diff --git a/.github/AUTHORS.txt b/.github/AUTHORS.txt new file mode 100644 index 0000000..e6e487e --- /dev/null +++ b/.github/AUTHORS.txt @@ -0,0 +1,13 @@ +# This is the official list of floss-toolbox authors for copyright purposes. +# This file is distinct from the CONTRIBUTORS files. +# See the latter for an explanation. + +# Names should be added to this file as one of +# Organization's name +# Individual's name +# Individual's name +# See CONTRIBUTORS for the meaning of multiple email addresses. + +# Please keep the list sorted. + +Orange \ No newline at end of file diff --git a/CODEOWNERS b/.github/CODEOWNERS similarity index 80% rename from CODEOWNERS rename to .github/CODEOWNERS index a298916..1a0f421 100644 --- a/CODEOWNERS +++ b/.github/CODEOWNERS @@ -6,13 +6,14 @@ AUTHORS.txt @pylapp CHANGELOG.md @pylapp CITATION.cff @pylapp -CODE_OF_CONDUCT.md @pylapp -CODE_OF_CONFLICT.md @pylapp -CONTRIBUTORS.txt @pylapp +DCO.txt @pylapp +gitleaks.toml @pylapp LICENSE.txt @pylapp README.md @pylapp -DCO.txt @pylapp -SECURITY.md @pylapp +renovate.json @pylapp +THIRD-PARTY.md @pylapp + +.github/ @pylapp # Toolbox diff --git a/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md similarity index 100% rename from CODE_OF_CONDUCT.md rename to .github/CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONFLICT.md b/.github/CODE_OF_CONFLICT.md similarity index 100% rename from CODE_OF_CONFLICT.md rename to .github/CODE_OF_CONFLICT.md diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..1cb5a0b --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,79 @@ +# Contributing to floss-toolbox + +**Thank you for your interest in floss-toolbox. Your contributions are highly welcome.** + +We would like to improve documentation, curent scripts and tools and maangement of GitHub / GitLab API in CLI. +We would like also to extract interesting KPI and emtrics from Git histories. +Keep in mind we are in the worst case possible with only Git histories and free GitHub / GitLab organizations, so some features can have been implemented in premium plans but we don't have them today. + +---- + +## Ground Rules + +- Be nice. You can apply here the [Crocker's rules](https://old-wiki.lesswrong.com/wiki/Crocker%27s_rules) for better efficiency if you want. Some peoplee here do. +- We have a [CODE_OF_CONDUCT](CODE_OF_CONDUCT) you **must** apply. +- For any improvemens or issues, bring tests data +- When in doubt, open an issue. For almost any type of contribution, the first step is opening an issue. Even if you think you already know what the solution is, writing down a description of the problem you're trying to solve will help everyone get context when they review your pull request. If it's truly a trivial change (e.g. spelling error), you can skip this step -- but as the subject says, when it doubt. +- Only submit your own work (or work you have sufficient rights to submit). Please make sure that any code or documentation you submit is your work or you have the rights to submit. We respect the intellectual property rights of others, and as part of contributing, we'll ask you to sign your contribution with a "Developer Certificate of Origin" (DCO) that states you have the rights to submit this work and you understand we'll use your contribution. There's more information about this topic in the [DCO section](#developer-certificate-of-origin). Keep also meta field oin your Git commits body with **Co-authored-by:**. + +## Bug Reports + +Ugh! Bugs! + +A bug is when software behaves in a way that you didn't expect and the developer didn't intend. To help us understand what's going on, we first want to make sure you're working from the latest version. + +Once you've confirmed that the bug still exists in the latest version, you'll want to check to make sure it's not something we already know about on the [open issues GitHub page](https://github.com/Orange-OpenSource/floss-toolbox/issues). + +## Feature Requests & Proposals + +If you've thought of a way that floss-tooblox could be better, we want to hear about it. We track `feature requests` ([examples](https://github.com/search?q=org%3Aopensearch-project+%22Is+your+feature+request+related+to+a+problem%3F%22&type=Issues)) using GitHub, so please feel free to open an issue which describes the feature you would like to see, why you need it, and how it should work. If you would like contribute code toward building it, you might