From 19f493b7b7a89a86c021938f16c7ff92f5745779 Mon Sep 17 00:00:00 2001 From: Amateur-God Date: Sun, 24 May 2026 13:37:05 +0100 Subject: [PATCH] Add OSS governance, dependency review, and Atlas-Commons README links. --- .github/BRANCH_PROTECTION.md | 56 +++++++ .github/CODEOWNERS | 3 +- .github/CODE_OF_CONDUCT.md | 77 +--------- .github/CONTRIBUTING.md | 48 +++--- .github/FUNDING.yml | 2 +- .github/ISSUE_TEMPLATE/bug_report.yml | 39 +++++ .github/ISSUE_TEMPLATE/config.yml | 5 + .github/ISSUE_TEMPLATE/feature_request.yml | 29 ++++ .github/PULL_REQUEST_TEMPLATE.md | 16 +- .github/SECURITY.md | 167 ++------------------- .github/dco.yml | 1 + .github/rulesets/main.json | 43 ++++++ .github/scripts/apply-main-ruleset.sh | 70 +++++++++ .github/scripts/verify-dco.sh | 29 ++++ .github/workflows/CI-CD.yaml | 46 ++++++ .github/workflows/dependency-review.yml | 18 +++ README.md | 34 +++-- addons/adb_server/Dockerfile | 4 +- addons/adb_server/build.json | 2 +- repository.json | 4 +- 20 files changed, 418 insertions(+), 275 deletions(-) create mode 100644 .github/BRANCH_PROTECTION.md create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/dco.yml create mode 100644 .github/rulesets/main.json create mode 100644 .github/scripts/apply-main-ruleset.sh create mode 100644 .github/scripts/verify-dco.sh create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/BRANCH_PROTECTION.md b/.github/BRANCH_PROTECTION.md new file mode 100644 index 0000000..4555eb9 --- /dev/null +++ b/.github/BRANCH_PROTECTION.md @@ -0,0 +1,56 @@ +# Branch protection for `main` + +Merging to `main` requires passing CI and a pull request. Configuration lives in this repository so it can be reviewed and re-applied consistently. + +## What runs on every PR and push to `main` + +Workflow: [`.github/workflows/ci.yml`](workflows/ci.yml) + +The final job is always named **Required checks**. Branch rulesets require that status to be green before merge. + +## DCO (Developer Certificate of Origin) + +Install the [DCO GitHub App](https://github.com/apps/dco) on the Atlas-Commons organization. + +Every commit must include sign-off: + +```bash +git commit -s -m "Your message" +``` + +## Apply the ruleset (one-time) + +GitHub rulesets are configured on the repository, not via git push. + +```bash +chmod +x .github/scripts/apply-main-ruleset.sh +./.github/scripts/apply-main-ruleset.sh Atlas-Commons REPO_NAME +``` + +Or apply to every catalog repo from a machine with `gh` authenticated: + +```bash +./scripts/apply-all-catalog-rulesets.sh +``` + +### Private repositories (Bot, atlas-commons-website) + +Repository rulesets on **private** repos require GitHub Team or Pro. For those repos, configure branch protection manually under **Settings → Branches** until the org upgrades, or make the repo public. + +The apply script skips private repos automatically. + +### Important: check name must exist first + +GitHub only lets you select status checks that have run at least once. Open a PR against `main` (or push once) **before** applying the ruleset. + +## Apply rulesets to all catalog repos + +See [`atlas-commons-github-templates/scripts/apply-all-catalog-rulesets.sh`](https://github.com/Atlas-Commons/atlas-commons-github-templates) in the template pack, or run from any repo: + +```bash +for repo in Bot atlas-commons-website technitiumdns-api home-assistant-technitiumdns \ + StreamBooru Hassio-Addons Danbooru-Import-Scripts EmbyArrSync windowsRDP-SSH-tunnel-script; do + gh api --method POST "repos/Atlas-Commons/${repo}/rulesets" --input .github/rulesets/main.json 2>/dev/null || \ + gh api --method PUT "repos/Atlas-Commons/${repo}/rulesets/$(gh api repos/Atlas-Commons/${repo}/rulesets --jq '.