Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@LesiaChaban
LesiaChaban authored Sep 12, 2024
0 parents commit 0cf05dc
Show file tree
Hide file tree
Showing 14 changed files with 573 additions and 0 deletions.
79 changes: 79 additions & 0 deletions .github/workflows/banned_file_changes_pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
name: Banned file changes (PR)
on:
# pull_request:
# branches: [ "**/*" ]
pull_request_target:

jobs:
check_for_banned_file_changes:
name: Look for unsupported (banned) file modifications on PRs
runs-on: ubuntu-latest
steps:
- name: 'Get number of git commits'
uses: oracle-devrel/[email protected]
id: num_commits
with:
pull_url: ${{ github.event.pull_request.url }}
- name: 'Checkout repo'
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
fetch-depth: ${{ steps.num_commits.outputs.fetch_depth }}
- name: Get file changes
uses: oracle-devrel/[email protected]
id: files
with:
pull_url: ${{ github.event.pull_request.url }}
- name: Look for changes to .github
if: contains(steps.files.outputs.all_files_changed, '.github')
run: |
echo 'Changes to files in .github are not allowed.'
- name: Comment if .github changed
if: contains(steps.files.outputs.all_files_changed, '.github')
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **Banned Files Modified**
Changes to files in `.github` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it).
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Look for changes to license_policy.yml
if: contains(steps.files.outputs.all_files_changed, '"license_policy.yml"')
run: |
echo 'Changes to license_policy.yml are not allowed.'
- name: Comment if license_policy.yml changed
if: contains(steps.files.outputs.all_files_changed, '"license_policy.yml"')
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **Banned Files Modified**
Changes to `license_policy.yml` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it).
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Look for changes to repolinter.json
if: contains(steps.files.outputs.all_files_changed, '"repolinter.json"')
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **Banned Files Modified**
Changes to `repolinter.json` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it).
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment if repolinter.json changed
if: contains(steps.files.outputs.all_files_changed, '"repolinter.json"')
run: |
echo 'Changes to repolinter.json are not allowed.'
- name: Look for changes to sonar-project.properties
if: contains(steps.files.outputs.all_files_changed, '"sonar-project.properties"')
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **Banned Files Modified**
Changes to `sonar-project.properties` are not permitted. Please revert your changes and re-submit a new PR. Simply changing the file back to its original state and re-committing won't work (you must revert the changes made to it).
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment if sonar-project.properties changed
if: contains(steps.files.outputs.all_files_changed, '"sonar-project.properties"')
run: |
echo 'Changes to sonar-project.properties are not allowed.'
- name: Fail on banned file changes
if: contains(steps.files.outputs.all_files_changed, '.github') || contains(steps.files.outputs.all_files_changed, '"license_policy.yml"') || contains(steps.files.outputs.all_files_changed, '"repolinter.json"') || contains(steps.files.outputs.all_files_changed, '"sonar-project.properties"')
run: |
exit 1
39 changes: 39 additions & 0 deletions .github/workflows/cla.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: "CLA Assistant"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]

jobs:
CLAssistant:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
# Beta Release
uses: cla-assistant/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# the below token should have repo scope and must be manually added by you in the repository's secret
PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
# for per-repo CLA-acceptance:
# path-to-signatures: 'signatures/oca-20210504/${{ github.repository }}'
# for per-GHO CLA-acceptance:
path-to-signatures: 'signatures/oca-20210504/oracledevrel'
path-to-document: 'https://github.com/oracledevrel/devrel-oca-mgmt/blob/main/oca-20210504.md' # e.g. a CLA or a DCO document
# branch should not be protected
branch: 'main'
allowlist: bot*

#below are the optional inputs - If the optional inputs are not given, then default values will be taken
remote-organization-name: "oracledevrel" # enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)
remote-repository-name: "devrel-oca-mgmt" # enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository)
#create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
#signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo'
#custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
#custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
#custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
#lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
#use-dco-flag: true - If you are using DCO instead of CLA
42 changes: 42 additions & 0 deletions .github/workflows/license_audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Audit licenses
on:
pull_request_target:

jobs:
run_scancode_toolkit:
name: Get inventory of licenses used in project
runs-on: ubuntu-latest
container:
image: ghcr.io/oracledevrel/scancode-toolkit:v21.3.31
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
steps:
- name: 'Checkout repo'
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Run Scancode-toolkit
run: |
scancode -l --ignore licenses.json --ignore .github/**/* --ignore license_policy.yml --license-policy license_policy.yml --only-findings --summary --json-pp licenses.json *
echo "\n\nHere is the licenses.json:\n"
echo $(cat licenses.json)
- name: Look for non-approved licenses
uses: oracle-devrel/[email protected]
id: analysis
with:
licenses_file: '/github/workspace/licenses.json'
- name: Analysis results
run: echo "${{ steps.analysis.outputs.unapproved_licenses }}"
- name: Comment if analysis finds unapproved licenses
if: steps.analysis.outputs.unapproved_licenses == 'true'
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **License Inspection**
Requires manual inspection. There are some licenses which dictate further analysis and review.
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Halt pipeline on unapproved licenses
if: steps.analysis.outputs.unapproved_licenses == 'true'
run: exit 1
18 changes: 18 additions & 0 deletions .github/workflows/release-zip-file.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Release ZIP file packaging

on:
release:
types: [published]

jobs:
create_zip:
runs-on: ubuntu-latest
steps:
- name: 'Checkout repo'
uses: actions/checkout@v2
- name: 'Make (and upload) ZIP file(s)'
uses: oracle-devrel/[email protected]
id: zip_maker
with:
github_token: ${{ secrets.GITHUB_TOKEN }}

