chore: first pass of cleanup org-members

[rjan90]

Summary

A quick first-pass of cleaning up org-members.

What changed

• Removed stale org-level memberships for users who should no longer be managed as FilOzone org members.
• Removed related stale repo/team access entries for those users where the cleanup intent was clear.
• Removed the unused SpaceMeridian team and its repo team grants.
• Removed unused filecoin-pay-maintainers and filecoin-pin-dev team definitions, since no repositories reference them anymore.
• Removed redundant direct collaborator grants where existing team access already provides the same permission:
  • TippyFlitsUK on filecoin-cloud, covered by filoz-fs admin access.
  • wjmelements on filecoin-pay, covered by filoz-fs maintain access.
• Kept direct repo collaborator access where it appears intentionally separate from org membership, since outside/direct collaborators can still be valid even when they are no longer org members.
• Included the generated config fix updates that re-enabled secret scanning settings for public repositories.

[github-actions]

The following access changes will be introduced as a result of applying the plan:

Access Changes

User aarshkshah1992:
  - will leave the organization
  - will lose admin permission to hotvault-demo
  - will lose maintain permission to pdp
  - will lose maintain permission to synapse-sdk
User bajtos:
  - will leave the organization
  - will lose maintain permission to filecoin-pay-auction-bot
  - will lose push permission to filecoin-pay-explorer
  - will lose push permission to filecoin-services
  - will lose push permission to fs-pm
  - will lose push permission to synapse-sdk
  - will lose push permission to tim-docs
User barbaraperic:
  - will lose push permission to filecoin-cloud
  - will lose push permission to filecoin-pay-explorer
  - will lose push permission to synapse-website
User code-pangolin:
  - will leave the organization
User geomatrick:
  - will lose push permission to dealbot
  - will lose push permission to filecoin-cloud
  - will lose maintain permission to filecoin-pay-auction-bot
  - will lose push permission to filecoin-pay-explorer
  - will lose push permission to filecoin-services
  - will lose admin permission to fs-pm
  - will lose push permission to synapse-sdk
  - will lose push permission to tim-docs
  - will leave the organization
User magik6k:
  - will leave the organization
User mirhamasala:
  - will lose admin permission to filecoin-cloud
  - will lose push permission to synapse-website
User pyropy:
  - will leave the organization
  - will lose push permission to filecoin-pay
  - will lose admin permission to filecoin-pay-auction-bot
  - will lose push permission to filecoin-pay-explorer
  - will lose push permission to filecoin-services
  - will lose push permission to fs-pm
  - will lose pull permission to infra
  - will lose push permission to synapse-sdk
  - will lose push permission to tim-docs
User stebalien:
  - will lose maintain permission to pdp
User virajbhartiya:
  - will lose push permission to hotvault-demo
  - will lose push permission to pdp-explorer
User winter-soren:
  - will lose push permission to hotvault-demo
User filoz-fs:
  - will gain admin permission to filecoin-pay-auction-bot
  - will gain admin permission to hotvault-demo

[rjan90]

CI is failing as expected since we need to do the org-membership removals out-of-band, and then clean Terraform state.

[BigLep]

I didn't look to see if there are additional changes that should be made, but I looked to see "is there anything wrong with these changes".

Only other thing I see is Julian losing permissions per #38 (comment)

Feel free to merge/handle after reviewing/incorporating feedback (where makes sense).

---

I agree we should remove membership for a lot of these folks. We could still list some of them as external collaborators (manual in UI). GitHub magement doesn't support that yet (I have a backlog item for it).

[BigLep]

Keep the team since its in https://github.com/search?q=repo%3AFilOzone%2Ffilecoin-pay%20filecoin-pay-maintainers&type=code ?
Maybe add a comment but trim it down?

[BigLep]

Agreed we can remove

[github-actions]

Before merge, verify that all the following plans are correct. They will be applied as-is after the merge.

