Skip to content

Commit

Permalink
Version 2.21.0 (#174)
Browse files Browse the repository at this point in the history
* [Project] Add missing files and improve project and repository hygiene

- Add templates for issues and feature requests
- Add common files like MAINTAINERS, CONTRIBUTING
- Move files at root of project to dedicated folder

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

* [Licenses Inventory] Update to v4.0.6 (#161)

* chore(#160): update of LicensesInventory (v4.0.6)

Integration of the work done by my colleague Laurent Body (LicensesInventory 4.0.6).

Tested-by: Pierre-Yves Lapersonne <[email protected]>
Reviewed-by: Pierre-Yves Lapersonne <[email protected]>
Co-authored-by: Laurent Body <[email protected]>
Co-authored-by: Pierre-Yves Lapersonne <[email protected]>
Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

* chore(#160): add entry in CHANGELOG

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

---------

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>
Co-authored-by: Laurent Body <[email protected]>

* Improve text generator for english emails

- Fix typo in logs
- Add .gitignore to exclude from versioning generated files
- Add english template for newcomers on GitHub

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

* [#171] [#172] Permission and path with whitespaces fixes (#173)

* fix: failed to process Git repository at path with whitespaces (#172)

Closes #172

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

* fix: execution permission to Shell script missing (#171)

Closes #171

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

---------

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

* Prepare version 2.21.0

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>

---------

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>
Co-authored-by: Laurent Body <[email protected]>
  • Loading branch information
pylapp and laurentora authored Sep 16, 2024
1 parent 19f0cd3 commit 71c5a1f
Show file tree
Hide file tree
Showing 22 changed files with 376 additions and 25 deletions.
File renamed without changes.
11 changes: 6 additions & 5 deletions CODEOWNERS → .github/CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,14 @@
AUTHORS.txt @pylapp
CHANGELOG.md @pylapp
CITATION.cff @pylapp
CODE_OF_CONDUCT.md @pylapp
CODE_OF_CONFLICT.md @pylapp
CONTRIBUTORS.txt @pylapp
DCO.txt @pylapp
gitleaks.toml @pylapp
LICENSE.txt @pylapp
README.md @pylapp
DCO.txt @pylapp
SECURITY.md @pylapp
renovate.json @pylapp
THIRD-PARTY.md @pylapp

.github/ @pylapp

# Toolbox

Expand Down
File renamed without changes.
File renamed without changes.
79 changes: 79 additions & 0 deletions .github/CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Contributing to floss-toolbox

**Thank you for your interest in floss-toolbox. Your contributions are highly welcome.**

We would like to improve documentation, curent scripts and tools and maangement of GitHub / GitLab API in CLI.
We would like also to extract interesting KPI and emtrics from Git histories.
Keep in mind we are in the worst case possible with only Git histories and free GitHub / GitLab organizations, so some features can have been implemented in premium plans but we don't have them today.

----

## Ground Rules

- Be nice. You can apply here the [Crocker's rules](https://old-wiki.lesswrong.com/wiki/Crocker%27s_rules) for better efficiency if you want. Some peoplee here do.
- We have a [CODE_OF_CONDUCT](CODE_OF_CONDUCT) you **must** apply.
- For any improvemens or issues, bring tests data
- When in doubt, open an issue. For almost any type of contribution, the first step is opening an issue. Even if you think you already know what the solution is, writing down a description of the problem you're trying to solve will help everyone get context when they review your pull request. If it's truly a trivial change (e.g. spelling error), you can skip this step -- but as the subject says, when it doubt.
- Only submit your own work (or work you have sufficient rights to submit). Please make sure that any code or documentation you submit is your work or you have the rights to submit. We respect the intellectual property rights of others, and as part of contributing, we'll ask you to sign your contribution with a "Developer Certificate of Origin" (DCO) that states you have the rights to submit this work and you understand we'll use your contribution. There's more information about this topic in the [DCO section](#developer-certificate-of-origin). Keep also meta field oin your Git commits body with **Co-authored-by:**.