consider a `feature-request` ([examples](https://github.com/Orange-OpenSource/floss-toolbox/issues?q=is%3Aissue+is%3Aopen+label%3A%22feature-request%22)) instead. A feature request is the first step to helping the community better understand what you are planning to contribute, why it should be built, and collaborate on ensuring you have all the data points you need for implementation. + +## Documentation Changes + +There are few documentations, mainly absed on README.md files. There must be kept updated with each fixes or evolutions.two types of documentation in OpenSearch: developer documentation, which describes how OpenSearch is designed internally, and user documentation, which describes how to use OpenSearch. +Feel free to improve the suitable files. + +## Contributing Code + +As with other types of contributions, the first step is to [open an issue on GitHub](https://github.com/Orange-OpenSource/floss-toolbox/issues/new). Opening an issue before you make changes makes sure that someone else isn't already working on that particular problem. It also lets us all work together to find the right approach before you spend a bunch of time on a PR. So again, when in doubt, open an issue. + +## Developer Certificate of Origin + +floss-tooblox is an open source product released under the Apache 2.0 license (see either [the Apache site](https://www.apache.org/licenses/LICENSE-2.0) for example. The Apache 2.0 license allows you to freely use, modify, distribute, and sell your own products that include Apache 2.0 licensed software. See also the file *LICENSE.txt*. + +We respect intellectual property rights of others and we want to make sure all incoming contributions are correctly attributed and licensed. A Developer Certificate of Origin (DCO) is a lightweight mechanism to do that. + +The DCO is a declaration attached to every contribution made by every developer. In the commit message of the contribution, the developer simply adds a `Signed-off-by` statement and thereby agrees to the DCO, which you can find below or at [DeveloperCertificate.org](http://developercertificate.org/). See also the file *DCO.txt*. + +We require that every contribution to floss-toolbox is signed with a Developer Certificate of Origin. Additionally, please use your real name. We do not accept anonymous contributors nor those utilizing pseudonyms. + +Each commit must include a DCO which looks like this + +``` +Signed-off-by: Jane Smith +``` +You may type this line on your own when writing your commit messages. However, if your user.name and user.email are set in your git configs, you can use `-s` or `--signoff` to add the `Signed-off-by` line to the end of the commit message. + +If you worked with other people on the provided contributions, add also the *Co-authored-by* in your commit body if relevant. + +## Changelog, versioning and commits + +floss-toolbox follows [Keep A Changelog](https://keepachangelog.com/en/1.0.0/) format and *semantic verisoning*. +We try also to apply [commit message conventions](https://www.conventionalcommits.org/en/v1.0.0/#summary) + +## How to contribute + +- Open an issue descrbing your needs and the evolutions or fixes you will bring +- Submit a pull request +- Ensure your commits are clean (atomic, DCO applied, co-authoring if needed) +- Keep the CHANGELOG updated +- Attach to the PR the tests data +- Do not forget to update the README associate to the folderwhere your evolutions are + +Project maintainers will then update the wiki and the CONTRIBUTORS file once your pull request will be merged. + +About the source files, ensure you commented and documented the use of the scripts and tools like the others existing files. +Use also the SPDX format headers. + +**Thanks for your contributions!** +**Have fun, and happy coding!