diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md new file mode 100644 index 0000000..8afd5ee --- /dev/null +++ b/.claude/CLAUDE.md @@ -0,0 +1,29 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Repository Purpose + +This repository is currently empty. It exists as a starting point — the workflows, +linter configs, and contribution scaffolding under `.github/`, `.vscode/`, and `.claude/` +are the canonical Senzing baseline, but no project code lives here yet. + +When work begins, replace this section with: + +- A short description of what the repository builds or contains. +- Build / test / lint commands (typically driven by `make`). +- Notable architecture decisions or external dependencies a contributor needs to know. +- Any CI/CD workflows specific to this project (beyond the standard add-labels / + add-to-project / dependabot / lint-workflows / spellcheck baseline that's already wired up). + +## CI/CD Workflows (baseline) + +- `add-labels-standardized.yaml` — labels new/reopened issues. +- `add-to-project-senzing.yaml` / `add-to-project-senzing-dependabot.yaml` — adds issues + and Dependabot PRs to the Senzing project board. +- `claude-pr-review.yaml` — runs Claude review on PR open/synchronize. +- `dependabot-approve-and-merge.yaml` — auto-approves and merges Dependabot PRs. +- `link-issues-to-pr-post-merge.yaml` — closes referenced issues when a PR merges. +- `lint-workflows.yaml` — super-linter pass over `.github/workflows`. +- `move-pr-to-done-dependabot.yaml` — moves merged Dependabot PRs to "Done" on the board. +- `spellcheck.yaml` — cspell over the repo. diff --git a/.claude/commands/senzing.md b/.claude/commands/senzing.md new file mode 100644 index 0000000..d07dc3d --- /dev/null +++ b/.claude/commands/senzing.md @@ -0,0 +1,3 @@ +# Senzing + +- Perform the steps specified by diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 0000000..bcf43f6 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,3 @@ +{ + "includeCoAuthoredBy": false +} diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..36bf3ae --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +# Default code owner + +* @Senzing/senzing-community + +/.github/ @Senzing/senzing-devsecops diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1ff14db --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + assignees: + - "kernelsam" + cooldown: + default-days: 21 + exclude: + - "senzing-factory/*" + directory: "/" + groups: + senzing-factory: + patterns: + - "senzing-factory/*" + schedule: + interval: "daily" diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json new file mode 100644 index 0000000..8f0f293 --- /dev/null +++ b/.github/linters/.jscpd.json @@ -0,0 +1,3 @@ +{ + "threshold": 4 +} diff --git a/.github/linters/.yaml-lint.yml b/.github/linters/.yaml-lint.yml new file mode 100644 index 0000000..01abb0c --- /dev/null +++ b/.github/linters/.yaml-lint.yml @@ -0,0 +1,12 @@ +# Extends the default yamllint config by adjusting some options. +extends: default + +rules: + comments: + min-spaces-from-content: 1 + document-start: disable + comments-indentation: disable + line-length: + level: warning + allow-non-breakable-inline-mappings: true + truthy: disable diff --git a/.github/linters/zizmor.yaml b/.github/linters/zizmor.yaml new file mode 100644 index 0000000..bed072b --- /dev/null +++ b/.github/linters/zizmor.yaml @@ -0,0 +1,7 @@ +rules: + secrets-outside-env: + disable: true + unpinned-uses: + config: + policies: + "*": ref-pin diff --git a/.github/senzing-corporate-contributor-license-agreement.pdf b/.github/senzing-corporate-contributor-license-agreement.pdf new file mode 100644 index 0000000..dac5edb Binary files /dev/null and b/.github/senzing-corporate-contributor-license-agreement.pdf differ diff --git a/.github/senzing-individual-contributor-license-agreement.pdf b/.github/senzing-individual-contributor-license-agreement.pdf new file mode 100644 index 0000000..12ea6bd Binary files /dev/null and b/.github/senzing-individual-contributor-license-agreement.pdf differ diff --git a/.github/workflows/add-labels-standardized.yaml b/.github/workflows/add-labels-standardized.yaml new file mode 100644 index 0000000..6a4b753 --- /dev/null +++ b/.github/workflows/add-labels-standardized.yaml @@ -0,0 +1,20 @@ +name: Add labels standardized + +on: + issues: + types: + - opened + - reopened + +permissions: {} + +jobs: + add-issue-labels: + permissions: + issues: write + secrets: + ORG_MEMBERSHIP_TOKEN: ${{ secrets.ORG_MEMBERSHIP_TOKEN }} + MEMBERS: ${{ secrets.SENZING_MEMBERS }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + uses: senzing-factory/build-resources/.github/workflows/add-labels-to-issue.yaml@v4 diff --git a/.github/workflows/add-to-project-senzing-dependabot.yaml b/.github/workflows/add-to-project-senzing-dependabot.yaml new file mode 100644 index 0000000..0477344 --- /dev/null +++ b/.github/workflows/add-to-project-senzing-dependabot.yaml @@ -0,0 +1,19 @@ +name: Add to project senzing github organization dependabot + +on: + pull_request: + branches: [main] + +permissions: {} + +jobs: + add-to-project-dependabot: + permissions: + repository-projects: write + secrets: + PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + