Skip to content

Commit

Permalink
Add Dex 2023 annual review
Browse files Browse the repository at this point in the history
Signed-off-by: Mark Sagi-Kazar <[email protected]>
  • Loading branch information
sagikazarmark committed Aug 3, 2023
1 parent 552fbaa commit ce843a5
Showing 1 changed file with 78 additions and 0 deletions.
78 changes: 78 additions & 0 deletions reviews/sandbox/2023/2023-dex-annual.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
# Dex 2023 Annual Review

## Highlights from the past year

- Dex implemented RFC 8693 OAuth 2.0 Token Exchange
- OIDC compliance has improved
- We've released 10 minor versions (4 more compared to the previous year).

## Development stats

The Dex devstats page and dashboards can be found
[here](https://dex.devstats.cncf.io/d/8/dashboards?orgId=1&refresh=15m&search=open).

Key highlights:

- The project currently has a total of [400+ contributors](https://dex.devstats.cncf.io/d/22/prs-authors-table?orgId=1) from [300+ companies](https://dex.devstats.cncf.io/d/5/companies-table?orgId=1).
- During the last year [60+ people](https://dex.devstats.cncf.io/d/22/prs-authors-table?orgId=1&var-period_name=Last%20year&var-repogroup_name=All) contributed to Dex from [60+ companies](https://dex.devstats.cncf.io/d/5/companies-table?orgId=1&var-period_name=Last%20year&var-metric=contributions).
- According to devstats, the project averages [30 commits](https://dex.devstats.cncf.io/d/74/contributions-chart?orgId=1&var-period=m&var-metric=commits&var-repogroup_name=All&var-country_name=All&var-company_name=All&var-company=all&from=now-2y&to=now) in [7 merged PRs](https://dex.devstats.cncf.io/d/74/contributions-chart?orgId=1&var-period=m&var-metric=mergedprs&var-repogroup_name=All&var-country_name=All&var-company_name=All&var-company=all&from=now-2y&to=now) per month.

## Maintainers

The project has **5** active maintainers from **3** different organizations (Cisco, Red Hat, Flant).
The full list of maintainers can be found [here](https://github.com/dexidp/dex/blob/master/MAINTAINERS).

We have a semi-formal onboarding process and we are looking at the prospect of adding more committers to the project.

## Adoption

The list of known adopters can be found [here](https://github.com/dexidp/dex/blob/master/ADOPTERS.md),
but this is only a small portion of our users.

Prominent CNCF/Open Source projects using Dex are [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) and [sigstore](https://www.sigstore.dev/).

## Performance against past goals

### More frequent releases

We've nearly doubled the number of releases during the past year.

### Formal process for becoming a maintainer

We have a semi-formal process for becoming a maintainer.
Becoming a maintainer today is definitely easier than a couple years ago.

### Get more maintainers and adopters

Adoption measurable improved during the last year and we also have more committers.

We failed to add new maintainers to the project, but we have potential candidates.

### Run tests on ARM architecture

We have an ARM-based build process in place (although we cross compile instead of running tests on native ARM).

### OIDC certification

OIDC spec compliance improved in the last year, but we haven't reached certification yet. We are going to work towards that goal in the coming year.

## Future goals

We have a number of items on our roadmap that we would like to accomplish next:

- Improved (e2e) test coverage
- OIDC certification
- Connector middleware allowing users to inject custom logic into the auth process (eg. use custom claims)
- Custom connectors

The above goals are in no particular order, nor we think that we can necessarily reach all of them in a single year.

## CNCF support

Dex integrates with a number of Identity Providers and it's rather hard to maintain compatibility.
We need access to resources (eg. access to cloud providers) to continuously test compatibility with these providers.

## Incubation

At this point we don't feel that the project meets the incubation criteria.
We would like to grow more in terms of maintainers and known users before considering to move to the next stage.

0 comments on commit ce843a5

Please sign in to comment.