** diff --git a/CONTRIBUTORS.txt b/.github/CONTRIBUTORS.txt similarity index 100% rename from CONTRIBUTORS.txt rename to .github/CONTRIBUTORS.txt diff --git a/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md b/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md new file mode 100644 index 0000000..1d2ea2d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md @@ -0,0 +1,24 @@ +--- +name: 🐛 Bug report +about: Create a report to help us improve +title: '[BUG]' +labels: 'bug, untriaged' +assignees: '' +--- +### What is the bug? +_A clear and concise description of the bug._ + +### How can one reproduce the bug? +_Steps to reproduce the behavior._ + +### What is the expected behavior? +_A clear and concise description of what you expected to happen._ + +### What is your host/environment? +_Operating system, version._ + +### Do you have any screenshots? +_If applicable, add screenshots to help explain your problem._ + +### Do you have any additional context? +_Add any other context about the problem._ diff --git a/.github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..55b3ddf --- /dev/null +++ b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md @@ -0,0 +1,18 @@ +--- +name: 🎆 Feature request +about: Request a feature in this project +title: '[FEATURE]' +labels: 'enhancement, untriaged' +assignees: '' +--- +### Is your feature request related to a problem? +_A clear and concise description of what the problem is, e.g. I'm always frustrated when [...]._ + +### What solution would you like? +_A clear and concise description of what you want to happen._ + +### What alternatives have you considered? +_A clear and concise description of any alternative solutions or features you've considered._ + +### Do you have any additional context? +_Add any other context or screenshots about the feature request here._ diff --git a/.github/MAINTAINERS.md b/.github/MAINTAINERS.md new file mode 100644 index 0000000..fb7ca51 --- /dev/null +++ b/.github/MAINTAINERS.md @@ -0,0 +1,19 @@ +- [Overview](#overview) +- [Current Maintainers](#current-maintainers) +- [Emeritus](#emeritus) + +## Overview + +This document contains a list of maintainers in this repo. See [floss-toolbox/.github/RESPONSIBILITIES.md](https://github.com/floss-toolbox/.github/blob/master/RESPONSIBILITIES.md#maintainer-responsibilities) that explains what the role of maintainer means, what maintainers do in this and other repos, and how they should be doing it. If you're interested in contributing, and becoming a maintainer, see [CONTRIBUTING](CONTRIBUTING.md). + +## Current Maintainers + +| Maintainer | GitHub ID | Affiliation | +| ------------------------ | --------------------------------------------------------- | -------------- | +| Pierre-Yves Lapersonne | [pylapp](https://github.com/pylapp) | Orange SA | + + +## Emeritus + +| Maintainer | GitHub ID | Affiliation | +| ------------------------ | --------------------------------------------------------- | -------------- | diff --git a/.github/RESPONSIBILITIES.md b/.github/RESPONSIBILITIES.md new file mode 100644 index 0000000..a0e1ce7 --- /dev/null +++ b/.github/RESPONSIBILITIES.md @@ -0,0 +1,94 @@ +- [Overview](#overview) +- [Current Maintainers](#current-maintainers) +- [Maintainer Responsibilities](#maintainer-responsibilities) + - [Uphold Code of Conduct](#uphold-code-of-conduct) + - [Prioritize Security](#prioritize-security) + - [Review Pull Requests](#review-pull-requests) + - [Triage Open Issues](#triage-open-issues) + - [Automatically Label Issues](#automatically-label-issues) + - [Be Responsive](#be-responsive) + - [Maintain Overall Health of the Repo](#maintain-overall-health-of-the-repo) + - [Keep Dependencies up to Date](#keep-dependencies-up-to-date) + - [Manage Roadmap](#manage-roadmap) + - [Add Continuous Integration Checks](#add-continuous-integration-checks) + - [Use Semver](#use-semver) + - [Release Frequently](#release-frequently) + - [Promote Other Maintainers](#promote-other-maintainers) + - [Describe the Repo](#describe-the-repo) +- [Becoming a Maintainer](#becoming-a-maintainer) + - [Nomination](#nomination) + - [Interest](#interest) + - [Addition](#addition) +- [Removing a Maintainer](#removing-a-maintainer) + - [Moving On](#moving-on) + - [Inactivity](#inactivity) + - [Negative Impact on the Project](#negative-impact-on-the-project) + +## Overview + +This document explains who maintainers are, what they dothis repository, and how they should be doing it. If you're interested in contributing, see [CONTRIBUTING](CONTRIBUTING.md). + +## Current Maintainers + +See the [MAINTAINERS.md](MAINTAINERS.md) file that lists current maintainers. + +## Maintainer Responsibilities + +Maintainers are active and visible members of the community, and have high-level permissions on the repository. Use those privileges to serve the community and evolve code as follows. + +### Uphold Code of Conduct + +Model the behavior set forward by the [Code of Conduct](CODE_OF_CONDUCT.md) and apply the [Code of Conflict](CODE_OF_CONFLCIT.md). + +### Review