Terraform plans

FilOzone

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # github_repository.this["filoz-websites"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "filoz-websites"
        name                        = "filoz-websites"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository.this["foc-gh"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "foc-gh"
        name                        = "foc-gh"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository.this["foc-observer"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "foc-observer"
        name                        = "foc-observer"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository.this["foc-websites"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "foc-websites"
        name                        = "foc-websites"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository.this["localnet"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "localnet"
        name                        = "localnet"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository.this["sp-telemetry-stories"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "sp-telemetry-stories"
        name                        = "sp-telemetry-stories"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository_collaborator.this["dealbot:geomatrick"] will be destroyed
  # (because key ["dealbot:geomatrick"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "dealbot:geomatrick" -> null
      - permission = "push" -> null
      - repository = "dealbot" -> null
      - username   = "geomatrick" -> null
    }

  # github_repository_collaborator.this["filecoin-cloud:barbaraperic"] will be destroyed
  # (because key ["filecoin-cloud:barbaraperic"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-cloud:barbaraperic" -> null
      - permission = "push" -> null
      - repository = "filecoin-cloud" -> null
      - username   = "barbaraperic" -> null
    }

  # github_repository_collaborator.this["filecoin-cloud:geomatrick"] will be destroyed
  # (because key ["filecoin-cloud:geomatrick"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-cloud:geomatrick" -> null
      - permission = "push" -> null
      - repository = "filecoin-cloud" -> null
      - username   = "geomatrick" -> null
    }

  # github_repository_collaborator.this["filecoin-cloud:mirhamasala"] will be destroyed
  # (because key ["filecoin-cloud:mirhamasala"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-cloud:mirhamasala" -> null
      - permission = "admin" -> null
      - repository = "filecoin-cloud" -> null
      - username   = "mirhamasala" -> null
    }

  # github_repository_collaborator.this["filecoin-cloud:tippyflitsuk"] will be destroyed
  # (because key ["filecoin-cloud:tippyflitsuk"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-cloud:TippyFlitsUK" -> null
      - permission = "admin" -> null
      - repository = "filecoin-cloud" -> null
      - username   = "TippyFlitsUK" -> null
    }

  # github_repository_collaborator.this["filecoin-pay-auction-bot:filoz-fs"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "admin"
      + permission_diff_suppression = false
      + repository                  = "filecoin-pay-auction-bot"
      + username                    = "filoz-fs"
    }

  # github_repository_collaborator.this["filecoin-pay-auction-bot:juliangruber"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "maintain"
      + permission_diff_suppression = false
      + repository                  = "filecoin-pay-auction-bot"
      + username                    = "juliangruber"
    }

  # github_repository_collaborator.this["filecoin-pay-auction-bot:pyropy"] will be destroyed
  # (because key ["filecoin-pay-auction-bot:pyropy"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-pay-auction-bot:pyropy" -> null
      - permission = "admin" -> null
      - repository = "filecoin-pay-auction-bot" -> null
      - username   = "pyropy" -> null
    }

  # github_repository_collaborator.this["filecoin-pay-explorer:barbaraperic"] will be destroyed
  # (because key ["filecoin-pay-explorer:barbaraperic"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-pay-explorer:barbaraperic" -> null
      - permission = "push" -> null
      - repository = "filecoin-pay-explorer" -> null
      - username   = "barbaraperic" -> null
    }

  # github_repository_collaborator.this["filecoin-pay-explorer:juliangruber"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "push"
      + permission_diff_suppression = false
      + repository                  = "filecoin-pay-explorer"
      + username                    = "juliangruber"
    }

  # github_repository_collaborator.this["filecoin-pay:pyropy"] will be destroyed
  # (because key ["filecoin-pay:pyropy"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-pay:pyropy" -> null
      - permission = "push" -> null
      - repository = "filecoin-pay" -> null
      - username   = "pyropy" -> null
    }

  # github_repository_collaborator.this["filecoin-pay:wjmelements"] will be destroyed
  # (because key ["filecoin-pay:wjmelements"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-pay:wjmelements" -> null
      - permission = "maintain" -> null
      - repository = "filecoin-pay" -> null
      - username   = "wjmelements" -> null
    }

  # github_repository_collaborator.this["filecoin-services:juliangruber"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "push"
      + permission_diff_suppression = false
      + repository                  = "filecoin-services"
      + username                    = "juliangruber"
    }

  # github_repository_collaborator.this["fs-pm:juliangruber"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "push"
      + permission_diff_suppression = false
      + repository                  = "fs-pm"
      + username                    = "juliangruber"
    }

  # github_repository_collaborator.this["hotvault-demo:aarshkshah1992"] will be destroyed
  # (because key ["hotvault-demo:aarshkshah1992"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "hotvault-demo:aarshkshah1992" -> null
      - permission = "admin" -> null
      - repository = "hotvault-demo" -> null
      - username   = "aarshkshah1992" -> null
    }

