From 4c3c5996bc021acf40a13de4b3ab8345b0e21c3e Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 18 Sep 2024 01:16:47 -0700 Subject: [PATCH] Add CLA bot and more linters (#331) --- .github/workflows/f5-cla.yml | 51 ++++++++++++++++++++++++++++++++++++ .markdownlint-cli2.yaml | 18 +++++++++++++ .pre-commit-config.yaml | 24 +++++++++++++++++ .yamllint.yaml | 17 ++++++++++++ README.md | 1 - SECURITY.md | 14 +++++++--- 6 files changed, 121 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/f5-cla.yml create mode 100644 .markdownlint-cli2.yaml create mode 100644 .yamllint.yaml diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml new file mode 100644 index 0000000..de0dbc8 --- /dev/null +++ b/.github/workflows/f5-cla.yml @@ -0,0 +1,51 @@ +name: F5 CLA + +on: + issue_comment: + types: + - created + pull_request_target: + types: + - opened + - synchronize + - reopened + +concurrency: + group: ${{ github.ref_name }}-cla + +permissions: + contents: read + +jobs: + f5-cla: + name: F5 CLA + runs-on: ubuntu-22.04 + permissions: + actions: write + contents: read + pull-requests: write + statuses: write + steps: + - name: Run F5 Contributor License Agreement (CLA) assistant + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@f41946747f85d28e9a738f4f38dbcc74b69c7e0e # v2.5.1 + with: + # Any pull request targeting the following branch will trigger a CLA check. + branch: "main" + # Path to the CLA document. + path-to-document: "https://github.com/f5/.github/blob/main/CLA/cla-markdown.md" + # Custom CLA messages. + custom-notsigned-prcomment: "🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:" + custom-pr-sign-comment: "I have hereby read the F5 CLA and agree to its terms" + custom-allsigned-prcomment: "✅ All required contributors have signed the F5 CLA for this PR. Thank you!" + # Remote repository storing CLA signatures. + remote-organization-name: "f5" + remote-repository-name: "f5-cla-data" + path-to-signatures: "signatures/beta/signatures.json" + # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. + allowlist: bot* + # Do not lock PRs after a merge. + lock-pullrequest-aftermerge: false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.F5_CLA_TOKEN }} diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml new file mode 100644 index 0000000..1932609 --- /dev/null +++ b/.markdownlint-cli2.yaml @@ -0,0 +1,18 @@ +# Rule configuration. +# For rule descriptions and how to fix: https://github.com/DavidAnson/markdownlint/tree/main#rules--aliases +config: + ul-style: + style: dash + no-duplicate-heading: + siblings_only: true + line-length: + line_length: 120 + code_blocks: false + tables: false + +# Define glob expressions to ignore +ignores: + - ".github/" + +# Fix any fixable errors +fix: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2c9a683..0bdbed7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,3 +18,27 @@ repos: args: [--autofix, --no-sort-keys, --no-ensure-ascii] - id: mixed-line-ending args: [--fix=lf] + + - repo: https://github.com/gitleaks/gitleaks + rev: v8.18.4 + hooks: + - id: gitleaks + + - repo: https://github.com/DavidAnson/markdownlint-cli2 + rev: v0.14.0 + hooks: + - id: markdownlint-cli2 + + - repo: https://github.com/adrienverge/yamllint.git + rev: v1.35.1 + hooks: + - id: yamllint + + - repo: https://github.com/thlorenz/doctoc + rev: v2.2.0 + hooks: + - id: doctoc + args: [--update-only, --title, "## Table of Contents"] + +ci: + autoupdate_schedule: quarterly # We use renovate for more frequent updates and there's no way to disable autoupdate diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..01850a2 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,17 @@ +--- +ignore-from-file: .gitignore + +extends: default + +rules: + comments: + min-spaces-from-content: 1 + comments-indentation: enable + document-start: disable + empty-values: enable + line-length: + max: 120 + ignore: | + .github/ + truthy: + check-keys: false diff --git a/README.md b/README.md index c72ac4c..df5f6ea 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # Publish Docker images to AWS Marketplace - This is a simple GitHub Action to publish new versions of Docker images to AWS Marketplace. At the moment, it only supports adding a new version of an existing product. Contributions are welcome! diff --git a/SECURITY.md b/SECURITY.md index f5a6659..2557a82 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,9 +1,17 @@ # Security Policy +## Latest Versions + +We advise users to run or update to the most recent release of this project. +Older versions of this project may not have all enhancements and/or bug fixes applied to them. + ## Reporting a Vulnerability -The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. +The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security +vulnerabilities. -Please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at F5SIRT@f5.com +- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). +- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 + product to the F5 Security Incident Response Team at -For more information visit https://www.f5.com/services/support/report-a-vulnerability +For more information visit