The Projects app is a project management app that synchronizes GitHub repositories to your organization, enabling bounties to be allocated to issues and issue curation to determine priorities.
The General tab shows you a set of cards representing your synchronized projects (your GitHub repositories, once you've connected to GitHub and synchronized at least one project). Clicking on the card will send you to a filtered view of its issues.
To synchronize a new repository to your organization, you can can click on the "New project" button. In the panel, select the repository that you want to synchronize, and click "Submit".
The Issues tab displays a list of all the issues from all your synchronized repositories. You can filter issues by project, labels, milestones, and status. You can also search and sort through issues. The table "Actions" menu is activated once at least one issue has been selected, and the available actions are "Fund Issues" or "Curate Issues".
To place a bounty on a single issue, you can select the menu icon for the issue and select "Fund Issue". To place a bounty on multiple issues, you can click on the checkbox for the issues you want to fund, click on the "Actions" button and select "Fund issues". In the panel you can enter the bounty amount, difficulty, and the deadline.
To curate a set of issues, you can click on the checkbox of the issue you want to fund, click on the "Actions" button, and select "Curate issues". Inside the panel, you can add additional issues for curation. Make sure that they are properly autocompleted as you type them. Once you've clicked "Submit", it'll be forwarded to the Dot Voting app for organization members to curate.
Once an issue has been funded, you can view the bounty information by clicking on the issue title. Inside this view, you can see the repository this issue belongs to, its current status and activity, as well as the difficulty level, time left, description and associated labels.
To submit an application in order to be able to work on the bounty, click on "Submit application" to specify the details of your application. In the panel, specify how you intend to complete the issue, and optionally include how long you think it'll take you, and by when. Agree to the terms and click on "Submit".
Once you've been approved and are ready to submit your final work, click on "Submit Work". In the panel, describe the work you've done, include a pull request URL if needed, and enter any additional comments or details before submitting. You can also mention how many hours you've worked to help improve the accuracy of future bounties. Accept the terms and click on "Submit".
Once work has been submitted, it can be reviewed and either approved or rejected. If approved, the contributor will receive the tokens staked against the issue. If rejected, other members can apply to work on the issue.
In the Settings tab, you can see an area from which you can log out of your GitHub, the contract address responsible for allocating bounties, and funding settings to customize how you manage bounties in your organization. By default, the funding model is set to Fixed, meaning that you will allocate bounties based on specifying a fixed amount as opposed to an hourly estimate.
Switching from Fixed to Hourly, you can then define the base hourly rate and the difficulty levels become multipliers. In hourly funding, the hourly rate per issue is the base rate multiplied by the difficulty level selected for the issue being funded.
If you'd like to fund bounties with your organization's token there's a multi-step process you must go through.
Organization in the left panel, and then find the address of your
Vault and copy it.
Navigate to the
Tokens app and click the
Add Tokens button.
Paste the address of your
Vault from the previous step into the
Enter an amount of tokens that you want to be able to allocate to bounties, and submit and sign the transaction.
Ensure that your personal wallet has at least 1 of the DAO's tokens. If not, mint yourself some tokens.
Navigate to the
Finance and deposit 1 token. This step is needed so the Projects app gains knowledge that you minted tokens into the vault.
Now you can either start to fund issues with your token if the funding model is
Fixed, or go to the Project Settings tab to setup an hourly base rate denominated in this token.
The Projects app is a unique application as far as an Aragon app goes, because it is integrated with an external app: GitHub. When you authorize the Projects app, an API token becomes stored locally in your web browser, which gives you the access to easily use the Projects app.
When you first sign in with GitHub in the Projects app, the API token has very limited privileges of only being able to read public data. Creating new issues requires an extra set of permissions, which you will be requested to grant if you ever try to create an issue within the application.
These authorizations require one centralized component that is managed by Autark: the piece of the system where private keys identifying Autark are stored, which is the piece of the system that relays your API token from GitHub back to your browser. We use a simple app that does not log or retain tokens, or any personal identifying information about you.
With any piece of centralized infrastructure, an attack surface always exists: our server could be compromised, in which case a third-party may be able to access the GitHub permissions that our app is requesting. As far as web applications go, this isn’t just unique to the Projects app, it’s a security risk that exists globally for any OAuth-based application.
We just wanted you to be more aware of the underlying infrastructure that is powering the Projects app. Access to your organization’s assets and how they are utilized will always be based on your Ethereum address, and not your GitHub account, so regardless of this risk, your financial assets will never be at risk based on this vulnerability alone.
We are working towards decentralizing the Projects app to remove the need for GitHub: expect an update in early 2020.