Pull Requests + +It's our responsibility to ensure the content and code in pull requests are correct and of high quality before they are merged. Here are some best practices: + +- Leverage the issue triaging process to review pull requests and assign them to maintainers for review (use [CODEOWNERS](CODEOWNERS) if needed). +- In cases of uncertainty on how to proceed, search for related issues and reference the pull request to find additional collaborators. +- When providing feedback on pull requests, make sure your feedback is actionable to guide the pull request towards a conclusion. +- If a pull request is valuable but isn't gaining traction, consider reaching out to fulfill the necessary requirements. This way, the pull request can be merged, even if the work is done by several individuals. +- Lastly, strive for progress, not perfection. + +### Triage Open Issues + +Manage labels, review issues regularly, and triage by labelling them. + +Use labels to target an issue or a PR for a given release, add `Good first issue` to good issues for new community members, and `Help wanted` for issues that scare you or need immediate attention. Request for more information from a submitter if an issue is not clear. Create new labels as needed by the project. + +#### Automatically Label Issues + +There are many tools available in GitHub for controlling labels on issues and pull requests. Use standard issue templates in the [./.github/ISSUE_TEMPLATE](./.github/ISSUE_TEMPLATE) directory to apply appropriate labels such as `bug` and `untriaged`. + +### Be Responsive + +Respond to enhancement requests, and discussions. Allocate time to reviewing and commenting on issues and conversations as they come in. + +### Maintain Overall Health of the Repo + +Keep the `master` branch at production quality at all times. Backport features as needed. Cut release branches and tags to enable future patches. + +#### Keep Dependencies up to Date + +Maintaining up-to-date dependencies on third party projects reduces the risk of security vulnerabilities. The Open Source Security Foundation (OpenSSF) [recommends](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool) either [dependabot](https://docs.github.com/en/code-security/dependabot) or [renovatebot](https://docs.renovatebot.com/). Both of these applications generate Pull Requests for dependency version updates. We use Renovate here.Renovate is integrated as part of the Remediate app in [Mend for Github](https://github.com/apps/mend-for-github-com), which is enabled on this repository. + +### Use Semver + +Use and enforce [semantic versioning](https://semver.org/) and do not let breaking changes be made outside of major releases. + +### Release Frequently + +Make frequent project releases to the community. + +### Promote Other Maintainers + +Assist, add, and remove [MAINTAINERS](MAINTAINERS.md). Exercise good judgement, and propose high quality contributors to become co-maintainers. See [Becoming a Maintainer](#becoming-a-maintainer) for more information. + +### Describe the Repo + +Make sure the repo has a well-written, accurate, and complete description. + +### Becomong or not a Maintainer + +The repository admins, seens as top maintainer, are the onle ones able to choose wether or not somebody can be named as maintainer, in the way they want. + diff --git a/SECURITY.md b/.github/SECURITY.md similarity index 85% rename from SECURITY.md rename to .github/SECURITY.md index df53f0f..e54f98b 100644 --- a/SECURITY.md +++ b/.github/SECURITY.md @@ -2,6 +2,6 @@ ## Reporting a vulnerability -Send an e-mail to opensource.contact@orange.com to report a vulnerability and contact all people in CONTRIBUTORS. +Send an e-mail to opensource.contact@orange.com to report a vulnerability and contact all people in CONTRIBUTORS and MAINTAINERS. If accepted, we'll create a security advisory and add you and/or your team as collaborators. Please allow our team sufficient time to resolve the vulnerability before disclosing it ; we'll remain in contact about the fix and may ask for your assistance to verify it is resolved. diff --git a/CHANGELOG.md b/CHANGELOG.md index e5e6bd2..ac4a659 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.20.0..dev) +### Added + +- Bug and feature request templates, and other files for the hygiene of the project + ## [2.20.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.20.0..2.19.0) - 2024-04-04 ### Added