diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..7c1ab47 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @github/package-security-reviewers diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..def9c9f --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,81 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our +project and our community a harassment-free experience for everyone, +regardless of age, body size, disability, ethnicity, gender identity +and expression, level of experience, nationality, personal appearance, +race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive +environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual +attention or advances +* Trolling, insulting/derogatory comments, and personal or political + attacks +* Public or private harassment +* Publishing others' private information, such as a physical or + electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in + a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of +acceptable behavior and are expected to take appropriate and fair +corrective action in response to any instances of unacceptable +behavior. + +Project maintainers have the right and responsibility to remove, edit, +or reject comments, commits, code, wiki edits, issues, and other +contributions that are not aligned to this Code of Conduct, or to ban +temporarily or permanently any contributor for other behaviors that +they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public +spaces when an individual is representing the project or its +community. Examples of representing a project or community include +using an official project e-mail address, posting via an official +social media account, or acting as an appointed representative at an +online or offline event. Representation of a project may be further +defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior +may be reported by contacting the project team at +. All complaints will be reviewed and +investigated and will result in a response that is deemed necessary +and appropriate to the circumstances. The project team is obligated to +maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted +separately. + +Project maintainers who do not follow or enforce the Code of Conduct +in good faith may face temporary or permanent repercussions as +determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor +Covenant][homepage], version 1.4, available at +[http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..ca26ee9 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,58 @@ +## Contributing + +[fork]: https://github.com/github/deployment-tracker/fork +[pr]: https://github.com/github/deployment-tracker/compare +[style]: https://github.com/github/deployment-tracker/blob/main/.golangci.yaml + +Hi there! We're thrilled that you'd like to contribute to this +project. Your help is essential for keeping it great. + +Contributions to this project are +[released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) +to the public under the [project's open source license](LICENSE.txt). + +Please note that this project is released with a [Contributor Code of +Conduct](CODE_OF_CONDUCT.md). By participating in this project you +agree to abide by its terms. + +## Prerequisites for running and testing code + +These are one time installations required to be able to test your +changes locally as part of the pull request (PR) submission process. + +1. install Go [through download](https://go.dev/doc/install) | + [through Homebrew](https://formulae.brew.sh/formula/go) +1. [install + golangci-lint](https://golangci-lint.run/welcome/install/#local-installation) + +## Submitting a pull request + +1. [Fork][fork] and clone the repository +1. Configure and install the dependencies: `script/bootstrap` +1. Make sure the tests pass on your machine: `go test -v ./...` +1. Make sure linter passes on your machine: `golangci-lint run` +1. Create a new branch: `git checkout -b my-branch-name` +1. Make your change, add tests, and make sure the tests and linter + still pass +1. Push to your fork and [submit a pull request][pr] +1. Pat yourself on the back and wait for your pull request to be + reviewed and merged. + +Here are a few things you can do that will increase the likelihood of +your pull request being accepted: + +- Follow the [style guide][style]. +- Write tests. +- Keep your change as focused as possible. If there are multiple + changes you would like to make that are not dependent upon each + other, consider submitting them as separate pull requests. +- Write a [good commit + message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html). + +## Resources + +- [How to Contribute to Open + Source](https://opensource.guide/how-to-contribute/) +- [Using Pull + Requests](https://help.github.com/articles/about-pull-requests/) +- [GitHub Help](https://help.github.com) diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000..f7a1e98 --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,22 @@ +MIT License + +Copyright GitHub, Inc. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md index 45fd68c..b4e4df5 100644 --- a/README.md +++ b/README.md @@ -154,3 +154,9 @@ The metrics exposed beyond the default Prometheus metrics are: * `deptracker_post_record_hard_fail`: the number of failures to persist a record via the HTTP API (either an irrecoverable error or all retries are exhausted). + +## License + +This project is licensed under the terms of the MIT open source +license. Please refer to the [LICENSE](./LICENSE.txt) for the full +terms. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..c91c0d3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,47 @@ +Thanks for helping make GitHub safe for everyone. + +# Security + +GitHub takes the security of our software products and services +seriously, including all of the open source code repositories managed +through our GitHub organizations, such as +[GitHub](https://github.com/GitHub). + +Even though [open source repositories are outside of the scope of our +bug bounty program](https://bounty.github.com/index.html#scope) and +therefore not eligible for bounty rewards, we will ensure that your +finding gets passed along to the appropriate maintainers for +remediation. + +## Reporting Security Issues + +If you believe you have found a security vulnerability in any +GitHub-owned repository, please report it to us through coordinated +disclosure. + +**Please do not report security vulnerabilities through public GitHub +issues, discussions, or pull requests.** + +Instead, please send an email to opensource-security[@]github.com. + +Please include as much of the information listed below as you can to +help us better understand and resolve the issue: + +* The type of issue (e.g., buffer overflow, SQL injection, or + cross-site scripting) +* Full paths of source file(s) related to the manifestation of the + issue +* The location of the affected source code (tag/branch/commit or + direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit the + issue + +This information will help us triage your report more quickly. + +## Policy + +See [GitHub's Safe Harbor +Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor#1-safe-harbor-terms) diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000..e839332 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,16 @@ +# Support + +## How to file issues and get help + +This project uses GitHub issues to track bugs and feature +requests. Please search the existing issues before filing new issues +to avoid duplicates. For new issues, file your bug or feature request +as a new issue. + +This Deployment Tracker is under active development and maintained by +GitHub staff. We will do our best to respond to support, feature +requests, and community questions in a timely manner. + +## GitHub Support Policy + +Support for this project is limited to the resources listed above.