[]|select(.name=="Protect main")|.id')" --input .github/rulesets/main.json +done +``` diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b03e7dc..34abd08 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1,2 @@ -.github/* @Amateur-God +# Default reviewers for Atlas Commons repositories. +* @Amateur-God diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md index 8b146f4..21f488d 100644 --- a/.github/CODE_OF_CONDUCT.md +++ b/.github/CODE_OF_CONDUCT.md @@ -43,91 +43,18 @@ acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - ## Scope This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -frenck@frenck.dev. +reported to **stephen@atlastechsolutions.co.uk**. All complaints will be reviewed and investigated promptly and fairly. -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within -the community. - ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0]. - -Community Impact Guidelines were inspired by -[Mozilla's code of conduct enforcement ladder][mozilla coc]. - -For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][faq]. Translations are available -at [https://www.contributor-covenant.org/translations][translations]. - -[homepage]: https://www.contributor-covenant.org -[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html -[mozilla coc]: https://github.com/mozilla/diversity -[faq]: https://www.contributor-covenant.org/faq -[translations]: https://www.contributor-covenant.org/translations +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org/version/2/0/code_of_conduct.html), version 2.0. diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index d6c6913..f00578d 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -1,29 +1,39 @@ -# Contributing +# Contributing to Atlas Commons -When contributing to this repository, please first discuss the change you wish -to make via issue, email, or any other method with the owners of this repository -before making a change. +Thank you for contributing to [Atlas Commons](https://github.com/Atlas-Commons) open-source projects. -Please note we have a code of conduct, please follow it in all your interactions -with the project. +## Before you start -## Issues and feature requests +1. Search [existing issues](https://github.com/Atlas-Commons) for duplicates. +2. For large changes, open an issue first to discuss approach. +3. Read our [Code of Conduct](CODE_OF_CONDUCT.md). -You've found a bug in the source code, a mistake in the documentation or maybe -you'd like a new feature? You can help us by submitting an issue to our -[GitHub Repository][github]. Before you create an issue, make sure you search -the archive, maybe your question was already answered. +## Developer Certificate of Origin (DCO) -Even better: You could submit a pull request with a fix / new feature! +**Every commit in a pull request must be signed off.** + +Use `-s` when committing: + +```bash +git commit -s -m "Describe your change" +``` + +This adds a `Signed-off-by:` line certifying you wrote the code or have the right to submit it under the project license. See [developercertificate.org](https://developercertificate.org/). + +The [DCO GitHub App](https://github.com/apps/dco) blocks merges when sign-off is missing. ## Pull request process -1. Search our repository for open or closed [pull requests][prs] that relates - to your submission. You don't want to duplicate effort. +1. Fork the repository and create a branch from `main`. +2. Make focused changes with tests where applicable. +3. Ensure CI passes locally before opening the PR. +4. Open a pull request against `main` with a clear description. +5. Address review feedback; maintainers will merge when checks are green. + +## Local development + +See each repository's `README.md` for setup instructions. Most projects document install, test, and lint commands there. -1. You may merge the pull request in once you have the sign-off of two other - developers, or if you do not have permission to do that, you may request - the second reviewer to