  # github_repository_collaborator.this["hotvault-demo:filoz-fs"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "admin"
      + permission_diff_suppression = false
      + repository                  = "hotvault-demo"
      + username                    = "filoz-fs"
    }

  # github_repository_collaborator.this["hotvault-demo:virajbhartiya"] will be destroyed
  # (because key ["hotvault-demo:virajbhartiya"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "hotvault-demo:virajbhartiya" -> null
      - permission = "push" -> null
      - repository = "hotvault-demo" -> null
      - username   = "virajbhartiya" -> null
    }

  # github_repository_collaborator.this["hotvault-demo:winter-soren"] will be destroyed
  # (because key ["hotvault-demo:winter-soren"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "hotvault-demo:Winter-Soren" -> null
      - permission = "push" -> null
      - repository = "hotvault-demo" -> null
      - username   = "Winter-Soren" -> null
    }

  # github_repository_collaborator.this["infra:pyropy"] will be destroyed
  # (because key ["infra:pyropy"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "infra:pyropy" -> null
      - permission = "pull" -> null
      - repository = "infra" -> null
      - username   = "pyropy" -> null
    }

  # github_repository_collaborator.this["pdp-explorer:virajbhartiya"] will be destroyed
  # (because key ["pdp-explorer:virajbhartiya"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "pdp-explorer:virajbhartiya" -> null
      - permission = "push" -> null
      - repository = "pdp-explorer" -> null
      - username   = "virajbhartiya" -> null
    }

  # github_repository_collaborator.this["pdp:aarshkshah1992"] will be destroyed
  # (because key ["pdp:aarshkshah1992"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "pdp:aarshkshah1992" -> null
      - permission = "maintain" -> null
      - repository = "pdp" -> null
      - username   = "aarshkshah1992" -> null
    }

  # github_repository_collaborator.this["pdp:stebalien"] will be destroyed
  # (because key ["pdp:stebalien"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "pdp:Stebalien" -> null
      - permission = "maintain" -> null
      - repository = "pdp" -> null
      - username   = "Stebalien" -> null
    }

  # github_repository_collaborator.this["synapse-sdk:aarshkshah1992"] will be destroyed
  # (because key ["synapse-sdk:aarshkshah1992"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "synapse-sdk:aarshkshah1992" -> null
      - permission = "maintain" -> null
      - repository = "synapse-sdk" -> null
      - username   = "aarshkshah1992" -> null
    }

  # github_repository_collaborator.this["synapse-sdk:juliangruber"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "push"
      + permission_diff_suppression = false
      + repository                  = "synapse-sdk"
      + username                    = "juliangruber"
    }

  # github_repository_collaborator.this["synapse-website:barbaraperic"] will be destroyed
  # (because key ["synapse-website:barbaraperic"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "synapse-website:barbaraperic" -> null
      - permission = "push" -> null
      - repository = "synapse-website" -> null
      - username   = "barbaraperic" -> null
    }

  # github_repository_collaborator.this["synapse-website:mirhamasala"] will be destroyed
  # (because key ["synapse-website:mirhamasala"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "synapse-website:mirhamasala" -> null
      - permission = "push" -> null
      - repository = "synapse-website" -> null
      - username   = "mirhamasala" -> null
    }

  # github_repository_collaborator.this["tim-docs:juliangruber"] will be created
  + resource "github_repository_collaborator" "this" {
      + id                          = (known after apply)
      + invitation_id               = (known after apply)
      + permission                  = "push"
      + permission_diff_suppression = false
      + repository                  = "tim-docs"
      + username                    = "juliangruber"
    }

  # github_team.this["filecoin-pin-dev"] will be destroyed
  # (because key ["filecoin-pin-dev"] is not in for_each map)
  - resource "github_team" "this" {
      - create_default_maintainer = false -> null
      - etag                      = "W/\"4017cb5adcae649be40403a4e27790ae4bda78b96a9fb41161dab9f38d62ec86\"" -> null
      - id                        = "13765718" -> null
      - members_count             = 4 -> null
      - name                      = "filecoin-pin-dev" -> null
      - node_id                   = "T_kwDOBwtpYM4A0gxW" -> null
      - privacy                   = "secret" -> null
      - slug                      = "filecoin-pin-dev" -> null
        # (5 unchanged attributes hidden)
    }

