diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..eba4ccc --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,26 @@ +name: Lint Markdown + +on: + pull_request: + branches: + - main + paths: + - '**/*.md' + - '.markdownlint-cli2.yaml' + +permissions: + contents: read + +jobs: + markdown-lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + fetch-depth: 0 + + - name: Lint Markdown + uses: DavidAnson/markdownlint-cli2-action@db43aef879112c3119a410d69f66701e0d530809 # v17.0.0 + with: + globs: '**/*.md' \ No newline at end of file diff --git a/.github/workflows/proposals.yml b/.github/workflows/proposals.yml index 8b2b101..cfc718b 100644 --- a/.github/workflows/proposals.yml +++ b/.github/workflows/proposals.yml @@ -3,6 +3,10 @@ on: pull_request: branches: - main + +permissions: + contents: read + jobs: validate: runs-on: ubuntu-latest @@ -11,10 +15,10 @@ jobs: run: | git config --global core.autocrlf false - - uses: actions/checkout@v4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.11' cache: 'pip' diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml new file mode 100644 index 0000000..6c8386d --- /dev/null +++ b/.markdownlint-cli2.yaml @@ -0,0 +1,15 @@ +config: + line-length: false + no-emphasis-as-heading: false + code-block-style: false + no-inline-html: false + ul-style: false + no-multiple-blanks: false + no-alt-text: false + no-bare-urls: false +globs: + - "**/*.md" +ignores: + - ".github/**" + - "proposals/**" + - ".trestle/**" \ No newline at end of file diff --git a/ADOPTERS.md b/ADOPTERS.md index 2427414..14ed94d 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -2,6 +2,6 @@ This is a list of organizations that have publicly shared their adoption: -- [Red Hat](https://www.redhat.com) +- [Red Hat](https://www.redhat.com) -If your organization is using OSCAL Compass and would like to be included in this list, please open a pull request. \ No newline at end of file +If your organization is using OSCAL Compass and would like to be included in this list, please open a pull request. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 609f3ee..0319488 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,3 +1,3 @@ # Code of Conduct -We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). \ No newline at end of file +We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2ef07df..506f1c0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,7 +50,7 @@ cannot be accepted at all!** We have also adopted [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). -### Merge details for committers: +### Merge details for committers 1. All merges into develop MUST be conducted by a squash-merge 1. All merges from develop into main MUST be done by a merge commit (e.g. preserving the history of commits into the develop branch). @@ -84,7 +84,7 @@ e.g. ### Developer's Certificate of Origin -We have tried to make it as easy as possible to make contributions. This applies to how we handle the legal aspects of contribution. +We have tried to make it as easy as possible to make contributions. This applies to how we handle the legal aspects of contribution. We use the [Developer's Certificate of Origin 1.1 (DCO)](https://developercertificate.org/) to manage code contributions (the same approach as the Linux® Kernel [community](https://elinux.org/Developer_Certificate_Of_Origin)) @@ -108,4 +108,4 @@ local git repository using the following command: ```bash git commit --signoff -``` \ No newline at end of file +``` diff --git a/GOVERNANCE.md b/GOVERNANCE.md index bd261b5..ec6d665 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -6,10 +6,10 @@ The following document outlines how the OSCAL Compass project governance operate The OSCAL Compass community adheres to the following principles: -**Open**: OSCAL-Compass is open source. See project guidelines [here](./CONTRIBUTING.md). -**Welcoming and respectful**: See [Code of Conduct](./CODE_OF_CONDUCT.md). -**Transparent and accessible**: Work and collaboration should be done in public. -**Merit**: Ideas and contributions are accepted according to their technical merit and alignment with project objectives, scope, and design principles. See our design proposal [process](./proposals/README.md) +**Open**: OSCAL-Compass is open source. See project guidelines [here](./CONTRIBUTING.md). +**Welcoming and respectful**: See [Code of Conduct](./CODE_OF_CONDUCT.md). +**Transparent and accessible**: Work and collaboration should be done in public. +**Merit**: Ideas and contributions are accepted according to their technical merit and alignment with project objectives, scope, and design principles. See our design proposal [process](./proposals/README.md) ## Governance Structure Overview diff --git a/MEMBERSHIP.md b/MEMBERSHIP.md index c7cdc29..3b46506 100644 --- a/MEMBERSHIP.md +++ b/MEMBERSHIP.md @@ -123,4 +123,4 @@ Changes to contributor roles must be approved by a vote of the Oversight Committ ## Acknowledgements -Contributor roles and responsibilities were adapted from InstructLab [contributor roles](https://raw.githubusercontent.com/instructlab/community/main/CONTRIBUTOR_ROLES.md) \ No newline at end of file +Contributor roles and responsibilities were adapted from InstructLab [contributor