, must be set to `true`>
pr-size-reminder: <If present, must be set to `true`>
delete-branch-on-merge: <If present, must be set to `true`>
For Flutter-Global capabilities
The following rules must be applied to ensure consistency and security for all Flutter-Global capabilities. These are divided into requirements for the _defaults.yml file and the repository config file:
_defaults.yml File Requirements
owner: <Required and equal to a precalculated owner>
defaults:
branch-protections:
- patterns: <For default branch (main, master, etc.)>
parameters:
required-reviews-count: <Required, minimum value of `1`>
unsafe-admins:
users: <If present, users must be members of the service-accounts team>
Repository Configuration File Requirements
branch-protections:
- patterns: <For default branch (main, master, etc.)>
parameters:
required-reviews-count: <Required, minimum value of `1`>
unsafe-admins:
users: <If present, users must be members of the service-accounts team>
Who’s Involved?
- Capability Owners or Designated Points of Contact: You are responsible for reviewing and approving changes in Pull Requests to ensure they align with the standards. Even if no changes are required, you must still review the PR to confirm compliance.
- Unassigned Capabilities: For capabilities without designated owners, we’ll identify and assign a point of contact to oversee the review process.
Why is This Important?
By adopting these minimum standards, we’re improving individual capabilities and making the entire Flutter-Global ecosystem stronger. Here’s how:
- Clear Ownership: Assigning responsibility for each Capability ensures that issues are addressed promptly and effectively.
- Consistency: A unified approach to security and quality helps us maintain high standards across the board.
- Sustainability: Establishing a recurring process ensures that standards are maintained and updated over time.
What to Expect
Here’s what’s coming as part of the campaign:
- Drop-in Sessions: We’ll host sessions where you can learn more about the campaign, ask questions, and get support.
- Guidance and Support: #inner-source Slack channel.
- Pull Request Reviews: Review and approve updates to your capabilities to ensure they align with the defined Minimum Standards.
Timeline
The Minimum Standards Campaign will officially begin on 15th July 2025. Here’s a breakdown of the key milestones:
- 15th July: The campaign kicks off. Pull Requests (PRs) will be created for all capabilities.
- 29th July: First review checkpoint. If PRs remain unreviewed or unmerged, notifications will be sent to the respective owners.
- 5th August: Second review checkpoint. If PRs are still pending, notifications will be escalated to the relevant managers.
- 19th August: Campaign concludes. All updates should be reviewed and merged by this date.
The Minimum Standards Campaign is a collaborative effort, and your participation is key to its success.
If you have any questions or need assistance, feel free to reach out via the #inner-source Slack channel.
by: Nuno Crisóstomo
in:
category: Changelog