diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..795d5dd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,41 @@ +--- +name: Bug Report +about: Report a bug to help us improve +title: "[BUG] " +labels: bug +assignees: "" +--- + +## ๐Ÿ› Bug Description + +A clear and concise description of what the bug is. + +## ๐Ÿ” Steps to Reproduce + +1. Go to '...' +2. Click on '...' +3. Scroll down to '...' +4. See error + +## โœ… Expected Behavior + +A clear and concise description of what you expected to happen. + +## โŒ Actual Behavior + +A clear and concise description of what actually happened. + +## ๐Ÿ–ฅ๏ธ Environment + +- **OS:** [e.g. Ubuntu 22.04, Windows 11, macOS 14] +- **Browser:** [e.g. Chrome 120, Firefox 121] _(if applicable)_ +- **Version / Commit:** [e.g. v1.2.3 or commit SHA] +- **Node / Java / Rust version:** [e.g. Node 20, Java 21, Rust 1.75] _(if applicable)_ + +## ๐Ÿ“ธ Screenshots + +If applicable, add screenshots to help explain your problem. + +## ๐Ÿ“ Additional Context + +Add any other context about the problem here (logs, stack traces, related issues, etc.). diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..32db804 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: ๐Ÿ’ฌ Community Discussions + url: https://github.com/orgs/Magenta-Mause/discussions + about: Ask questions or start a conversation with the community. + - name: ๐Ÿ”’ Security Vulnerability + url: https://github.com/Magenta-Mause/.github/blob/main/SECURITY.md + about: Please report security vulnerabilities privately using our security policy. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..61cc7ca --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,27 @@ +--- +name: Feature Request +about: Suggest a new feature or enhancement +title: "[FEAT] " +labels: enhancement +assignees: "" +--- + +## ๐Ÿš€ Feature Description + +A clear and concise description of the feature you'd like to see. + +## ๐Ÿ’ก Use Case / Motivation + +Why is this feature needed? What problem does it solve? Who benefits from it? + +## ๐Ÿ› ๏ธ Proposed Solution + +Describe the solution you'd like. Include any API changes, UI mock-ups, or technical details if available. + +## ๐Ÿ”„ Alternatives Considered + +Describe any alternative solutions or features you've considered, and why you prefer the proposed solution. + +## ๐Ÿ“ Additional Context + +Add any other context, screenshots, or references about the feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..6a43558 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,48 @@ +## ๐Ÿ“ Description + +A clear and concise description of what this pull request does. + +## ๐Ÿ”– Type of Change + +Please check the relevant option(s): + +- [ ] ๐Ÿ› Bug fix (non-breaking change that fixes an issue) +- [ ] โœจ New feature (non-breaking change that adds functionality) +- [ ] ๐Ÿ’ฅ Breaking change (fix or feature that would cause existing functionality to change) +- [ ] ๐Ÿ“š Documentation update +- [ ] ๐Ÿ”ง Refactor / code cleanup (no functional change) +- [ ] ๐Ÿš€ Performance improvement +- [ ] ๐Ÿ”’ Security fix + +## ๐Ÿ”— Related Issues + +Closes + +## ๐Ÿงช Testing Performed + +Describe the tests you ran to verify your changes: + +- [ ] Unit tests pass (`npm test` / `mvn test` / `cargo test`) +- [ ] Integration tests pass +- [ ] Manual testing performed (describe steps below) + +**Manual test steps:** + +1. +2. +3. + +## โœ… Checklist + +- [ ] My code follows the code style of this project (linter passes) +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code where necessary (especially complex logic) +- [ ] I have updated the documentation accordingly +- [ ] My changes generate no new warnings +- [ ] I have added tests that prove my fix/feature works +- [ ] All new and existing tests pass +- [ ] Any dependent changes have been merged and published + +## ๐Ÿ“ธ Screenshots (if applicable) + + diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..5317bad --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,77 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement by opening a private issue or contacting the maintainers directly via GitHub. All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact:** Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence:** A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact:** A violation through a single incident or series of actions. + +**Consequence:** A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact:** A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence:** A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact:** Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence:** A permanent ban from any sort of public interaction within the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html). + +Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). + +For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). Translations are available at [https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..f9d1e0a --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,121 @@ +# Contributing to Magenta-Mause Projects + +Thank you for your interest in contributing! This guide explains how to participate in our projects effectively. + +--- + +## ๐Ÿ“‹ Table of Contents + +1. [How to Submit Issues](#how-to-submit-issues) +2. [How to Submit Pull Requests](#how-to-submit-pull-requests) +3. [Code Style Guidelines](#code-style-guidelines) +4. [Commit Message Conventions](#commit-message-conventions) +5. [Review Process](#review-process) +6. [Development Setup](#development-setup) + +--- + +## ๐Ÿ› How to Submit Issues + +1. **Search first** โ€” check if the issue already exists in the repository's issue tracker. +2. **Use a template** โ€” select the appropriate template (Bug Report or Feature Request) when opening an issue. +3. **Be descriptive** โ€” include as much relevant detail as possible (steps to reproduce, environment, logs, screenshots). +4. **One issue per ticket** โ€” avoid combining multiple unrelated bugs or features in a single issue. + +--- + +## ๐Ÿ”€ How to Submit Pull Requests + +1. **Fork the repository** and create your branch from `main` (or the relevant base branch). +2. **Branch naming convention:** + - `feat/` โ€” new feature + - `fix/` โ€” bug