merge it for you. +## Questions -[github]: https://github.com/Amateur-God/Hassio-Addons/issues -[prs]: https://github.com/Amateur-God/Hassio-Addons/pulls +Open a [GitHub Discussion](https://github.com/orgs/Atlas-Commons/discussions) or issue in the relevant repository. diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 8dc658f..5037bda 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,2 +1,2 @@ --- -github: Amateur-God +github: Atlas-Commons diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..608911c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,39 @@ +name: Bug report +description: Report something that is broken or incorrect +title: "[Bug]: " +labels: + - bug +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to report a bug. Please search existing issues first. + - type: textarea + id: description + attributes: + label: What happened? + description: Describe the bug and what you expected instead. + validations: + required: true + - type: textarea + id: reproduce + attributes: + label: Steps to reproduce + description: Minimal steps to reproduce the behavior. + placeholder: | + 1. ... + 2. ... + 3. ... + validations: + required: true + - type: input + id: version + attributes: + label: Version or commit + placeholder: e.g. v1.2.0 or main @ abc1234 + - type: textarea + id: environment + attributes: + label: Environment + description: OS, runtime versions, relevant configuration. + placeholder: e.g. Ubuntu 24.04, Python 3.12, Docker 27 diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..029a1ab --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: false +contact_links: + - name: Security vulnerability + url: https://github.com/Atlas-Commons/.github/blob/main/SECURITY.md + about: Report security issues privately — do not use public issues. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..c32b6cc --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,29 @@ +name: Feature request +description: Suggest an improvement or new capability +title: "[Feature]: " +labels: + - enhancement +body: + - type: markdown + attributes: + value: | + Describe the problem you want solved and how you imagine the feature working. + - type: textarea + id: problem + attributes: + label: Problem or use case + description: What problem does this solve? + validations: + required: true + - type: textarea + id: solution + attributes: + label: Proposed solution + description: How would you like this to work? + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: Alternatives considered + description: Other approaches you thought about. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 14f7b5b..9816e9c 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,9 +1,15 @@ -# Proposed Changes +## Summary -> (Describe the changes and rationale behind them) + -## Related Issues +## Related issues -> ([Github link][autolink-references] to related issues or pull requests) + -[autolink-references]: https://help.github.com/articles/autolinked-references-and-urls/ +## Checklist + +- [ ] I have read [CONTRIBUTING.md](.github/CONTRIBUTING.md) +- [ ] Every commit is signed off (`git commit -s`) for [DCO](https://developercertificate.org/) +- [ ] CI passes locally (or I explain why not applicable) +- [ ] Documentation updated if user-facing behavior changed +- [ ] Tests added or updated where applicable diff --git a/.github/SECURITY.md b/.github/SECURITY.md index f8adc61..5afb3c5 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,165 +1,26 @@ # Security Policy -I take the security of my software and services seriously. This includes all open-source software I create, maintain, or help to maintain. +## Supported versions -If you believe you have found a security vulnerability in any repository I maintain, including this one, please report it responsibly as described below. +Security fixes are provided for the latest release on the default branch. Older releases may not receive patches. -**Please DO NOT report security vulnerabilities publicly!