## Bug Reports

Ugh! Bugs!

A bug is when software behaves in a way that you didn't expect and the developer didn't intend. To help us understand what's going on, we first want to make sure you're working from the latest version.

Once you've confirmed that the bug still exists in the latest version, you'll want to check to make sure it's not something we already know about on the [open issues GitHub page](https://github.com/Orange-OpenSource/floss-toolbox/issues).

## Feature Requests & Proposals

If you've thought of a way that floss-tooblox could be better, we want to hear about it. We track `feature requests` ([examples](https://github.com/search?q=org%3Aopensearch-project+%22Is+your+feature+request+related+to+a+problem%3F%22&type=Issues)) using GitHub, so please feel free to open an issue which describes the feature you would like to see, why you need it, and how it should work. If you would like contribute code toward building it, you might consider a `feature-request` ([examples](https://github.com/Orange-OpenSource/floss-toolbox/issues?q=is%3Aissue+is%3Aopen+label%3A%22feature-request%22)) instead. A feature request is the first step to helping the community better understand what you are planning to contribute, why it should be built, and collaborate on ensuring you have all the data points you need for implementation.

## Documentation Changes

There are few documentations, mainly absed on README.md files. There must be kept updated with each fixes or evolutions.two types of documentation in OpenSearch: developer documentation, which describes how OpenSearch is designed internally, and user documentation, which describes how to use OpenSearch.
Feel free to improve the suitable files.

## Contributing Code

As with other types of contributions, the first step is to [open an issue on GitHub](https://github.com/Orange-OpenSource/floss-toolbox/issues/new). Opening an issue before you make changes makes sure that someone else isn't already working on that particular problem. It also lets us all work together to find the right approach before you spend a bunch of time on a PR. So again, when in doubt, open an issue.

## Developer Certificate of Origin

floss-tooblox is an open source product released under the Apache 2.0 license (see either [the Apache site](https://www.apache.org/licenses/LICENSE-2.0) for example. The Apache 2.0 license allows you to freely use, modify, distribute, and sell your own products that include Apache 2.0 licensed software. See also the file *LICENSE.txt*.

We respect intellectual property rights of others and we want to make sure all incoming contributions are correctly attributed and licensed. A Developer Certificate of Origin (DCO) is a lightweight mechanism to do that.

The DCO is a declaration attached to every contribution made by every developer. In the commit message of the contribution, the developer simply adds a `Signed-off-by` statement and thereby agrees to the DCO, which you can find below or at [DeveloperCertificate.org](http://developercertificate.org/). See also the file *DCO.txt*.

We require that every contribution to floss-toolbox is signed with a Developer Certificate of Origin. Additionally, please use your real name. We do not accept anonymous contributors nor those utilizing pseudonyms.

Each commit must include a DCO which looks like this

```
Signed-off-by: Jane Smith <[email protected]>
```
You may type this line on your own when writing your commit messages. However, if your user.name and user.email are set in your git configs, you can use `-s` or `--signoff` to add the `Signed-off-by` line to the end of the commit message.

If you worked with other people on the provided contributions, add also the *Co-authored-by* in your commit body if relevant.

## Changelog, versioning and commits

floss-toolbox follows [Keep A Changelog](https://keepachangelog.com/en/1.0.0/) format and *semantic verisoning*.
We try also to apply [commit message conventions](https://www.conventionalcommits.org/en/v1.0.0/#summary)

## How to contribute

- Open an issue descrbing your needs and the evolutions or fixes you will bring
- Submit a pull request
- Ensure your commits are clean (atomic, DCO applied, co-authoring if needed)
- Keep the CHANGELOG updated
- Attach to the PR the tests data
- Do not forget to update the README associate to the folderwhere your evolutions are

Project maintainers will then update the wiki and the CONTRIBUTORS file once your pull request will be merged.

About the source files, ensure you commented and documented the use of the scripts and tools like the others existing files.
Use also the SPDX format headers.

