Projects

Fund bounties and prioritize GitHub issues

The Projects app is a project management app that synchronizes GitHub repositories to your organization, enabling bounties to be allocated to issues and issue curation to determine priorities.

Disclaimer: The Projects app is a unique application as far as an Aragon app goes, because it is integrated with an external app: GitHub. When you authorize the Projects app, an API token becomes stored locally in your web browser, which gives you the access to easily use the Projects app. Read more here.

Projects

The General tab shows you a set of cards representing your synchronized projects (your GitHub repositories, once you've connected to GitHub and synchronized at least one project). Clicking on the card will send you to a filtered view of its issues.

New Project

To synchronize a new repository to your organization, you can can click on the "New project" button. In the panel, select the repository that you want to synchronize, and click "Submit".

Issues

The Issues tab displays a list of all the issues from all your synchronized repositories. You can filter issues by project, labels, milestones, and status. You can also search and sort through issues. The table "Actions" menu is activated once at least one issue has been selected, and the available actions are "Fund Issues" or "Curate Issues".

Fund Issues

To place a bounty on a single issue, you can select the menu icon for the issue and select "Fund Issue". To place a bounty on multiple issues, you can click on the checkbox for the issues you want to fund, click on the "Actions" button and select "Fund issues". In the panel you can enter the bounty amount, difficulty, and the deadline.

Note: A prerequisite to funding issues is having some tokens in your Finance app. You can either deposit funds in the Finance app from your wallet, or alternatively mint your organization's tokens into the Finance app. Refer to the end of this document for the step-by-step guide for more details on the minting process.

Curate Issues

To curate a set of issues, you can click on the checkbox of the issue you want to fund, click on the "Actions" button, and select "Curate issues". Inside the panel, you can add additional issues for curation. Make sure that they are properly autocompleted as you type them. Once you've clicked "Submit", it'll be forwarded to the Dot Voting app for organization members to curate.

Bounties

Once an issue has been funded, you can view the bounty information by clicking on the issue title. Inside this view, you can see the repository this issue belongs to, its current status and activity, as well as the difficulty level, time left, description and associated labels.

Submit an Application

To submit an application in order to be able to work on the bounty, click on "Submit application" to specify the details of your application. In the panel, specify how you intend to complete the issue, and optionally include how long you think it'll take you, and by when. Agree to the terms and click on "Submit".

Submit Work

Once you've been approved and are ready to submit your final work, click on "Submit Work". In the panel, describe the work you've done, include a pull request URL if needed, and enter any additional comments or details before submitting. You can also mention how many hours you've worked to help improve the accuracy of future bounties. Accept the terms and click on "Submit".

Review Work

Once work has been submitted, it can be reviewed and either approved or rejected. If approved, the contributor will receive the tokens staked against the issue. If rejected, other members can apply to work on the issue.

Settings

In the Settings tab, you can see an area from which you can log out of your GitHub, the contract address responsible for allocating bounties, and funding settings to customize how you manage bounties in your organization. By default, the funding model is set to Fixed, meaning that you will allocate bounties based on specifying a fixed amount as opposed to an hourly estimate.

Switching from Fixed to Hourly, you can then define the base hourly rate and the difficulty levels become multipliers. In hourly funding, the hourly rate per issue is the base rate multiplied by the difficulty level selected for the issue being funded.

How to use organization tokens with the Projects app

If you'd like to fund bounties with your organization's token there's a multi-step process you must go through.

  • Navigate to Organization in the left panel, and then find the address of your Vault and copy it.

  • Navigate to the Tokens app and click the Add Tokens button.

  • Paste the address of your Vault from the previous step into the Recipient field.

  • Enter an amount of tokens that you want to be able to allocate to bounties, and submit and sign the transaction.

WARNING: Tokens held by the vault will count towards approval quorum for voting, so be careful not to mint too many as you could accidentally, and irreversibly lose control over your organization.

  • Ensure that your personal wallet has at least 1 of the DAO's tokens. If not, mint yourself some tokens.

  • Navigate to the Finance and deposit 1 token. This step is needed so the Projects app gains knowledge that you minted tokens into the vault.

  • Now you can either start to fund issues with your token if the funding model is Fixed, or go to the Project Settings tab to setup an hourly base rate denominated in this token.

Note: We are working to improve the process above so it's easier to fund bounties with your organization's token during the initial application install process. Since the Projects app integrates with an external contract, StandardBounties, based on the current design, it is required that funds must exist in the connected vault. While this is only a one-time setup, here are a few issues that track some enhancements needed to reduce some of the steps:

GitHub Authorization

The Projects app is a unique application as far as an Aragon app goes, because it is integrated with an external app: GitHub. When you authorize the Projects app, an API token becomes stored locally in your web browser, which gives you the access to easily use the Projects app.

When you first sign in with GitHub in the Projects app, the API token has very limited privileges of only being able to read public data. Creating new issues requires an extra set of permissions, which you will be requested to grant if you ever try to create an issue within the application.

These authorizations require one centralized component that is managed by Autark: the piece of the system where private keys identifying Autark are stored, which is the piece of the system that relays your API token from GitHub back to your browser. We use a simple app that does not log or retain tokens, or any personal identifying information about you.

With any piece of centralized infrastructure, an attack surface always exists: our server could be compromised, in which case a third-party may be able to access the GitHub permissions that our app is requesting. As far as web applications go, this isn’t just unique to the Projects app, it’s a security risk that exists globally for any OAuth-based application.

We just wanted you to be more aware of the underlying infrastructure that is powering the Projects app. Access to your organization’s assets and how they are utilized will always be based on your Ethereum address, and not your GitHub account, so regardless of this risk, your financial assets will never be at risk based on this vulnerability alone.

We are working towards decentralizing the Projects app to remove the need for GitHub: expect an update in early 2020.

Authorizing additional organizations

To authorize additional GitHub organizations on the Projects app once you've already connected to GitHub before, go to your GitHub's application settings where you'll find Open Enterprise under "Authorized OAuth apps" and customize the permission settings.

Last updated