** +## Reporting a vulnerability -So... DO NOT create a GitHub issue for it ;) +**Please do not report security vulnerabilities via public GitHub issues.** -## Reporting a Vulnerability +Instead, use one of these channels: -Privately and confidentially, send me a detailed description of the vulnerability you have discovered using an encrypted and authenticated channel. Personally, I prefer this to be done using PGP encrypted email. Contact information needed for this is listed below. +1. **GitHub Security Advisories** — [Open a private report](https://github.com/Atlas-Commons/.github/security/advisories/new) for the affected repository, or use **Report a vulnerability** on the repository Security tab. +2. **Email** — contact the maintainers at **stephen@atlastechsolutions.co.uk** with details and steps to reproduce. -In the report, please include as much information as possible, including: +Include as much detail as possible: affected versions, impact, reproduction steps, and suggested mitigations if you have them. -- An extensive description of the vulnerability. -- How it could be exploited. -- The potential impact you think it would have (e.g., DOS attackable, privacy concerns, leaking of credentials). -- Steps for reproducing the vulnerability. -- Code (if any), that is needed for reproducing the issue. -- If you have an idea for a fix, patch, or any other adjustment for mitigating the vulnerability reported. +## Response timeline -Sorry for the long list, but providing as much information as possible allows me to act more quickly. Make sure to write your report in the English language. +- **Acknowledgement** within 7 days +- **Fix or mitigation plan** within 60 days for confirmed issues +- Coordinated disclosure preferred; please allow time to release a fix before public disclosure -Please take care not to violate the privacy of other people in your report. For example, stack traces or exploit scripts sent to me should never contain private or personally identifiable information. +## Bug bounty -## After You Have Reported the Vulnerability - -Give me at least a week to investigate and respond to the reported vulnerability you have found, and up to 60 days to fix and distribute it. This includes a window for existing users to upgrade, patch, or mitigate the issue as well. - -If you intend, at any point, to disclose the vulnerability to someone else or maybe even publicly, please give me a reasonable advance notice. - -If any dependent projects are involved, I will take care of informing the maintainers of those projects as well. - -## Bug Bounty - -Unfortunately, I cannot offer a paid bug bounty program. I will, however, give my best efforts to show appreciation towards people that took the time and effort to disclose vulnerabilities responsibly. - -I, and the open-source community, will be forever grateful. - -Oh, and if we ever meet, I'm happy to buy you a beer :) - -## Contact Information - -Please contact me, Amateur-God, directly. - - - -GPG Fingerprint: `2418 5C17 C92D 985F B31C 1554 9C15 AD13 5473 7566` - -https://keys.openpgp.org/search?q=24185C17C92D985FB31C15549C15AD1354737566 - -```txt ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGUo9CcBEAC3W4ey0mjr4NIXzYcj0Vxymnqqbh31iv+k6tQGFEykFLikXRyL -5JYfujZjdqKemE7td0VXhZA1Hi0364JhnXjCkSVpxT44+4+0vz5z7unel2Cf+od5 -tRxaB3pKBA7v22EsNBGPuUuYbB9poZnepcMTTd0D4TARqN+k0lHy/KCIbY+1Gz3w -ImN4jwmunru0h6cIJKKhQtj/EHuRv8PomGGX+5Frp+NYADs6uWYqEzC5m2H9a7+e -kUjUX7Oa/M4A/h/6oJzfIWeIS7OWHSdaseWAl2A+SkOLkn96sZU5skNJXPZA5oH5 -QbSGBtZS+2RX728FDPe1W9EofqF4/fzB2lJWZgvP9P2aQFAfZ+/o+Gd7bsEGBnOW -7ZiMrHGWkvu182F8dps7lPQTudUF+RVZKA0vUBKokGf8ex+gWAGX3rRQFdO1FnvD -toClUqKSl1PJYXuquncFz12tLXkd/OO3xT7gecX/OEwAHcUIAocGtpLm5HCH6fUx -1GzxWdbKeAJ6MzPPtSfdXJaJxJceGu9iiHfhvwLszEm5Cdb5EdXrQ1zq4tbndhfu -+zf9jsvqXbKP1nDqox13CeTjCvC89M43HXwUEhVqevSHQijv437q69zXw0oxMlSm -WRD6L1mad5KYglENd2N/lkbqjJ6bZqtoDtIRAoaESaDRC1IrNNu1r0o92wARAQAB -tDhTdGVwaGVuIEhvd2UgKFl1YmlrZXkgTWFpbiBDZXJ0aWZ5KSA8bXJob3dlOTVA -Z21haWwuY29tPokCSwQTAQoANhYhBCQYXBfJLZhfsxwVVJwVrRNUc3VmBQJlKPQn -AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAKCRCcFa0TVHN1Zh5DD/YxwUKNRTNE -GgWHPSeq4o/8ESbFAfFOgKC/jzU0aFJrb/oaYwYhy/zFx4UcI5Vk3QfeLKVhLoiB -vS0oB/nVuAFQm4e7bAC+mSaD2hfyDR3s6q9ZLvMUjHaaBakHFX5cnpKiKGm3/Gk3 -Kejx2SX1GTr6Uii+Hsj2Ls+XxlagBv+zQL9DqwZtJ+n+DZd7ON0Vkqk0HM/Jt/H8 -SCnf+yDucqLjayX/Puf+Lc8lPb4fOO6D0DJBhOiYtIDo0qHwQdm0W/RUwLuKw/s9 -2J+tU4l7G467Jy5gPdhDRAdhXcP1UpIl57NhMCuiFVlqyKGl5GuPnhDMAguPr6eG -RS9FHn5Zfog6Skud0zVLSYOUu1RWCb1SCgfKpN4hASryeRz2SrM5aHK4NxvbFK4z -rmw0YfkNZoTbslaEVmqJbMRPmWKZLVhrSNNnU6KEyf8qbZgnhMBpdnMYkV/4KrHx -qW/cpHGGNQN8s4EmAB4YSKIF/1kngREvlOT4D8M/lyCb9lAAzugyTCoSqQJVATyW -rMpFnhQlMrNVruDt3RaiP/lKHDdgiNsjD3vW40TbMndm3gQEvDdTF3cFDTeU+fkS -VmIYIUQVpipPyzFZmRmNeValz3K4tWusSIQA1w5nshvLu4AucUJyFSZDH69U9c/C -YZQs8dRx9Ti0WWuHZZ5Z5CCdjKlRW39muQINBGUo9MQBEADP1+pChDs8Z4YMR1Q6 -wTVLVYSYpnRG1fVlUz76Wkzijhw9+IzgGneIMcT1/NpXAcICMRdm4ey3vwSOpvbF -Ht4jRO/4arzeyS6uEh01g9EQHfiBTBbjJ1Em6bDVTzJYd0zxsawVBq192fGVOpMo -B5hAuspN3PaVwqzQ4p/c5eiK+TPjNTG5Km0Bt/Ep3aWjSWGkBnTAC/utWDY3Q8Kv -81wQBGXZhEEuXef90X8DzNFVod1SRCMZZmkek5ovpQ8KvK3q4uyIAZxqQWuON4S3 -g177Gvv7s5LMCdv4aqKe41e4DbotEMNJo41mp2hJtV93thEMpQ/kL6q6gjuiWv2i -C8hH0UR06VxsxTzD0qn45l33NSQQ5YJAl6y8tYYbMrRmmioOgFZOPfnZTTT3L52n -MUE+bM7sJgo9JNb8p01yx9YM6JVNhr2X8v8KucUVGupSkCSGZpLcOtmvMkI5sQhi -Z4kXAOVJk25Fio7SbencVkFCXtB1JFm86rrrGDAjrsd7pLOjlw/O/IDidu0cle9T -XHSzuk4G4HLvcj8rDoM3RuU7gB+PcQEEPqo1Ys34MCoQMQUW/7MKJHRhvcG3PyCb -Q1ORohSP9VPL5PioG1o/wR6jTpkzt6xL1GolBn8h2Q5lnb05dFuaNj5z9VNIRX4J -Dapg4+Ko82aC7W0KA0klJeWyAwARAQABiQI8BBgBCgAmFiEEJBhcF8ktmF+zHBVU -nBWtE1RzdWYFAmUo9MQCGyAFCQlmAYAACgkQnBWtE1RzdWZggQ//S4eRTFS4jMb+ -9qwRTXvgFRvYWhJHUQKMUrhzn34McXtSZkki0zd52cdDqTR9pNjGghMQssNo6VXd -Ur1ijWemLM4XLMRx2lPWw/ZznaDl8xhSGcldAEf+15ag/9rbMsQ74HUmGQxsRfcv -+rBdUriH22ZYLF6HYsbjLyS5uW9OAEmZSX+FM917nMrQzuVe5XjMqF/Of8izKgcO -FGx7tsbmCg7zAgC9Iic9KMOPZfT4wc5XVeXJPpuOf5CCUSAYtegxQl88CReAnAGn -95q0ixoyFT4l+0LekEuFgG/s8ymuVqGBwrtRfYWZeA7KZ3Jk/EQF0/13Nwt2kajw -FauyhDdGNIuVWmf35QpG0J0csIMBhTvh5+EVrS8S8wUJ7oCbUb9MVqxSeu2eHh+V -AYPjwaUNAqVVa30o2POVFeFvP/8m2p9UvD2pwf2FxyxXAb5WtC3BVtYXB/mXU6WW -zttK7dD1PoLRDyKj07AvEib8UhF70D13/jzFrJu/pfDET2UGjIg7BEghBvIcu01Q -oL6tOMksmUdw7BhUMKTbIljdqr0pqXXGb9Rv3rusoQvAgjS/5eQ8VV+r2ZjP12wN -brQjq3adGHhvMUeeAOlhgKva1FQijwPu8e5CLpkUSsVvhSfPQSuXB7zbCEg+LteB -gVoeOum2/dVVFcemyvVD/4OJGaaZnRu5Ag0EZSj0gwEQAPESQ5F5NH6609a0+py4 -+Ti2if3SNUatvKXDpV9X7tgAYE1J1YGaIzbp19N+nzB+mMtkhaI9ZR/oCe0rcJ+O -0/AKdQp2KPimsRKKolMOtyQXez0WeYdBlfZjWwHmrCR7pbu9kAvsAp69KPwX6jdR -J765I3qfS5wW+cxelK6u7spd6Q7NrPsFb5l4dqF22K2J+QEVMuiMDdTqEnLxwrdo -LUJRShBulZvz2YvJp9AeZmSPTmNn6OCYbMB+9iKbQTOoMeS/3YOIJCq1pi29Mxka -qJet2lgBBoK8nOLxK91oCR7TRSNYNsgGf22Lkh/cwAlUjtquPpf9Ycfl1Bn9pQ3w -0LeSd0MvjXaULZBSGWMDHzYmqvCGEB4J5lVdhwJB5Gej2nkhJUV6vZYKMQrX9rE/ -kYz+o24SGJhgmMhHUjGoONS9doP0DhWVQkoilmdaUM78HcQEqOkfknD4cGRoSikx -h+v8Y6GRm3bCws3oAQgndN/mHUApx2CWyngmmyMu5ZO0t4qOjWqu5F9PERyIVOhv -tMpWx7+fOuhf1kN0tu+ExvV6P3U7mFwUC2kGWK4f7OriZxJDQMaL42xA1PiD9Hi4 -vgs/OSi6kFApFiZVKAWyganBlqvGueo1Y0NLiR24IjSMLBPyshk50faZn0fFV2Nk -DXssSDf2nlwU0bpyb2Q9B2NpABEBAAGJAjwEGAEKACYWIQQkGFwXyS2YX7McFVSc -Fa0TVHN1ZgUCZSj0gwIbDAUJCWYBgAAKCRCcFa0TVHN1ZsxhEACfPhy136huM6ql -5Zxu9Q3JCKpzS9W44LVqGL+iCjeSfASgPcwJUWr4SYFbbLts2V3j+ZP+QwdrW24f -u49+BKXvfgmg/LS7Vv5ylHhFeGNKvKYF91/jE3hgVlXL/v4k3squhQdyRclAkGbr -YG2xmU9yw3zawmdQM+cUw3HYdY0xIhJ+8APRWYF5L1IeFYml1LMcnfdngItTyCVw -NR1O6gtORUgx8eorT9WZPeD3sQ2GW7UJaC6yH1bVKZcoTbL26cIfaqSmZeOqN752 -fBE4/hRzzCv2FX63MZkygBnmzbvbs7j/Vdf+3MWukD1adsZq8oxqXSGB6Cm2STZn -+ZPu5ycp2ASOa8HMncSnq7kaCK4JJGkhQrley7f++UIzFEFsoHRwFo6grsvI7tAF -/iQtmoWLaEkREJ8prPWmIQd1JvUZ9sGbQ2NfrlEFWlllJPflLBiFzD/TfJx75usW -PccHLeRTkYIltajXmSeDTBH32/YMvZ3300cc9RVgMWsOO3JQBZdCjBI1+KoC07s+ -ZSrwQk9acfdMz1fubLDMrp8aoJYnkBLVhpNuK9JJdrLMTJNqd4gE1ZOy7XgQECpT -hX2jhDG4vVeTQNxsYH8z/dSlDsOMSyR+S9zIvb96D9cDW7DyK/ck8x2GMn7YKtSi -w58MBsR+7hXEofe5CyeX7YZdkBCBP7kCDQRlKPRiARAA7nzTtksplwqrlxYJr5GW -gHhukRfykWI48Kx1HXsIqj7BHRljgaRaKVp+FxE+mP8k+zn44HqV2BBdtAsQQSQG -Jux5gF5ltCjb5GaQZEtzG3BojC+ewLXRMxUu6GUUztbMd640ddDtw4OoaieuQBdf -jo2n8HeX0oUXLlj9dnoV8vLcTDAwXLp91ZTNDFanrUuUoRzq+3C17m5EhwU4C7Zq -QjO896fMfkpVbKmCKcpigDapBk+7KyvYNBTTtDTiwHKbkldOl6f5U9aPfvzcH4dv -+bU1zhRrMS2NNSi2wqPlwgWxZUeD9/v4s4rIXzGlOH8jdn7/r/DAz1yTe6ZVzo7f -V+bC0k3tBrasEUu20zPtraEduT+XdnY14RAgdEsFM////fj3C77SB1atVU9ehIBn -Q7tq6sl5Q0bQz+1f4LFgm4Wy/H0zTw0HGaJJ66uBeHHtU8DsQLR0hTWRyJi63DF3 -Bi1JRP0YtEXehyaU5Xo4KjPZejlFNwhr1oahy7LLiIaVR6Vj36A3jRQnR75jNw3v -v0D4qPeCerSVzgHLPjtbnpLjqnqmvJsmSlkgXw8IG24CWi8M09UyIPYoXmEQZrQ3 -Sx7ew2o0e3FNbbuV4VsY/11WaOwJ71E3Dgz0GxO0PXHwYI/ZVMyixXp2cfOzsp5t -IAle4vyrmK62uGON7Jl8TjUAEQEAAYkEcgQYAQoAJhYhBCQYXBfJLZhfsxwVVJwV -rRNUc3VmBQJlKPRiAhsCBQkJZgGAAkAJEJwVrRNUc3VmwXQgBBkBCgAdFiEElz+i -TLHPkW2HUX2TbgnN6VblffMFAmUo9GIACgkQbgnN6VblffMhNxAAqemvvod/eiOy -mowS7rGbXcuNGA0wCpSQrUHu3yE4WSRJ/mEgGXS0CWqC1m86JhCNgfH5iTRHei7J -P/pDldSYikNfm5MUjIbBdPwnyG7Vbthseu2Z07phggI82qVW2fcl4SK3dcLbhI2f -IpWwa35UaAfgBXWKtzszQjkiAXQHz6ULCqlRe1lWI0moqHiOciKJxOFa3qn21aiT -gMyxjW8udphKHvRZtcwfWSvzjf1LSUlLT0hWBqQpz46i8vq2hBcDbsJDZnOKzQoN -9PBriSjDGjVHsyQOJN1nl75IyNNxddqlzcXGYemYkar6tROgLVk8N0UiDB9jRIpQ -Q8pUrbh58KMH6+nvKbHa5vz+a+xM28lB8AL/T48zfDHJ6xWiEe9lV4Nla2r4Djmb -ehnphlpN0AobUBHjj5bToJr8lSCvo0zR2u5NiPjrah/OVZwoLQuWxDLANg0sONrW -HIRqMNxzW29eno9uzML7oG0Z/EEjXoE9/jp43o1FDOvyyeqbfR5af+A3RARp0Zc3 -wU9yu45x0q09jjqNxL8QUdfBOtBNHVRs9/KGX60YhWi4miaMfOKSBz5pdW4pVNfx -6QOaz1viI0dsk2E6MP7gf4Omh43EwDUjr6sz9o4JzFERIS3IZOcoXXvggixemF0u -mIpAOtfUuZoyIyECz47e7UZbUsANaQIemw/9HlSaaZ00flQYZBYvLKVUW8SFaGzc -Biy2+RJHeI0ShZdG+WSdSqGmgoUlChzNGBzUeqpTyZ8LPEOYK4Yh/X/agLDmCaGe -749zAPj+GWx9EcHsfCAAR7khj8SuJNxUMZ1MAhNzNHPRMpT1M1f/KaOML9neS4x6 -NMuTjxiXIBTUpErX5IdYrqGw2Bm+NNuEoTNWwLYnwmya26ObrFafgfRKuSypnJE+ -fSvoGXHb5GV5bYbZTlUhDE45DkGH8cwhAGvPn7ePKGZDIm70GWTfxfAiPWmfAgA+ -15mp9WvxDyIifUjlUP+Uagu51ombilDlxd4Tp5DyEnSZMMO2+9A9JxMuEtJsuass -XVsCawntnhJlLNGI+c81Y9pg8EQSBA4JoiHn+QySFjlEAvrvmw4KWZp8f/KAR5Ph -WioLhuL84iaWMVt+gY1Rl7Iac1CHYhZGsDeFtvrPwFdc26GHlO8QFomK721IH9f9 -uw1fdWpQNIQRtz3gLd8IRjfq1hfrHTAfKncFNhbLlUJTxyOaXY87LOAAXcajn7fQ -gu4wjt9PgWxwX5/zDUa7IbeSjB5HwveRpHPT5iXoA24z779ISRYRRTMvI6i4w3qu -mSfv7+dhFeEX7Fbtd9OLDOG2HE5v0j8/+RUsSUE73sMwm3uwAjZA7j+7kkvlHdrc -WkfY/Nszax35+pM= -=jsch ------END PGP PUBLIC KEY BLOCK----- -``` +Atlas Commons does not operate a paid bug bounty program. We appreciate responsible disclosure and credit researchers in release notes when appropriate. diff --git a/.github/dco.yml b/.github/dco.yml new file mode 100644 index 0000000..c9db6be --- /dev/null +++ b/.github/dco.yml @@ -0,0 +1 @@ +allowSignOff: true diff --git a/.github/rulesets/main.json b/.github/rulesets/main.json new file mode 100644 index 0000000..97f875f --- /dev/null +++ b/.github/rulesets/main.json @@ -0,0 +1,43 @@ +{ + "name": "Protect main", + "target": "branch", + "enforcement": "active", + "conditions": { + "ref_name": { + "include": ["refs/heads/main"], + "exclude": [] + } + }, + "bypass_actors": [], + "rules": [ + { + "type": "pull_request", + "parameters": { + "required_approving_review_count": 0, + "dismiss_stale_reviews_on_push": true, + "require_code_owner_review": false, + "require_last_push_approval": false, + "required_review_thread_resolution": false, + "allowed_merge_methods": ["merge", "squash", "rebase"] + } + }, + { + "type": "required_status_checks", + "parameters": { + "strict_required_status_checks_policy": true, + "required_status_checks": [ + { + "context": "Required checks", + "integration_id": 15368 + } + ] + } + }, + { + "type": "non_fast_forward" + }, + { + "type": "deletion" + } + ] +} diff --git a/.github/scripts/apply-main-ruleset.sh b/.github/scripts/apply-main-ruleset.sh new file mode 100644 index 0000000..85068e8 --- /dev/null +++ b/.github/scripts/apply-main-ruleset.