**Thanks for your contributions!**
**Have fun, and happy coding!**
File renamed without changes.
24 changes: 24 additions & 0 deletions .github/ISSUE_TEMPLATE/BUG_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
name: 🐛 Bug report
about: Create a report to help us improve
title: '[BUG]'
labels: 'bug, untriaged'
assignees: ''
---
### What is the bug?
_A clear and concise description of the bug._

### How can one reproduce the bug?
_Steps to reproduce the behavior._

### What is the expected behavior?
_A clear and concise description of what you expected to happen._

### What is your host/environment?
_Operating system, version._

### Do you have any screenshots?
_If applicable, add screenshots to help explain your problem._

### Do you have any additional context?
_Add any other context about the problem._
18 changes: 18 additions & 0 deletions .github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
name: 🎆 Feature request
about: Request a feature in this project
title: '[FEATURE]'
labels: 'enhancement, untriaged'
assignees: ''
---
### Is your feature request related to a problem?
_A clear and concise description of what the problem is, e.g. I'm always frustrated when [...]._

### What solution would you like?
_A clear and concise description of what you want to happen._

### What alternatives have you considered?
_A clear and concise description of any alternative solutions or features you've considered._

### Do you have any additional context?
_Add any other context or screenshots about the feature request here._
19 changes: 19 additions & 0 deletions .github/MAINTAINERS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
- [Overview](#overview)
- [Current Maintainers](#current-maintainers)
- [Emeritus](#emeritus)

## Overview

This document contains a list of maintainers in this repo. See [floss-toolbox/.github/RESPONSIBILITIES.md](https://github.com/floss-toolbox/.github/blob/master/RESPONSIBILITIES.md#maintainer-responsibilities) that explains what the role of maintainer means, what maintainers do in this and other repos, and how they should be doing it. If you're interested in contributing, and becoming a maintainer, see [CONTRIBUTING](CONTRIBUTING.md).

## Current Maintainers

| Maintainer | GitHub ID | Affiliation |
| ------------------------ | --------------------------------------------------------- | -------------- |
| Pierre-Yves Lapersonne | [pylapp](https://github.com/pylapp) | Orange SA |


## Emeritus

| Maintainer | GitHub ID | Affiliation |
| ------------------------ | --------------------------------------------------------- | -------------- |
94 changes: 94 additions & 0 deletions .github/RESPONSIBILITIES.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
- [Overview](#overview)
- [Current Maintainers](#current-maintainers)
- [Maintainer Responsibilities](#maintainer-responsibilities)
- [Uphold Code of Conduct](#uphold-code-of-conduct)
- [Prioritize Security](#prioritize-security)
- [Review Pull Requests](#review-pull-requests)
- [Triage Open Issues](#triage-open-issues)
- [Automatically Label Issues](#automatically-label-issues)
- [Be Responsive](#be-responsive)
- [Maintain Overall Health of the Repo](#maintain-overall-health-of-the-repo)
- [Keep Dependencies up to Date](#keep-dependencies-up-to-date)
- [Manage Roadmap](#manage-roadmap)
- [Add Continuous Integration Checks](#add-continuous-integration-checks)
- [Use Semver](#use-semver)
- [Release Frequently](#release-frequently)
- [Promote Other Maintainers](#promote-other-maintainers)
- [Describe the Repo](#describe-the-repo)
- [Becoming a Maintainer](#becoming-a-maintainer)
- [Nomination](#nomination)
- [Interest](#interest)
- [Addition](#addition)
- [Removing a Maintainer](#removing-a-maintainer)
- [Moving On](#moving-on)
- [Inactivity](#inactivity)
- [Negative Impact on the Project](#negative-impact-on-the-project)

## Overview

This document explains who maintainers are, what they dothis repository, and how they should be doing it. If you're interested in contributing, see [CONTRIBUTING](CONTRIBUTING.md).

## Current Maintainers

See the [MAINTAINERS.md](MAINTAINERS.md) file that lists current maintainers.

