From a1736484489a262dc487456602fba96c7c34a93f Mon Sep 17 00:00:00 2001
From: Julius Busecke <julius@ldeo.columbia.edu>
Date: Thu, 9 Jan 2025 10:57:21 -0500
Subject: [PATCH 1/4] Adding Admin section to team guide + instructions for
 token refresh

---
 book/guides/team_guide.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/book/guides/team_guide.md b/book/guides/team_guide.md
index f8e9bf34..dc66210b 100644
--- a/book/guides/team_guide.md
+++ b/book/guides/team_guide.md
@@ -60,3 +60,32 @@ We aim to provide users with [up-to-date default software environments](referenc
 ## Offboarding members
 
 - \[\] Delete personal `dct-team-<first_name>` service account in IAM (needs admin priviliges).
+
+## Admin Tasks
+
+This part of the guide is reserved for team members with admin access to the `'leap-stc'` github organization!
+
+(guide.team.admin.renew_member_token)=
+### Renewing Personal fine grained access token for LEAP member management
+In order to automate member sign up by adding github users from a private Google Sheet to the appropriate github teams (via [this gh action](https://github.com/leap-stc/member_management/blob/main/.github/workflows/read_sheet.yaml)) the github action needs the appropriate priviliges to add/remove members from teams. We are currently handling this by providing a personal access token as the `"ORG_TOKEN"` secret. The person creating the token will usually be the Manager for Data and Computation. 
+
+:::{note} Ideally we want to remove the dependency on a single user account here, but for now this is the only way I have found this to work properly. Maybe there is a way to establish a 'dummy' user?:::
+
+#### Steps
+- Make sure you have access to set secrets on the private [member_management repo](https://github.com/leap-stc/member_management)
+- Go to the personal account "Settings>Developer Settings" Tab. From there naviate to "Personal Access Token>Fine-Grained tokens"
+- If present click on "LEAP member management token", othewise create a new token with that name (the actual name is optional here, but make sure to name it in a memorable way), and authenticate.
+- Generate or regenerate the token
+    - The required permissions are "Read and Write access to members" and "Read Access to actions and metadata"
+    - Set the expiration to a full year (the current limit set on the org level)
+- Make sure to copy the token (leave the page open until the next step is completed, since you will have to recreate the token once the page is closed!)
+- Go to the [member_management repo](https://github.com/leap-stc/member_management) and navigate to "Settings > Secrets and Variables > Actions" and open the "ORG_TOKEN" to edit
+- Paste the above token from the clipboard and save.
+- Run the [Member Add Action](https://github.com/leap-stc/member_management/actions/workflows/read_sheet.yaml) and confirm that it is successful
+- Close the token page and you are done!
+
+### Handover Checklist for Admins
+
+The following is a list of tasks that should be done by any new hire in the Data and Computation Manager position to ensure smooth operations.
+
+- [](guide.team.admin.renew_member_token)

From d396c3440dadb8c4c4dd6c3561daca64988de289 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Thu, 9 Jan 2025 15:58:16 +0000
Subject: [PATCH 2/4] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 book/guides/team_guide.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/book/guides/team_guide.md b/book/guides/team_guide.md
index dc66210b..53e257f0 100644
--- a/book/guides/team_guide.md
+++ b/book/guides/team_guide.md
@@ -66,18 +66,21 @@ We aim to provide users with [up-to-date default software environments](referenc
 This part of the guide is reserved for team members with admin access to the `'leap-stc'` github organization!
 
 (guide.team.admin.renew_member_token)=
+
 ### Renewing Personal fine grained access token for LEAP member management
-In order to automate member sign up by adding github users from a private Google Sheet to the appropriate github teams (via [this gh action](https://github.com/leap-stc/member_management/blob/main/.github/workflows/read_sheet.yaml)) the github action needs the appropriate priviliges to add/remove members from teams. We are currently handling this by providing a personal access token as the `"ORG_TOKEN"` secret. The person creating the token will usually be the Manager for Data and Computation. 
 