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env bash +# Apply the main branch ruleset to a GitHub repository. +# +# Prerequisites: +# - GitHub CLI: https://cli.github.com/ +# - Authenticated: gh auth login +# - Admin access on the repository +# +# Usage: +# ./.github/scripts/apply-main-ruleset.sh +# ./.github/scripts/apply-main-ruleset.sh Atlas-Commons Bot + +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" +RULESET_FILE="${REPO_ROOT}/.github/rulesets/main.json" + +OWNER="${1:-}" +REPO="${2:-}" + +if [[ -z "${OWNER}" || -z "${REPO}" ]]; then + REMOTE="$(git -C "${REPO_ROOT}" remote get-url origin 2>/dev/null || true)" + if [[ "${REMOTE}" =~ github\.com[:/]([^/]+)/([^/.]+) ]]; then + OWNER="${BASH_REMATCH[1]}" + REPO="${BASH_REMATCH[2]}" + else + echo "Usage: $0 " >&2 + echo "Could not detect owner/repo from git remote." >&2 + exit 1 + fi +fi + +if ! command -v gh >/dev/null 2>&1; then + echo "GitHub CLI (gh) is required. Install from https://cli.github.com/" >&2 + exit 1 +fi + +echo "Applying ruleset to ${OWNER}/${REPO} ..." + +visibility="$(gh repo view "${OWNER}/${REPO}" --json visibility -q '.visibility' 2>/dev/null || echo unknown)" +if [[ "${visibility}" == "PRIVATE" ]]; then + echo "Cannot apply repository rulesets to private repos without GitHub Team/Pro." >&2 + echo "Configure branch protection manually: https://github.com/${OWNER}/${REPO}/settings/branches" >&2 + exit 1 +fi + +EXISTING="$(gh api "repos/${OWNER}/${REPO}/rulesets" --jq '.[] | select(.name=="Protect main" or .name=="main") | .id' 2>/dev/null | head -1 || true)" + +if [[ -n "${EXISTING}" ]]; then + echo "Updating existing ruleset id=${EXISTING} ..." + gh api \ + --method PUT \ + "repos/${OWNER}/${REPO}/rulesets/${EXISTING}" \ + --input "${RULESET_FILE}" +else + echo "Creating new ruleset ..." + gh api \ + --method POST \ + "repos/${OWNER}/${REPO}/rulesets" \ + --input "${RULESET_FILE}" +fi + +echo "" +echo "Ruleset applied. Verify at:" +echo " https://github.com/${OWNER}/${REPO}/settings/rules" +echo "" +echo "Notes:" +echo " - Merges to main require the 'Required checks' CI job (workflow: CI)." +echo " - Install the DCO app: https://github.com/apps/dco" +echo " - Open one PR against main so CI runs before enforcing the ruleset." diff --git a/.github/scripts/verify-dco.sh b/.github/scripts/verify-dco.sh new file mode 100644 index 0000000..4b0bcfb --- /dev/null +++ b/.github/scripts/verify-dco.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# Verify all commits in a PR include Signed-off-by (DCO). +set -euo pipefail + +if [[ "${GITHUB_EVENT_NAME:-}" != "pull_request" ]]; then + echo "Not a pull request — skipping DCO check." + exit 0 +fi + +base="${GITHUB_BASE_REF:-main}" +git fetch origin "${base}" --depth=1 2>/dev/null || git fetch origin "${base}" + +missing=0 +while IFS= read -r sha; do + [[ -z "$sha" ]] && continue + if ! git log -1 --format=%B "$sha" | grep -qi '^Signed-off-by:'; then + echo "Missing Signed-off-by on commit ${sha:0:7}" + git log -1 --oneline "$sha" + missing=1 + fi +done < <(git rev-list "origin/${base}"..HEAD) + +if [[ "$missing" -ne 0 ]]; then + echo "" + echo "Add sign-off with: git commit -s --amend && git push --force-with-lease" + exit 1 +fi + +echo "All commits include DCO sign-off." diff --git a/.github/workflows/CI-CD.yaml b/.github/workflows/CI-CD.yaml index 086c3c1..cb65297 100644 --- a/.github/workflows/CI-CD.yaml +++ b/.github/workflows/CI-CD.yaml @@ -659,3 +659,49 @@ fi git push https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git