## Maintainer Responsibilities

Maintainers are active and visible members of the community, and have high-level permissions on the repository. Use those privileges to serve the community and evolve code as follows.

### Uphold Code of Conduct

Model the behavior set forward by the [Code of Conduct](CODE_OF_CONDUCT.md) and apply the [Code of Conflict](CODE_OF_CONFLCIT.md).

### Review Pull Requests

It's our responsibility to ensure the content and code in pull requests are correct and of high quality before they are merged. Here are some best practices:

- Leverage the issue triaging process to review pull requests and assign them to maintainers for review (use [CODEOWNERS](CODEOWNERS) if needed).
- In cases of uncertainty on how to proceed, search for related issues and reference the pull request to find additional collaborators.
- When providing feedback on pull requests, make sure your feedback is actionable to guide the pull request towards a conclusion.
- If a pull request is valuable but isn't gaining traction, consider reaching out to fulfill the necessary requirements. This way, the pull request can be merged, even if the work is done by several individuals.
- Lastly, strive for progress, not perfection.

### Triage Open Issues

Manage labels, review issues regularly, and triage by labelling them.

Use labels to target an issue or a PR for a given release, add `Good first issue` to good issues for new community members, and `Help wanted` for issues that scare you or need immediate attention. Request for more information from a submitter if an issue is not clear. Create new labels as needed by the project.

#### Automatically Label Issues

There are many tools available in GitHub for controlling labels on issues and pull requests. Use standard issue templates in the [./.github/ISSUE_TEMPLATE](./.github/ISSUE_TEMPLATE) directory to apply appropriate labels such as `bug` and `untriaged`.

### Be Responsive

Respond to enhancement requests, and discussions. Allocate time to reviewing and commenting on issues and conversations as they come in.

### Maintain Overall Health of the Repo

Keep the `master` branch at production quality at all times. Backport features as needed. Cut release branches and tags to enable future patches.

#### Keep Dependencies up to Date

Maintaining up-to-date dependencies on third party projects reduces the risk of security vulnerabilities. The Open Source Security Foundation (OpenSSF) [recommends](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool) either [dependabot](https://docs.github.com/en/code-security/dependabot) or [renovatebot](https://docs.renovatebot.com/). Both of these applications generate Pull Requests for dependency version updates. We use Renovate here.Renovate is integrated as part of the Remediate app in [Mend for Github](https://github.com/apps/mend-for-github-com), which is enabled on this repository.

### Use Semver

Use and enforce [semantic versioning](https://semver.org/) and do not let breaking changes be made outside of major releases.

### Release Frequently

Make frequent project releases to the community.

### Promote Other Maintainers

Assist, add, and remove [MAINTAINERS](MAINTAINERS.md). Exercise good judgement, and propose high quality contributors to become co-maintainers. See [Becoming a Maintainer](#becoming-a-maintainer) for more information.

### Describe the Repo

Make sure the repo has a well-written, accurate, and complete description.

### Becomong or not a Maintainer

The repository admins, seens as top maintainer, are the onle ones able to choose wether or not somebody can be named as maintainer, in the way they want.

2 changes: 1 addition & 1 deletion SECURITY.md → .github/SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@

## Reporting a vulnerability

Send an e-mail to [email protected] to report a vulnerability and contact all people in CONTRIBUTORS.
Send an e-mail to [email protected] to report a vulnerability and contact all people in CONTRIBUTORS and MAINTAINERS.
If accepted, we'll create a security advisory and add you and/or your team as collaborators.
Please allow our team sufficient time to resolve the vulnerability before disclosing it ; we'll remain in contact about the fix and may ask for your assistance to verify it is resolved.
18 changes: 17 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,23 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.20.0..dev)
## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.21.0..dev)

## [2.21.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.21.0..2.20.0) - 2024-09-164

### Added

- English template for email text generation about GitHub newcomers
- Bug and feature request templates, and other files for the hygiene of the project

### Changed

- [Licenses Inventory] Update to v4.0.6 ([#160](https://github.com/Orange-OpenSource/floss-toolbox/issues/160))

