-
Notifications
You must be signed in to change notification settings - Fork 14
GIT project guidance on defaults #93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
matthew-l-weber
wants to merge
1
commit into
master
Choose a base branch
from
mlw/project-defaults-for-sec
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| # SPDX-License-Identifier: MIT | ||
|
|
||
| DEFAULT_BRANCH=master | ||
| # Example filter of a folder | ||
| # FILTER_REGEX_EXCLUDE=.*safety-architecture.* | ||
| IGNORE_GENERATED_FILES=true | ||
| IGNORE_GITIGNORED_FILES=true | ||
|
|
||
| VALIDATE_ALL_CODEBASE=false | ||
| VALIDATE_BASH_EXEC=false | ||
| VALIDATE_BIOME_FORMAT=false | ||
| VALIDATE_BIOME_LINT=false | ||
| VALIDATE_CLOJURE=false | ||
| VALIDATE_COFFEESCRIPT=false | ||
| VALIDATE_CSHARP=false | ||
| VALIDATE_DART=false | ||
| VALIDATE_DOTNET_SLN_FORMAT_ANALYZERS=false | ||
| VALIDATE_DOTNET_SLN_FORMAT_STYLE=false | ||
| VALIDATE_DOTNET_SLN_FORMAT_WHITESPACE=false | ||
| VALIDATE_EDITORCONFIG=false | ||
| VALIDATE_GIT_COMMITLINT=false | ||
| VALIDATE_GO=false | ||
| VALIDATE_GOOGLE_JAVA_FORMAT=false | ||
| VALIDATE_GO_MODULES=false | ||
| VALIDATE_GO_RELEASER=false | ||
| VALIDATE_GRAPHQL_PRETTIER=false | ||
| VALIDATE_GROOVY=false | ||
| VALIDATE_JSCPD=false | ||
| VALIDATE_JSX=false | ||
| VALIDATE_JSX_PRETTIER=false | ||
| VALIDATE_JUPYTER_NBQA_BLACK=false | ||
| VALIDATE_JUPYTER_NBQA_FLAKE8=false | ||
| VALIDATE_JUPYTER_NBQA_ISORT=false | ||
| VALIDATE_JUPYTER_NBQA_MYPY=false | ||
| VALIDATE_JUPYTER_NBQA_PYLINT=false | ||
| VALIDATE_JUPYTER_NBQA_RUFF=false | ||
| VALIDATE_KOTLIN=false | ||
| VALIDATE_NATURAL_LANGUAGE=false | ||
| VALIDATE_PYTHON_RUFF=false | ||
| VALIDATE_PYTHON_RUFF_FORMAT=false | ||
| VALIDATE_R=false | ||
| VALIDATE_SCALAFMT=false | ||
| VALIDATE_SNAKEMAKE_LINT=false | ||
| VALIDATE_SNAKEMAKE_SNAKEFMT=false | ||
| VALIDATE_SQLFLUFF=false | ||
| VALIDATE_STATES=false | ||
| VALIDATE_TERRAGRUNT=false | ||
| VALIDATE_TRIVY=false | ||
| VALIDATE_TSX=false | ||
| VALIDATE_TYPESCRIPT_ES=false | ||
| VALIDATE_TYPESCRIPT_PRETTIER=false | ||
| VALIDATE_VUE=false | ||
| VALIDATE_VUE_PRETTIER=false | ||
|
|
||
| FIX_ANSIBLE=true | ||
| FIX_BIOME_FORMAT=false | ||
| FIX_BIOME_LINT=false | ||
| FIX_CLANG_FORMAT=true | ||
| FIX_HTML_PRETTIER=true | ||
| FIX_JAVASCRIPT_PRETTIER=true | ||
| FIX_JSON=true | ||
| FIX_JSONC=true | ||
| FIX_JSONC_PRETTIER=true | ||
| FIX_JSON_PRETTIER=true | ||
| FIX_MARKDOWN=true | ||
| FIX_MARKDOWN_PRETTIER=true | ||
| FIX_PYTHON_BLACK=true | ||
| FIX_SHELL_SHFMT=true | ||
| FIX_SPELL_CODESPELL=true | ||
| FIX_TERRAFORM_FMT=true | ||
| FIX_YAML_PRETTIER=true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| <!-- | ||
| SPDX-License-Identifier: CC-BY-SA-4.0 | ||
| --> | ||
|
|
||
| # New Repository Notes | ||
|
|
||
| A new GitHub project comes with a Readme that should be filled out to help navigate the site and understand it's purpose. | ||
|
|
||
| ## Security configuration | ||
|
|
||
| The GitHub project repository is not secure by default and a lot of online examples may not consider security posture. | ||
| The following are a few tips to improve the general security posture when starting a new repository. | ||
|
|
||
| (Add notes from email) | ||
|
|
||
| ## Linting | ||
|
|
||
| The super linter project is one option to help with consistency and security of repository content. | ||
| The GitHub action linter specifically can help with setting **least privilege** and prevent unintended workflow privilege inheritance by a forked repository. | ||
| This is an example lint configuration that [runs as a workflow](https://github.com/elisa-tech/wg-aerospace/blob/main/.github/workflows/lint.yml). | ||
|
|
||