HEAD:${BRANCH_NAME} fi + + dco: + name: DCO sign-off + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Verify DCO + run: bash .github/scripts/verify-dco.sh + + required: + name: Required checks + runs-on: ubuntu-latest + needs: [discover, information, build_main_or_pr, dco] + if: >- + always() && + ( + github.event_name == 'pull_request' || + (github.event_name == 'push' && github.ref == 'refs/heads/main') + ) + steps: + - name: Verify all CI jobs succeeded + run: | + echo "discover: ${{ needs.discover.result }}" + echo "information: ${{ needs.information.result }}" + echo "build_main_or_pr: ${{ needs.build_main_or_pr.result }}" + echo "dco: ${{ needs.dco.result }}" + if [[ "${{ needs.discover.result }}" != "success" ]]; then + echo "Discover job failed or was skipped." + exit 1 + fi + if [[ "${{ needs.information.result }}" != "success" ]]; then + echo "Information job failed or was skipped." + exit 1 + fi + if [[ "${{ needs.build_main_or_pr.result }}" != "success" ]]; then + echo "Build (main or PR) job failed or was skipped." + exit 1 + fi + if [[ "${{ github.event_name }}" == "pull_request" && "${{ needs.dco.result }}" != "success" ]]; then + echo "DCO sign-off check failed." + exit 1 + fi + echo "All required CI checks passed." diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..679d043 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,18 @@ +name: Dependency review + +on: + pull_request: + branches: [main] + +permissions: + contents: read + pull-requests: write + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/dependency-review-action@v4 + with: + comment-summary-in-pr: on-failure diff --git a/README.md b/README.md index d0d0cad..1165758 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ -# Amateur-God's ADB-Server Home assistant Addon +# Atlas Commons ADB-Server Home assistant Addon + +Contributions welcome — see [CONTRIBUTING.md](.github/CONTRIBUTING.md). PRs require DCO sign-off (`git commit -s`). ![Project Stage][project-stage-shield] @@ -20,7 +22,7 @@ ## About -Welcome to Amateur-God's Home Assistant Add-ons. This repository hosts the ADB-Server add-on, which provides an Android Debug Bridge (ADB) server for Home Assistant, including an ingress terminal for executing commands. +Welcome to the Atlas Commons Home Assistant Add-ons. This repository hosts the ADB-Server add-on, which provides an Android Debug Bridge (ADB) server for Home Assistant, including an ingress terminal for executing commands. ## Add-ons @@ -63,7 +65,7 @@ Key features include: 1. **Add the Repository to Home Assistant:** - In Home Assistant, go to `Supervisor > Add-on Store`. - Click the three-dot menu at the top right and select `Repositories`. - - Add the following URL: `https://github.com/Amateur-God/Hassio-Addons`. + - Add the following URL: `https://github.com/Atlas-Commons/Hassio-Addons`. 2. **Install the ADB-Server Add-on:** - Find the ADB-Server add-on in the list and click on it. @@ -106,7 +108,7 @@ Got questions or need help? You have several options to get them answered: - The [Home Assistant Community Add-ons Discord chat server][discord] for add-on support and feature requests.--> -- The [The Viking Studios chat server][discord-vs] for general Home Assistant discussions and questions. +- The [Atlas Commons chat server][discord-vs] for general Home Assistant discussions and questions. @@ -120,7 +122,7 @@ Thank you for your interest and contributions! :heart_eyes: ## Authors & Contributors -This repository is maintained by [Amateur-God](https://github.com/Amateur-God). For a full list of all authors and contributors, check [the contributor's page][contributors]. +This repository is maintained by [Atlas Commons](https://github.com/Atlas-Commons). For a full list of all authors and contributors, check [the contributor's page][contributors].