### Fixed

- [Diver] Missing execution permission for extract-emails-from-history.sh ([#171](https://github.com/Orange-OpenSource/floss-toolbox/issues/171))
- [Diver] Failed to process repositories at path with whitespaces ([#172](https://github.com/Orange-OpenSource/floss-toolbox/issues/172))

## [2.20.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.20.0..2.19.0) - 2024-04-04

Expand Down
4 changes: 2 additions & 2 deletions CITATION.cff
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,5 @@ keywords:
- audits
- history
license: Apache-2.0
version: v2.20.0
date-released: '2024-04-04'
version: v2.21.0
date-released: '2024-09-16'
34 changes: 30 additions & 4 deletions toolbox/LicensesInventory/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Table of Contents
=================
* [Licenses inventory](#licenses-inventory)
* [Disclaimer](#disclaimer)
* [Developer notice](#developer-notice)
* [What the tool does](#what-the-tool-does)
* [Prerequisites](#prerequisites)
* [Fill the configuration file](#fill-the-configuration-file)
Expand Down Expand Up @@ -39,6 +40,31 @@ The tool searches a license for each dependency found in the files to treat.
**This is an experimental feature designed and implemented by a blind colleague, you must always keep in mind our [Code of Conduct](https://github.com/Orange-OpenSource/floss-toolbox/blob/dev/CODE_OF_CONDUCT.md) for any issues nor comments, and be benevolent and kind.
This is mandatory.**

## Developer notice

- Unit tests: in *tests/unittests*
- Integration tests: in *tests/integrationtests*
- To test the main: in *sources/test_main.py*
with the data in *sources/data_to_test_main*

Do not delete the file 'to_add_this_folder_to_git.tmp' in:
real_data/licenses*
real_data/no_file

For integrationtest/test_3_print:
- you have to uncomment the first line in the test method to see the displays
- the test does not pass: it is normal, it tests the displaying after testing, you have to comment this line: the test will pass

After executing of the integration tests:
- delete the directories 'real_data/licenses*'
- execute the following commands:

```shell
git checkout tests\integrationtests\real_data\licenses
git checkout tests\integrationtests\real_data\licenses_with_errors
git checkout tests\integrationtests\real_data\licenses_with_retry_after
```

## What the tool does

1. Read the file 'config.ini' ;
Expand Down Expand Up @@ -79,11 +105,11 @@ For example:
# Where to find the package manager files above, must be defined, target must exist
path to parse = /absolute/path/to/project_to_test
# The name of the package manager file to process stored above, must be defined
the filenames = go.mod
the filenames = go.mod, build.gradle, build.gradle.kts, package.json
# For outputs, must be defined, target must exists
path to store the licenses = /absolute/path/to/project_to_test-licences
# Erros maangement if requests failed
number of authorized successive errors = 1
number of authorized successive errors = 2
```

where:
Expand Down Expand Up @@ -112,7 +138,7 @@ python3 -m pytest -s tests/integrationtests/*.py
python3 -m pytest tests/unittests/*.py
```

To run the unit tests, you must get the assets attached as artificats to [the release you got](https://github.com/Orange-OpenSource/floss-toolbox/releases).
To run the unit tests, you must get the assets attached as artifacts to [the release you got](https://github.com/Orange-OpenSource/floss-toolbox/releases).
For integration tests, get the *real_data* folder in the *integrationtests* folder and move it to the same folder in your project.
For unit tests, get the *data* folder in the *unittests* folder and move it to the same folder in your project.

Expand Down Expand Up @@ -231,4 +257,4 @@ A file 'licenses.txt' is created in the folder 'licenses'.
This file contains the list of the licenses for each dependency.
To personalize this folder, use 'config.ini'.

Beware of your proxys or public IP address to not be blocked by such platforms, and avoid flooding them.
Beware of your proxys or public IP address to not be blocked by such platforms, and avoid flooding them.
Loading

0 comments on commit 71c5a1f

Please sign in to comment.