uses: senzing-factory/build-resources/.github/workflows/add-to-project-dependabot.yaml@v4 + with: + project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} diff --git a/.github/workflows/add-to-project-senzing.yaml b/.github/workflows/add-to-project-senzing.yaml new file mode 100644 index 0000000..e818753 --- /dev/null +++ b/.github/workflows/add-to-project-senzing.yaml @@ -0,0 +1,22 @@ +name: Add to project senzing github organization + +on: + issues: + types: + - opened + - reopened + +permissions: {} + +jobs: + add-to-project: + permissions: + repository-projects: write + secrets: + PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + uses: senzing-factory/build-resources/.github/workflows/add-to-project.yaml@v4 + with: + project-number: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} + org: ${{ vars.SENZING_GITHUB_ACCOUNT_NAME }} diff --git a/.github/workflows/claude-pr-review.yaml b/.github/workflows/claude-pr-review.yaml new file mode 100644 index 0000000..374410f --- /dev/null +++ b/.github/workflows/claude-pr-review.yaml @@ -0,0 +1,20 @@ +name: Claude PR Review + +on: + pull_request: + types: [opened, synchronize] + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +permissions: {} + +jobs: + review: + uses: senzing-factory/build-resources/.github/workflows/claude-pull-request-review.yaml@v4 + permissions: + contents: read + pull-requests: write + secrets: + CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} diff --git a/.github/workflows/dependabot-approve-and-merge.yaml b/.github/workflows/dependabot-approve-and-merge.yaml new file mode 100644 index 0000000..3b5e853 --- /dev/null +++ b/.github/workflows/dependabot-approve-and-merge.yaml @@ -0,0 +1,20 @@ +name: Dependabot approve and merge + +on: + pull_request: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +permissions: {} + +jobs: + dependabot-approve-and-merge: + permissions: + contents: write + pull-requests: write + secrets: + CODEOWNER_PR_RW_TOKEN: ${{ secrets.SENZING_GITHUB_CODEOWNER_PR_RW_TOKEN }} + uses: senzing-factory/build-resources/.github/workflows/dependabot-approve-and-merge.yaml@v4 diff --git a/.github/workflows/link-issues-to-pr-post-merge.yaml b/.github/workflows/link-issues-to-pr-post-merge.yaml new file mode 100644 index 0000000..1e54021 --- /dev/null +++ b/.github/workflows/link-issues-to-pr-post-merge.yaml @@ -0,0 +1,16 @@ +name: Link Issues to PR Post Merge + +on: + pull_request: + types: [closed] + +permissions: {} + +jobs: + link-issues: + # Only run if PR was actually merged (not just closed) + if: github.event.pull_request.merged == true + permissions: + pull-requests: write + contents: read + uses: senzing-factory/build-resources/.github/workflows/link-issues-to-pull-request-post-merge.yaml@v4 diff --git a/.github/workflows/lint-workflows.yaml b/.github/workflows/lint-workflows.yaml new file mode 100644 index 0000000..2d82e04 --- /dev/null +++ b/.github/workflows/lint-workflows.yaml @@ -0,0 +1,20 @@ +name: Lint workflows + +on: + pull_request: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +permissions: {} + +jobs: + lint-workflows: + permissions: + contents: read + packages: read + pull-requests: write + statuses: write + uses: senzing-factory/build-resources/.github/workflows/lint-workflows.yaml@v4 diff --git a/.github/workflows/move-pr-to-done-dependabot.yaml b/.github/workflows/move-pr-to-done-dependabot.yaml new file mode 100644 index 0000000..1eab447 --- /dev/null +++ b/.github/workflows/move-pr-to-done-dependabot.yaml @@ -0,0 +1,18 @@ +name: Move pr to done dependabot + +on: + pull_request: + branches: [main] + types: [closed] + +permissions: {} + +jobs: + move-pr-to-done-dependabot: + permissions: + repository-projects: write + secrets: + PROJECT_RW_TOKEN: ${{ secrets.SENZING_GITHUB_PROJECT_RW_TOKEN }} + uses: senzing-factory/build-resources/.github/workflows/move-pr-to-done-dependabot.yaml@v4 + with: + project: ${{ vars.SENZING_GITHUB_ORGANIZATION_PROJECT }} diff --git a/.github/workflows/spellcheck.yaml b/.github/workflows/spellcheck.yaml new file mode 100644 index 0000000..2474a9e --- /dev/null +++ b/.github/workflows/spellcheck.yaml @@ -0,0 +1,17 @@ +name: Spellcheck + +on: + pull_request: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +permissions: {} + +jobs: + spellcheck: + permissions: + contents: read + uses: senzing-factory/build-resources/.github/workflows/cspell.yaml@v4 diff --git a/.vscode/cspell.json b/.vscode/cspell.json new file mode 100644 index 0000000..787644b --- /dev/null +++ b/.vscode/cspell.json @@ -0,0 +1,17 @@ +{ + "version": "0.2", + "language": "en", + "words": [ + "bootcamp", + "CCLA", + "cooldown", + "esbenp", + "ICLA", + "kernelsam", + "Senzing", + "senzingsdk", + "trixie", + "zizmor" + ], + "ignorePaths": [".git/**"] +} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..9604eb0 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,12 @@ +{ + "[json]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[markdown]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "[yaml]": { + "editor.defaultFormatter": "esbenp.prettier-vscode" + }, + "editor.formatOnSave": true +} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..6781f3f --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The changelog format is based on [Keep a Changelog] and [CommonMark]. +This project adheres to [Semantic Versioning]. + +## [Unreleased] + +### Changed in Unreleased + +[CommonMark]: https://commonmark.org/ +[Keep a Changelog]: https://keepachangelog.com/ +[Semantic Versioning]: https://semver.org/ diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..086972c --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,97 @@ +# Contributor Covenant 3.0 Code of Conduct + +## Our Pledge + +We pledge to make our community welcoming, safe, and equitable for all. + +We are committed to fostering an environment that respects and promotes the dignity, rights, and contributions of all individuals, +regardless of characteristics including race, ethnicity, caste, color, age, physical characteristics, neurodiversity, disability, +sex or gender, gender identity or expression, sexual orientation, language, philosophy or religion, national or social origin, +socio-economic position, level of education, or other status. +The same privileges of participation are extended to everyone who participates in good faith and in accordance with this Covenant. + +## Encouraged Behaviors + +While acknowledging differences in social norms, we all strive to meet our community's expectations for positive behavior. +We also understand that our words and actions may be interpreted differently than we intend based on culture, background, or native language. + +With these considerations in mind, we agree to behave mindfully toward each other and act in ways that center our shared values, including: + +1. Respecting the **purpose of our community**, our activities, and our ways of gathering. +2. Engaging **kindly and honestly** with others. +3. Respecting **different viewpoints** and experiences. +4. **Taking responsibility** for our actions and contributions. +5. Gracefully giving and accepting **constructive feedback**. +6. Committing to **repairing harm** when it occurs. +7. Behaving in other ways that promote and sustain the **well-being of our community**. + +## Restricted Behaviors + +We agree to restrict the following behaviors in our community. Instances, threats, and promotion of these behaviors are violations of this Code of Conduct. + +1. **Harassment.** Violating explicitly expressed boundaries or engaging in unnecessary personal attention after any clear request to stop. +2. **Character attacks.** Making insulting, demeaning, or pejorative comments directed at a community member or group of people. +3. **Stereotyping or discrimination.** Characterizing anyone's personality or behavior on the basis of immutable identities or traits. +4. **Sexualization.** Behaving in a way that would generally be considered inappropriately intimate in the context or purpose of the community. +5. **Violating confidentiality**. Sharing or acting on someone's personal or private information without their permission. +6. **Endangerment.** Causing, encouraging, or threatening violence or other harm toward any person or group. +7. Behaving in other ways that **threaten the well-being** of our community. + +### Other Restrictions + +1. **Misleading identity.** Impersonating someone else for any reason, or pretending to be someone else to evade enforcement actions. +2. **Failing to credit sources.** Not properly crediting the sources of content you contribute. +3. **Promotional materials**. Sharing marketing or other commercial content in a way that is outside the norms of the community. +4. **Irresponsible communication.** Failing to responsibly present content which includes, links or describes any other restricted behaviors. + +## Reporting an Issue + +Tensions can occur between community members even when they are trying their best to collaborate. +Not every conflict represents a code of conduct violation, and this Code of Conduct reinforces encouraged behaviors and norms that can help avoid conflicts and minimize harm. + +When an incident does occur, it is important to report it promptly. +To report a possible violation, contact the project team at + +Community Moderators take reports of violations seriously and will make every effort to respond in a timely manner. +They will investigate all reports of code of conduct violations, reviewing messages, logs, and recordings, or interviewing witnesses and other participants. +Community Moderators will keep investigation and enforcement actions as transparent as possible while prioritizing safety and confidentiality. +In order to honor these values, enforcement actions are carried out in private with the involved parties, but communicating to the whole community may be part of a mutually agreed upon resolution. + +## Addressing and Repairing Harm + +If an investigation by the Community Moderators finds that this Code of Conduct has been violated, the following enforcement ladder may be used to determine how best to repair harm, based on the incident's impact on the individuals involved and the community as a whole. +Depending on the severity of a violation, lower rungs on the ladder may be skipped. + +1. Warning + 1. Event: A violation