| The following can be setup locally to lint material before pushing to the repository (this assumes you have setup [a configuration env file](https://github.com/elisa-tech/wg-aerospace/blob/main/.github/super-linter.env)): | ||
|
|
||
| ```bash | ||
| # Run once after checkout to setup the hook | ||
| cat > .git/hooks/pre-push <<'EOM' | ||
| #!/bin/sh | ||
|
|
||
| # Run the super-linter Docker container as a pre-push hook | ||
|
|
||
| echo "Running Super-Linter via Docker pre-push hook..." | ||
| docker run -e RUN_LOCAL=true -e LOG_LEVEL=ERROR --env-file "./.github/super-linter.env" -v "$(pwd)":/tmp/lint --rm ghcr.io/super-linter/super-linter:latest | ||
|
|
||
| # Check the exit status of the docker command. | ||
| # If it is non-zero, the linter failed and the push should be aborted. | ||
| if [ $? -ne 0 ]; then | ||
| echo "Super-Linter failed. Push aborted." | ||
| exit 1 | ||
| else | ||
| echo "Super-Linter passed. Proceeding with push." | ||
| exit 0 | ||
| fi | ||
| EOM | ||
| chmod +x .git/hooks/pre-push | ||
| ``` | ||
|
|
||
| ## Licensing checks | ||
|
|
||
| The reuse tool can be used as part of automation or manually to help ensure the licensing is tagged on content. | ||
|
|
||
| - Add a license description file using the [`docker run --rm --volume $(pwd):/data fsfe/reuse download --all`](https://github.com/fsfe/reuse-tool?tab=readme-ov-file#usage) or manually under `./LICENSES/` | ||
| - Add any specific exception clarification language to [LICENSE](./LICENSE) or the specific file(s) under the license header. | ||
| - Locally cleanup licensing on your contribution - `docker run --rm --volume $(pwd):/data fsfe/reuse` to get a report. | ||
| - Then if you are "not compliant", either manually add the SPDX headers or use the `reuse annotate` feature to help you. `reuse` does have a `--recursive` option that can be used for folders, however it marks everything. | ||
| - Example: Updating individual markdown files - `docker run --rm --volume $(pwd):/data fsfe/reuse annotate --license CC-BY-SA-4.0 <filename>` | ||
| - Example: Add details for binary files and items like `json` - `docker run --rm --volume $(pwd):/data fsfe/reuse annotate --license CC-BY-SA-4.0 --fallback-dot-license <filename>` . This creates a file with a `.license` suffix that has the SPDX tag | ||
|
|
||
| The tool has [various features](https://github.com/fsfe/reuse-tool?tab=readme-ov-file#usage) including automatically adding a license descriptions under `LICENSE/` if you had a new license type. | ||
|
|
||
| ## Copyright | ||
|
|
||
| Some note should be included as part of the Readme or Contributing material about the Copyright practice. As an example: | ||
|
|
||
| ```text | ||
| This project follows the [Developer Certificate of Origin](https://developercertificate.org/) approach for any contributions. | ||
| [How to add a contribution sign off.](https://tac.lfenergy.org/process/contribution_guidelines.html#contribution-sign-off) | ||
|
|
||
| All content is copyright as follows, unless noted in the individual file. | ||
| See [Linux Foundation copyright guidance](https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects) for guidance on this top level copyright claim that simplifies the developer workflow (i.e., it uses DCO to associate the claim.) | ||
|
|
||
| Copyright (c) The ELISA Aerospace Working Group Authors | ||
|
|
||
| Copyright (c) The ELISA Aerospace Working Group Contributors | ||
|
|
||
| Copyright (c) Contributors to the ELISA Aerospace Working Group | ||
|
|
||
| Note: Please refer to the [ELISA Technical Charter section 7](https://elisa.tech/wp-content/uploads/sites/19/2020/08/elisa_technical_charter_082620.pdf) for discussion on Intellectual Property roles related to Author vs Contributor. | ||
| ``` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need my email to finish this.