  # github_team.this["spacemeridian"] will be destroyed
  # (because key ["spacemeridian"] is not in for_each map)
  - resource "github_team" "this" {
      - create_default_maintainer = false -> null
      - description               = "Working on Filecoin Retrievals" -> null
      - etag                      = "W/\"af9ee763d54ab59c593c17fb89ae4b2fc09ccf37c5a85873b5d0358f885129b5\"" -> null
      - id                        = "13124062" -> null
      - members_count             = 4 -> null
      - name                      = "SpaceMeridian" -> null
      - node_id                   = "T_kwDOBwtpYM4AyEHe" -> null
      - privacy                   = "closed" -> null
      - slug                      = "spacemeridian" -> null
        # (4 unchanged attributes hidden)
    }

  # github_team_membership.this["filecoin-pay-maintainers:aarshkshah1992"] will be destroyed
  # (because key ["filecoin-pay-maintainers:aarshkshah1992"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"ad0342a0981687d20d3a4d31acdb350d1171c1e315a1606403b7888081e58655\"" -> null
      - id       = "13729888:aarshkshah1992" -> null
      - role     = "member" -> null
      - team_id  = "13729888" -> null
      - username = "aarshkshah1992" -> null
    }

  # github_team_membership.this["filecoin-pin-dev:aarshkshah1992"] will be destroyed
  # (because key ["filecoin-pin-dev:aarshkshah1992"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"961992118cb8e53504d18f41ddb6c0e28e4b7a0739f2e4efacfaefbe9935ae44\"" -> null
      - id       = "13765718:aarshkshah1992" -> null
      - role     = "member" -> null
      - team_id  = "13765718" -> null
      - username = "aarshkshah1992" -> null
    }

  # github_team_membership.this["filecoin-pin-dev:hugomrdias"] will be destroyed
  # (because key ["filecoin-pin-dev:hugomrdias"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"87a8abc59389b78f960ad9c47ae77a8bc83f9d1c3fbc658a199d8e19d3023df2\"" -> null
      - id       = "13765718:hugomrdias" -> null
      - role     = "member" -> null
      - team_id  = "13765718" -> null
      - username = "hugomrdias" -> null
    }

  # github_team_membership.this["filecoin-pin-dev:jennijuju"] will be destroyed
  # (because key ["filecoin-pin-dev:jennijuju"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"3e5726ac9879ef06b29899329dfb54b371a5cbb886eb6d52fed5a36011dd9803\"" -> null
      - id       = "13765718:jennijuju" -> null
      - role     = "maintainer" -> null
      - team_id  = "13765718" -> null
      - username = "jennijuju" -> null
    }

  # github_team_membership.this["filecoin-pin-dev:rvagg"] will be destroyed
  # (because key ["filecoin-pin-dev:rvagg"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"c61d880d861451641f2bcc5a2cdc16c2cbfe6d390397b6d4cd2d2c84066cc4aa\"" -> null
      - id       = "13765718:rvagg" -> null
      - role     = "maintainer" -> null
      - team_id  = "13765718" -> null
      - username = "rvagg" -> null
    }

  # github_team_membership.this["fs-pm:geomatrick"] will be destroyed
  # (because key ["fs-pm:geomatrick"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"47b6801abf5057a2c435fb9969eba9f1a8a2a1bcb200c11d39f718ec44c90dbe\"" -> null
      - id       = "13891370:geomatrick" -> null
      - role     = "member" -> null
      - team_id  = "13891370" -> null
      - username = "geomatrick" -> null
    }

  # github_team_membership.this["spacemeridian:bajtos"] will be destroyed
  # (because key ["spacemeridian:bajtos"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"e8e40fd886bd558923314e6053d115bd708f9a1326f89094ff4ece7b87354ff5\"" -> null
      - id       = "13124062:bajtos" -> null
      - role     = "maintainer" -> null
      - team_id  = "13124062" -> null
      - username = "bajtos" -> null
    }

  # github_team_membership.this["spacemeridian:geomatrick"] will be destroyed
  # (because key ["spacemeridian:geomatrick"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"97dfb371964a782f7e699197e96de8dd2489ff7e5359930b513e86f05f302c78\"" -> null
      - id       = "13124062:geomatrick" -> null
      - role     = "maintainer" -> null
      - team_id  = "13124062" -> null
      - username = "geomatrick" -> null
    }

