Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Bug report
description: Report a reproducible bug or issue in the project.
title: "[Bug] "
labels: [bug]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to report a bug! Please provide as much detail as possible.

- type: input
id: environment
attributes:
label: Environment
description: What environment are you running in (e.g., local, Docker, CI/CD)?
placeholder: "e.g. Docker, GitHub Actions, MacOS local"

- type: textarea
id: steps
attributes:
label: Steps to Reproduce
description: How can we reproduce the bug?
placeholder: |
1. Go to '...'
2. Run command '...'
3. Observe error '...'
validations:
required: true

- type: textarea
id: expected
attributes:
label: Expected Behavior
description: What did you expect to happen?
placeholder: The API should return a 200 OK...

- type: textarea
id: actual
attributes:
label: Actual Behavior
description: What actually happened?
placeholder: It returned a 500 error with message...

- type: textarea
id: logs
attributes:
label: Relevant logs or screenshots
description: Include error messages, stack traces, or screenshots if applicable.
render: shell

- type: input
id: version
attributes:
label: Version
description: What version of the project are you using?
placeholder: v1.0.0, commit hash, or branch name
34 changes: 34 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Feature request
description: Suggest a new feature or improvement.
title: "[Feature] "
labels: [enhancement]
body:
- type: markdown
attributes:
value: |
Thanks for suggesting a feature! Let us know what you'd like to see added or changed.

- type: textarea
id: description
attributes:
label: Feature Description
description: Describe the feature you'd like to see.
placeholder: I want to be able to...

- type: textarea
id: motivation
attributes:
label: Motivation / Use Case
description: Why is this feature important? What problem does it solve?

- type: textarea
id: alternatives
attributes:
label: Alternatives considered
description: Have you considered other ways to achieve this?

- type: textarea
id: additional
attributes:
label: Additional context
description: Add any other context, links, or screenshots here.
15 changes: 15 additions & 0 deletions .github/ISSUE_TEMPLATE/question.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Question / Discussion
description: Ask a question or start a general discussion.
title: "[Discussion] "
labels: [question]
body:
- type: markdown
attributes:
value: |
Have a question or want to discuss something? Ask here!

- type: textarea
id: question
attributes:
label: What’s your question or discussion topic?
placeholder: I’m trying to understand how the CI/CD workflow works...
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,13 @@ jobs:
- name: Run tests
run: npm run test

- name: Run OWASP ZAP Baseline Scan
run: |
docker run -t owasp/zap2docker-stable zap-baseline.py \
-t http://localhost:3000 \
-r zap-report.html
# - name: Run OWASP ZAP Baseline Scan
# run: |
# docker run -t ghcr.io/zaproxy/zap-stable zap-baseline.py \
# -t http://host.docker.internal:3000 \
# -r zap-report.html
- name: Upload ZAP report
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: zap-security-report
path: zap-report.html
Expand Down
58 changes: 58 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Contributor Covenant Code of Conduct

## Our Pledge

We as members, contributors, and maintainers of this project pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.

We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.

---

## Our Standards

Examples of behavior that contributes to a positive environment include:

- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Showing empathy toward other community members
- Focusing on what is best for the community

Examples of unacceptable behavior include:

- Trolling, insulting or derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others’ private information without explicit permission
- Other conduct which could reasonably be considered inappropriate

---

## Enforcement Responsibilities

Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.

They have the right and responsibility to remove, edit, or reject comments, commits, code, issues, and other contributions that do not align with this Code of Conduct.

---

## Scope

This Code of Conduct applies within all project spaces—both online and offline—as well as in public spaces when an individual is representing the project or its community.

---

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project maintainer at **matbradiouf@gmail.com** or by opening a confidential issue on GitHub.

All complaints will be reviewed and investigated promptly and fairly.

---

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.

For answers to common questions, see the [FAQ](https://www.contributor-covenant.org/faq).

---
126 changes: 126 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
# Contributing to nest-devops-starter

Thank you for considering contributing to **nest-devops-starter**! 🎉
This guide will help you understand how to contribute, report issues, and submit improvements.

---

## Table of Contents

- [Getting Started](#getting-started)
- [How to Contribute](#how-to-contribute)
- [Code Style](#code-style)
- [Branching Strategy](#branching-strategy)
- [Commit Messages](#commit-messages)
- [Pull Requests](#pull-requests)
- [Reporting Issues](#reporting-issues)
- [Contact](#contact)

---

## Getting Started

1. **Fork** the repository.
2. **Clone** your fork:
```bash
git clone https://github.com/bradlab/nest-devops-starter.git
cd nest-devops-starter

3. Install dependencies:

```bash
npm install
```
4. Start development server:

```bash
npm run start:dev
```

---

## How to Contribute

We welcome:

* 🔧 Bug fixes
* 🧩 Feature requests and enhancements
* 🧪 Improvements to testing or DevOps workflows
* 📝 Documentation updates

---

## Code Style

We follow the default NestJS + ESLint + Prettier configuration.

To format your code:

```bash
npm run lint
npm run format
```

Before committing, make sure your code passes all linting and tests:

```bash
npx tsc
npm run test
npm run lint
```

---

## Branching Strategy

* `main`: Stable production-ready code
* `develop`: Active development branch
* Feature branches: `feature/your-description`
* Bugfix branches: `fix/your-description`

---

## Commit Messages

We follow [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/):

Examples:

* `feat(auth): add JWT token support`
* `fix(api): handle 500 error on /users`
* `docs: update README with new setup steps`

---

## Pull Requests

1. Create your branch from `develop`.
2. Make sure your code is linted, tested, and formatted.
3. Open a PR to `develop` with a clear title and description.
4. Link related issues in the PR description if applicable.

Your PR will be reviewed and merged after approval.

---

## Reporting Issues

To report a bug or request a feature, [open a GitHub Issue](https://github.com/bradlab/nest-devops-starter/issues/new/choose).

Please include:

* A clear title and description
* Steps to reproduce (for bugs)
* Expected behavior
* Screenshots or logs if possible

---

## Contact

Maintainer: [@bradlab](https://github.com/bradlab)
You can also reach out by creating a new discussion or opening an issue.

---

Thanks for helping us improve **nest-devops-starter**! 🚀
53 changes: 53 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Security Policy

## Supported Versions

We currently support the latest version of the project. Please make sure you're using the most recent release before reporting a vulnerability.

| Version | Supported |
|----------------|-----------|
| Latest (main) | ✅ |
| Older versions | ❌ |

---

## Reporting a Vulnerability

If you discover a security vulnerability in this project, **please do not open a public issue**.

Instead, report it privately by contacting us via email:

📧 **matbradiouf@gmail.com**

Please include the following details in your report:

- A detailed description of the vulnerability
- Steps to reproduce it, if applicable
- Potential impact or severity
- Suggested remediation or fix (if any)

We will respond as quickly as possible (usually within 72 hours), and work with you to validate and address the issue.

---

## Responsible Disclosure

We ask that you:

- Do **not** publicly disclose the issue until we’ve had a reasonable time to investigate and respond.
- Act in good faith and avoid exploiting the issue (e.g. by accessing unauthorized data).
- Respect users' privacy and data at all times.

---

## Security Tools Used

This project uses automated tools to detect security issues, including:

- GitHub Dependabot alerts
- npm audit
- Docker image scanning (via CI/CD)

---

Thank you for helping us keep **this project** secure! 🛡️
Loading
Loading