89 changes: 89 additions & 0 deletions .github/workflows/repolinter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
name: Repolinter
on:
pull_request_target:
jobs:
run_repolinter:
name: Run Repolinter on pull request
runs-on: ubuntu-latest
container:
image: ghcr.io/oracledevrel/repolinter:v0.11.1
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
steps:
- name: 'Checkout repo'
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Run Repolinter
run: |
set +e
bundle exec /app/bin/repolinter.js lint --format json --rulesetFile repolinter.json . > repolinter_results.json
echo "\n\nHere is the repolinter_results.json:\n"
echo $(cat repolinter_results.json)
exit 0
- name: Analyze the Repolinter results
uses: oracle-devrel/[email protected]
id: analysis
with:
json_results_file: '/github/workspace/repolinter_results.json'
- name: Overall analysis results
run: |
echo "Passed: ${{ steps.analysis.outputs.passed }}"
echo "Errored: ${{ steps.analysis.outputs.errored }}"
- name: Comment if analysis finds missing disclaimer
if: steps.analysis.outputs.disclaimer_found == 'false'
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **FAILURE: Missing Disclaimer**
The standard Oracle Disclaimer seems to be missing from the readme. Please add it:
ORACLE AND ITS AFFILIATES DO NOT PROVIDE ANY WARRANTY WHATSOEVER, EXPRESS OR IMPLIED, FOR ANY SOFTWARE, MATERIAL OR CONTENT OF ANY KIND CONTAINED OR PRODUCED WITHIN THIS REPOSITORY, AND IN PARTICULAR SPECIFICALLY DISCLAIM ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHERMORE, ORACLE AND ITS AFFILIATES DO NOT REPRESENT THAT ANY CUSTOMARY SECURITY REVIEW HAS BEEN PERFORMED WITH RESPECT TO ANY SOFTWARE, MATERIAL OR CONTENT CONTAINED OR PRODUCED WITHIN THIS REPOSITORY. IN ADDITION, AND WITHOUT LIMITING THE FOREGOING, THIRD PARTIES MAY HAVE POSTED SOFTWARE, MATERIAL OR CONTENT TO THIS REPOSITORY WITHOUT ANY REVIEW. USE AT YOUR OWN RISK.
Details:
${{ steps.analysis.outputs.disclaimer_details }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment if analysis finds missing readme
if: steps.analysis.outputs.readme_file_found == 'false'
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **FAILURE: Missing README**
The README file seems to be missing. Please add it.
Details:
${{ steps.analysis.outputs.readme_file_details }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment if analysis finds missing license
if: steps.analysis.outputs.license_file_found == 'false'
uses: mshick/add-pr-comment@v1
with:
message: |
:no_entry: **FAILURE: Missing LICENSE**
The LICENSE file seems to be missing. Please add it.
Details:
${{ steps.analysis.outputs.license_file_details }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment if analysis finds copyright notice missing
if: steps.analysis.outputs.copyright_found == 'false'
uses: mshick/add-pr-comment@v1
with:
message: |
:warning: **WARNING: Missing Copyright Notice(s)**
It's a good idea to have copyright notices at the top of each file. It looks like at least one file was missing this (though it might be further down in the file - this might be a false-positive).
Details:
${{ steps.analysis.outputs.copyright_details }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Halt pipeline if README is missing
if: steps.analysis.outputs.readme_file_found == 'false'
run: exit 1
- name: Halt pipeline if LICENSE is missing
if: steps.analysis.outputs.license_file_found == 'false'
run: exit 1
- name: Halt pipeline if disclaimer is missing
if: steps.analysis.outputs.disclaimer_found == 'false'
run: exit 1
19 changes: 19 additions & 0 deletions .github/workflows/sonarcloud.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: SonarCloud Scan
on:
pull_request_target:
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
33 changes: 33 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# General
.DS_Store
.AppleDouble
.LSOverride

# Icon must end with two \r
Icon


# Thumbnails
._*

# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent

# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk

# ignore common security keys
.key
.crt
.csr
.pem
55 changes: 55 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Contributing to this repository

We welcome your contributions! There are multiple ways to contribute.

## Opening issues

For bugs or enhancement requests, please file a GitHub issue unless it's
security related. When filing a bug remember that the better written the bug is,
the more likely it is to be fixed. If you think you've found a security
vulnerability, do not raise a GitHub issue and follow the instructions in our
[security policy](./SECURITY.md).

## Contributing code

We welcome your code contributions. Before submitting code via a pull request,
you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and
your commits need to include the following line using the name and e-mail
address you used to sign the OCA:

```text
Signed-off-by: Your Name <[email protected]>
```

This can be automatically added to pull requests by committing with `--sign-off`
or `-s`, e.g.

```text
git commit --signoff
```

Only pull requests from committers that can be verified as having signed the OCA
can be accepted.

## Pull request process

1. Ensure there is an issue created to track and discuss the fix or enhancement
you intend to submit.
1. Fork this repository.
1. Create a branch in your fork to implement the changes. We recommend using
the issue number as part of your branch name, e.g. `1234-fixes`.
1. Ensure that any documentation is updated with the changes that are required
by your change.
1. Ensure that any samples are updated if the base image has been changed.
1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly
what your changes are meant to do and provide simple steps on how to validate.
your changes. Ensure that you reference the issue you created as well.
1. We will assign the pull request to 2-3 people for review before it is merged.

## Code of conduct

Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].

[OCA]: https://oca.opensource.oracle.com
[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/
Loading

0 comments on commit 0cf05dc

Please sign in to comment.