  # github_team_membership.this["spacemeridian:juliangruber"] will be destroyed
  # (because key ["spacemeridian:juliangruber"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"a26b03c307c2aadcb3759c6a87abdb9a1bd6b6907ba302d4572cbd4bbddd4d6a\"" -> null
      - id       = "13124062:juliangruber" -> null
      - role     = "member" -> null
      - team_id  = "13124062" -> null
      - username = "juliangruber" -> null
    }

  # github_team_membership.this["spacemeridian:pyropy"] will be destroyed
  # (because key ["spacemeridian:pyropy"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"64816d168d678f0bbce3d5979ab48708a69598c274f074236d4e80da06b0a8ee\"" -> null
      - id       = "13124062:pyropy" -> null
      - role     = "member" -> null
      - team_id  = "13124062" -> null
      - username = "pyropy" -> null
    }

  # github_team_repository.this["spacemeridian:filecoin-pay-auction-bot"] will be destroyed
  # (because key ["spacemeridian:filecoin-pay-auction-bot"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"f5f2c2d36a0108bb9e9050f7eb343f3f2536b7b4e775d4811df7da9245da08c0\"" -> null
      - id         = "13124062:filecoin-pay-auction-bot" -> null
      - permission = "maintain" -> null
      - repository = "filecoin-pay-auction-bot" -> null
      - team_id    = "13124062" -> null
    }

  # github_team_repository.this["spacemeridian:filecoin-pay-explorer"] will be destroyed
  # (because key ["spacemeridian:filecoin-pay-explorer"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"6bd62630b47b41ba3837be8506deb4ff71a1ba54265749f267fb90267be5b4d7\"" -> null
      - id         = "13124062:filecoin-pay-explorer" -> null
      - permission = "push" -> null
      - repository = "filecoin-pay-explorer" -> null
      - team_id    = "13124062" -> null
    }

  # github_team_repository.this["spacemeridian:filecoin-services"] will be destroyed
  # (because key ["spacemeridian:filecoin-services"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"084e90f56ab9a5fee51eff85cdfa85c07fc663708983d96001d8ce23aa8d75f6\"" -> null
      - id         = "13124062:filecoin-services" -> null
      - permission = "push" -> null
      - repository = "filecoin-services" -> null
      - team_id    = "13124062" -> null
    }

  # github_team_repository.this["spacemeridian:fs-pm"] will be destroyed
  # (because key ["spacemeridian:fs-pm"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"6bea2609f7b668cea14e0741d3b72df62ee04b862c7ec908dcf11c088233a821\"" -> null
      - id         = "13124062:fs-pm" -> null
      - permission = "push" -> null
      - repository = "fs-pm" -> null
      - team_id    = "13124062" -> null
    }

  # github_team_repository.this["spacemeridian:synapse-sdk"] will be destroyed
  # (because key ["spacemeridian:synapse-sdk"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"de402cde3cffbfcfa32d6e17dd420616ef26586d8a85c495b0339c54c629f8ad\"" -> null
      - id         = "13124062:synapse-sdk" -> null
      - permission = "push" -> null
      - repository = "synapse-sdk" -> null
      - team_id    = "13124062" -> null
    }

  # github_team_repository.this["spacemeridian:tim-docs"] will be destroyed
  # (because key ["spacemeridian:tim-docs"] is not in for_each map)
  - resource "github_team_repository" "this" {
      - etag       = "W/\"becb9a92dc4c62c1c44fd3a241ce8e36d19919aaeefa3721143d766dfb92fbd0\"" -> null
      - id         = "13124062:tim-docs" -> null
      - permission = "push" -> null
      - repository = "tim-docs" -> null
      - team_id    = "13124062" -> null
    }

Plan: 8 to add, 6 to change, 37 to destroy.

[rjan90]

Added these recent changes:

• Restored Julian’s access that would have been lost by removing SpaceMeridian, using direct repo collaborator grants instead of keeping the whole team.
• Restored filecoin-pay-maintainers, trimmed out removed org member aarshkshah1992, and added a note that it is retained for FilOzone/filecoin-pay CODEOWNERS.
• Removed the six target users from the GitHub org manually. Converted to outside collaborators
• Started the Terraform state cleanup path for those org memberships; the first Clean run failed due to the workflow’s workspaces input bug, so the next run should leave workspaces blank.