diff --git a/README.md b/README.md index 5382e89..2824eb6 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ Default files that appear in all CivicTechWR repositories (unless overridden): - **SECURITY.md** - Security policy and vulnerability reporting - **ISSUE_TEMPLATE/** - Issue templates for bugs, features, and questions - **PULL_REQUEST_TEMPLATE.md** - Pull request template +- **CODEOWNERS** - Default repository ownership and review responsibilities ### Organization Profile diff --git a/docs/gitleaks-response.md b/docs/gitleaks-response.md index f654431..6f4a548 100644 --- a/docs/gitleaks-response.md +++ b/docs/gitleaks-response.md @@ -25,11 +25,11 @@ This guide helps CivicTechWR maintainers triage, contain, and remediate potentia ## 5. Verify and Prevent Recurrence - Re-run the Gitleaks workflow (or trigger it manually) to confirm the repository is clean. -- Add new patterns to the `gitleaks.toml` allowlist only after validating they are false positives. +- Update the Gitleaks configuration in `.github/workflows/gitleaks.yml` to add new allowlist patterns, and only after validating they are false positives. ## Reference -- Repository workflow: `.github/workflows/reusable-gitleaks.yml` +- Repository workflow: `.github/workflows/gitleaks.yml` - Team contact: `civictechwr@gmail.com` Always assume a leaked credential is compromised until rotated and confirmed inactive. diff --git a/docs/governance/codeowners-branch-protection.md b/docs/governance/codeowners-branch-protection.md index abff5c7..0f61ec2 100644 --- a/docs/governance/codeowners-branch-protection.md +++ b/docs/governance/codeowners-branch-protection.md @@ -15,7 +15,7 @@ Apply these settings to the organization's default branch rule (settings > Code 3. **Required reviewers:** - At least **1 approval**, prefer **2 approvals** for active codebases. - **Require review from Code Owners** (once the default CODEOWNERS file lands). -4. **Status checks:** enable the projects primary CI build (e.g., `lint`, `test`, `deploy-preview`). Start with the checks that already exist; new projects should add them before their first release. +4. **Status checks:** enable the project's primary CI build (e.g., `lint`, `test`, `deploy-preview`). Start with the checks that already exist; new projects should add them before their first release. 5. **Additional safeguards:** - Require conversation resolution before merging. - Require linear history. @@ -48,7 +48,7 @@ Projects stay under `@CivicTechWR/organizers` until their project team exists ** ## Default CODEOWNERS Strategy -Create `.github/CODEOWNERS` (this repository) so GitHub applies it to every CivicTechWR repo that does not define its own CODEOWNERS file. +Create a repository-root `CODEOWNERS` file (this repository) so GitHub applies it to every CivicTechWR repo that does not define its own CODEOWNERS file. ```text # Default owners for every file in repos without project-specific CODEOWNERS @@ -65,7 +65,7 @@ Create `.github/CODEOWNERS` (this repository) so GitHub applies it to every Civi Key considerations: - Patterns in this default file must be generic. Repo-specific overrides belong in that repo. -- Github evaluates CODEOWNERS top to bottom; place broader matches last. +- GitHub evaluates CODEOWNERS patterns from top to bottom and uses the last matching pattern. In the examples above, the broad `*` entry appears first so that later, more specific patterns can override it. - Encourage projects to commit their own CODEOWNERS file as soon as they have a stable team. Provide them with a template (see below) and remind them to keep `@CivicTechWR/organizers` as a secondary owner for continuity. ### Sample project CODEOWNERS template diff --git a/profile/README.md b/profile/README.md index 6b698f1..d122d53 100644 --- a/profile/README.md +++ b/profile/README.md @@ -1,6 +1,6 @@ # Welcome to CivicTech Waterloo Region -Please standby—CTWR is coming back to life and taking over. +Please stand by—CTWR is coming back to life and taking over. - Visit our website [CivicTechWR.org](https://civictechwr.org/) - Check out what projects are currently happening here: [CTWR Projects In Progress](https://github.com/orgs/CivicTechWR/projects/10/views/6?sliceBy%5Bvalue%5D=In+progress)