roles](https://raw.githubusercontent.com/instructlab/community/main/CONTRIBUTOR_ROLES.md) diff --git a/README.md b/README.md index 282737b..f7de666 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,9 @@ Contributing new features, resolving bugs and issues, and refining the documenta The goals of this open source community includes the following: -* Drive adoption of the OSCAL standard using Trestle, Agile Authoring, and C2P tools for end-to-end compliance automation. -* Come up with use-cases for automating compliance processes in an organization and the required tooling support. -* Influence the OSCAL standard based on the requirements and use-cases identified. +- Drive adoption of the OSCAL standard using Trestle, Agile Authoring, and C2P tools for end-to-end compliance automation. +- Come up with use-cases for automating compliance processes in an organization and the required tooling support. +- Influence the OSCAL standard based on the requirements and use-cases identified. ## Learn about the projects @@ -41,7 +41,7 @@ Compliance-to-Policy (C2P) bridges Compliance as Code and Policy as Code. C2P ta ## Community meetings and communications -##### Scheduled meetings +### Scheduled meetings Please attend! All are invited. @@ -61,15 +61,14 @@ We also have a [shared calendar](https://zoom-lfx.platform.linuxfoundation.org/m All of our meeting recordings are available for review on our YouTube [channel](https://www.youtube.com/@OSCAL-Compass). -##### Email +### Email Google Group: [oscal-compass](https://groups.google.com/g/oscal-compass)\ oscal-compass@googlegroups.com +### Chat anytime -##### Chat anytime - -Slack: [#oscal-compliance-trestle-agileauthoring-c2p](https://cloud-native.slack.com/archives/C06F3PEPNBW) +Slack: [#oscal-compass-trestle-agileauthoring-c2p](https://cloud-native.slack.com/archives/C06F3PEPNBW) - **Note**: You can login to Slack using another account like Google, Apple @@ -111,4 +110,3 @@ We are a Cloud Native Computing Foundation sandbox project. The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see [Trademark Usage](https://www.linuxfoundation.org/legal/trademark-usage)". *OSCAL Compass was originally contributed by IBM.* - diff --git a/SECURITY.md b/SECURITY.md index 0b5bed5..0e8682e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -37,6 +37,7 @@ and mentioned in the fixed versions' release notes. ## Supported Versions All OSCAL Compass projects follow [Semantic Versioning](https://semver.org/) terminology and are expressed as x.y.z: + - where x is the major version - y is the minor version - and z is the patch version @@ -45,4 +46,4 @@ Security fixes are typically addressed in the main branch and may be backported ## Acknowledgments -Parts of this policy were adapted from the Crossplane [security policy](https://github.com/crossplane/crossplane/blob/master/SECURITY.md) \ No newline at end of file +Parts of this policy were adapted from the Crossplane [security policy](https://github.com/crossplane/crossplane/blob/master/SECURITY.md) diff --git a/presentations/README.md b/presentations/README.md index a21d1d9..4157ee2 100644 --- a/presentations/README.md +++ b/presentations/README.md @@ -1,4 +1,4 @@ -## Introduction +# Introduction Welcome to the reusable presentation materials for OSCAL Compass! These materials are designed to be easily customized and adapted by anyone in the community who wants to present on the project. @@ -21,4 +21,4 @@ These materials are licensed under the Apache 2.0 License - see the [LICENSE](ht ## Feedback -If you have any questions or would like to provide feedback on these materials, please open a GitHub Issue on this repository. \ No newline at end of file +If you have any questions or would like to provide feedback on these materials, please open a GitHub Issue on this repository. diff --git a/proposals/README.md b/proposals/README.md index 4957087..d83897f 100644 --- a/proposals/README.md +++ b/proposals/README.md @@ -4,7 +4,7 @@ This document outlines the how to propose large scale or architectural project c > Note: This is a draft process -# When to use this process +## When to use this process On many occasions, ideas for new functionality or upgrades can be brought forth in a GitHub issue or discussion concerning the project. These suggestions are publicly discussed among maintainers, contributors, users, and other concerned stakeholders. Once an agreement is reached among participants, the proposed alterations move through the pull request process, during which the implementation specifics are examined, approved, or rejected by maintainers. @@ -24,9 +24,9 @@ Examples of changes to handle on the project level: * Fixing a flaky test * Code Refactoring -# How to engage in the process +## How to engage in the process -## Prerequisites +### Prerequisites Complete the following steps before creating a change proposal: @@ -34,7 +34,7 @@ Complete the following steps before creating a change proposal: * Optionally, create a prototype in your own fork * If a new project or codebase is proposed, identify project maintainers -## Process +### Process * Create an instance of the template using `trestle author docs create-sample -tn proposals`. * Submit a change proposal under `proposals` by opening a pull request.