-:::{note} Ideally we want to remove the dependency on a single user account here, but for now this is the only way I have found this to work properly. Maybe there is a way to establish a 'dummy' user?:::
+In order to automate member sign up by adding github users from a private Google Sheet to the appropriate github teams (via [this gh action](https://github.com/leap-stc/member_management/blob/main/.github/workflows/read_sheet.yaml)) the github action needs the appropriate priviliges to add/remove members from teams. We are currently handling this by providing a personal access token as the `"ORG_TOKEN"` secret. The person creating the token will usually be the Manager for Data and Computation.
+
+:::\{note} Ideally we want to remove the dependency on a single user account here, but for now this is the only way I have found this to work properly. Maybe there is a way to establish a 'dummy' user?:::
 
 #### Steps
+
 - Make sure you have access to set secrets on the private [member_management repo](https://github.com/leap-stc/member_management)
 - Go to the personal account "Settings>Developer Settings" Tab. From there naviate to "Personal Access Token>Fine-Grained tokens"
 - If present click on "LEAP member management token", othewise create a new token with that name (the actual name is optional here, but make sure to name it in a memorable way), and authenticate.
 - Generate or regenerate the token
-    - The required permissions are "Read and Write access to members" and "Read Access to actions and metadata"
-    - Set the expiration to a full year (the current limit set on the org level)
+  - The required permissions are "Read and Write access to members" and "Read Access to actions and metadata"
+  - Set the expiration to a full year (the current limit set on the org level)
 - Make sure to copy the token (leave the page open until the next step is completed, since you will have to recreate the token once the page is closed!)
 - Go to the [member_management repo](https://github.com/leap-stc/member_management) and navigate to "Settings > Secrets and Variables > Actions" and open the "ORG_TOKEN" to edit
 - Paste the above token from the clipboard and save.

From b29cbdb09d5f972ce9c064203b2fd5278f580cfb Mon Sep 17 00:00:00 2001
From: Julius Busecke <julius@ldeo.columbia.edu>
Date: Thu, 9 Jan 2025 11:04:34 -0500
Subject: [PATCH 3/4] Update team_guide.md

---
 book/guides/team_guide.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/book/guides/team_guide.md b/book/guides/team_guide.md
index 53e257f0..56744ef1 100644
--- a/book/guides/team_guide.md
+++ b/book/guides/team_guide.md
@@ -71,7 +71,9 @@ This part of the guide is reserved for team members with admin access to the `'l
 
 In order to automate member sign up by adding github users from a private Google Sheet to the appropriate github teams (via [this gh action](https://github.com/leap-stc/member_management/blob/main/.github/workflows/read_sheet.yaml)) the github action needs the appropriate priviliges to add/remove members from teams. We are currently handling this by providing a personal access token as the `"ORG_TOKEN"` secret. The person creating the token will usually be the Manager for Data and Computation.
 
-:::\{note} Ideally we want to remove the dependency on a single user account here, but for now this is the only way I have found this to work properly. Maybe there is a way to establish a 'dummy' user?:::
+:::\{note} 
+Ideally we want to remove the dependency on a single user account here, but for now this is the only way I have found this to work properly. Maybe there is a way to establish a 'dummy' user?
+:::
 
 #### Steps
 

From 6590e0253a25a7fde7ea8cb351b1abda0c03a1d6 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Thu, 9 Jan 2025 16:04:45 +0000
Subject: [PATCH 4/4] [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
---
 book/guides/team_guide.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/book/guides/team_guide.md b/book/guides/team_guide.md
index 56744ef1..6cb22d0d 100644
--- a/book/guides/team_guide.md
+++ b/book/guides/team_guide.md
@@ -71,7 +71,7 @@ This part of the guide is reserved for team members with admin access to the `'l
 
 In order to automate member sign up by adding github users from a private Google Sheet to the appropriate github teams (via [this gh action](https://github.com/leap-stc/member_management/blob/main/.github/workflows/read_sheet.yaml)) the github action needs the appropriate priviliges to add/remove members from teams. We are currently handling this by providing a personal access token as the `"ORG_TOKEN"` secret. The person creating the token will usually be the Manager for Data and Computation.
 
-:::\{note} 
+:::\{note}
 Ideally we want to remove the dependency on a single user account here, but for now this is the only way I have found this to work properly. Maybe there is a way to establish a 'dummy' user?
 :::