fix + - `docs/` โ€” documentation changes + - `chore/` โ€” maintenance, refactoring, tooling +3. **Keep PRs focused** โ€” one logical change per PR. Avoid mixing unrelated changes. +4. **Fill in the PR template** completely before requesting a review. +5. **Link related issues** โ€” use `Fixes #` in the PR description to auto-close issues on merge. +6. **Ensure CI passes** โ€” all automated checks must pass before a PR can be merged. +7. **Request a review** โ€” assign at least one reviewer from the core team. + +--- + +## ๐ŸŽจ Code Style Guidelines + +Each repository may have its own linter configuration. Always check the repository's README for project-specific tooling. General guidelines: + +- **Java:** Follow standard Java conventions; formatting enforced via Checkstyle/Spotless where configured. +- **TypeScript / JavaScript:** ESLint + Prettier are used; run `npm run lint` and `npm run format` before committing. +- **Rust:** Use `rustfmt` (`cargo fmt`) and `clippy` (`cargo clippy`) before committing. + +Run the linter locally before pushing to avoid CI failures. + +--- + +## ๐Ÿ’ฌ Commit Message Conventions + +We follow [Conventional Commits](https://www.conventionalcommits.org/). + +**Format:** + +``` +(): + +[optional body] + +[optional footer(s)] +``` + +**Types:** + +| Type | Description | +| :--------- | :-------------------------------------------------------- | +| `feat` | A new feature | +| `fix` | A bug fix | +| `docs` | Documentation changes only | +| `style` | Code style changes (formatting, missing semicolons, etc.) | +| `refactor` | Code refactoring without feature/bug changes | +| `perf` | Performance improvements | +| `test` | Adding or updating tests | +| `chore` | Build process, tooling, or dependency updates | +| `ci` | Changes to CI/CD configuration | + +**Examples:** + +``` +feat(auth): add JWT refresh token support +fix(frontend): correct button alignment on mobile +docs(readme): update deployment instructions +chore(deps): bump spring-boot to 3.2.1 +``` + +--- + +## ๐Ÿ” Review Process + +1. A PR requires **at least one approving review** from a core team member before merging. +2. Reviewers may request changes โ€” address all comments before re-requesting a review. +3. Maintainers may squash commits on merge to keep the history clean. +4. PRs are merged using **squash and merge** or **rebase and merge** โ€” no merge commits on `main`. + +--- + +## ๐Ÿ› ๏ธ Development Setup + +Each project has its own development setup. Please refer to the `README.md` in the specific repository for setup instructions: + +- [medals-backend](https://github.com/Magenta-Mause/medals-backend) +- [medals-frontend](https://github.com/Magenta-Mause/medals-frontend) +- [cosy-backend](https://github.com/Magenta-Mause/cosy-backend) +- [cosy-frontend](https://github.com/Magenta-Mause/cosy-frontend) +- [cosy-gameapi](https://github.com/Magenta-Mause/cosy-gameapi) + +--- + +## ๐Ÿค Code of Conduct + +By participating in this project, you agree to abide by our [Code of Conduct](CODE_OF_CONDUCT.md). Please treat everyone with respect. + +--- + +If you have any questions, feel free to open a [discussion](https://github.com/orgs/Magenta-Mause/discussions) or reach out via the repository's issue tracker. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..6353d26 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,72 @@ +# Security Policy + +## ๐Ÿ”’ Reporting a Vulnerability + +We take security vulnerabilities seriously. If you discover a security issue in any Magenta-Mause project, **please do not open a public GitHub issue**. Public disclosure of a vulnerability before a fix is available could put users at risk. + +### How to Report + +1. **GitHub Private Vulnerability Reporting (preferred):** Use GitHub's [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) feature in the affected repository. +2. **Email:** If private reporting is not available for the specific repository, contact the maintainers directly by opening a **private** security advisory in this repository: [Magenta-Mause/.github/security/advisories/new](https://github.com/Magenta-Mause/.github/security/advisories/new). + +### What to Include + +Please include as much of the following information as possible to help us understand and resolve the issue quickly: + +- **Description** of the vulnerability and its potential impact +- **Affected repository and version(s)** +- **Steps to reproduce** the vulnerability +- **Proof of concept** or exploit code (if available) +- **Suggested fix** (if you have one) + +--- + +## ๐Ÿ“ฌ Security Contact + +If you are unable to use GitHub's private vulnerability reporting, you may contact the organization maintainers through the GitHub organization page: +[https://github.com/Magenta-Mause](https://github.com/Magenta-Mause) + +--- + +## โฑ๏ธ Response Timeline + +| Stage | Target Time | +| :--------------------------- | :----------- | +| Initial acknowledgement | Within 72 hours | +| Vulnerability assessment | Within 7 days | +| Fix & coordinated disclosure | Within 90 days | + +We will keep you informed throughout the process and credit you in the security advisory if you wish. + +--- + +## ๐Ÿ›ก๏ธ Supported Versions + +We actively maintain and apply security fixes to the latest released version of each project. Older versions may not receive security patches. + +| Project | Supported versions | +| :---------------- | :----------------------- | +| medals-backend | Latest release | +| medals-frontend | Latest release | +| cosy-backend | Latest release | +| cosy-frontend | Latest release | +| cosy-gameapi | Latest release | + +--- + +## ๐Ÿšซ Out of Scope + +The following are generally **not** considered security vulnerabilities for our projects: + +- Theoretical attacks without a working proof of concept +- Issues in third-party dependencies (please report those upstream) +- Social engineering attacks +- Denial-of-service attacks that require physical access + +--- + +## ๐Ÿ™ Responsible Disclosure + +We follow responsible disclosure principles. After a fix is deployed, we will publish a security advisory crediting the reporter (unless anonymity is requested). + +Thank you for helping keep Magenta-Mause projects and their users safe!