involving a single incident or series of incidents. + 2. Consequence: A private, written warning from the Community Moderators. + 3. Repair: Examples of repair include a private written apology, acknowledgement of responsibility, and seeking clarification on expectations. +2. Temporarily Limited Activities + 1. Event: A repeated incidence of a violation that previously resulted in a warning, or the first incidence of a more serious violation. + 2. Consequence: A private, written warning with a time-limited cooldown period designed to underscore the seriousness of the situation and give the community members involved time to process the incident. The cooldown period may be limited to particular communication channels or interactions with particular community members. + 3. Repair: Examples of repair may include making an apology, using the cooldown period to reflect on actions and impact, and being thoughtful about re-entering community spaces after the period is over. +3. Temporary Suspension + 1. Event: A pattern of repeated violation which the Community Moderators have tried to address with warnings, or a single serious violation. + 2. Consequence: A private written warning with conditions for return from suspension. In general, temporary suspensions give the person being suspended time to reflect upon their behavior and possible corrective actions. + 3. Repair: Examples of repair include respecting the spirit of the suspension, meeting the specified conditions for return, and being thoughtful about how to reintegrate with the community when the suspension is lifted. +4. Permanent Ban + 1. Event: A pattern of repeated code of conduct violations that other steps on the ladder have failed to resolve, or a violation so serious that the Community Moderators determine there is no way to keep the community safe with this person as a member. + 2. Consequence: Access to all community spaces, tools, and communication channels is removed. In general, permanent bans should be rarely used, should have strong reasoning behind them, and should only be resorted to if working through other remedies has failed to change the behavior. + 3. Repair: There is no possible repair in cases of this severity. + +This enforcement ladder is intended as a guideline. It does not limit the ability of Community Managers to use their discretion and judgment, in keeping with the best interests of our community. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public or other spaces. +Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event. + +## Attribution + +This Code of Conduct is adapted from the Contributor Covenant, version 3.0, permanently available at [https://www.contributor-covenant.org/version/3/0/](https://www.contributor-covenant.org/version/3/0/). + +Contributor Covenant is stewarded by the Organization for Ethical Source and licensed under CC BY-SA 4.0. To view a copy of this license, visit [https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/) + +For answers to common questions about Contributor Covenant, see the FAQ at [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). +Translations are provided at [https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations). Additional enforcement and community guideline resources can be found at [https://www.contributor-covenant.org/resources](https://www.contributor-covenant.org/resources). +The enforcement ladder was inspired by the work of [Mozilla's code of conduct team](https://github.com/mozilla/inclusion). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..c4b4409 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,121 @@ +# Contributing + +Welcome to the project! + +We encourage contribution in a manner consistent with the [Code of Conduct]. +The following will guide you through the process. + +There are a number of ways you can contribute: + +1. [Asking questions] +1. [Requesting features] +1. [Reporting bugs] +1. [Contributing code or documentation] + +## License Agreements + +If your contribution modifies the Git repository, the following agreements must be established. + +_Note:_ License agreements are only needed for adding, modifying, and deleting artifacts kept within the repository. +In simple terms, license agreements are needed before pull requests can be accepted. +A license agreement is not needed for submitting feature request, bug reporting, or other project management. + +### Individual Contributor License Agreement + +In order to contribute to this repository, an [Individual Contributor License Agreement (ICLA)] must be completed, submitted, and accepted. + +### Corporate Contributor License Agreement + +If the contribution to this repository is on behalf of a company, a [Corporate Contributor License Agreement (CCLA)] must also be completed, submitted, and accepted. + +### Project License Agreement + +The license agreement for this repository is stated in the [LICENSE] file. + +## Questions + +Please do not use the GitHub issue tracker to submit questions. + +Instead, email . +For open discussions, use GitHub's [Discussions]. + +## Feature Requests + +All feature requests are "GitHub issues". +To request a feature, create a [GitHub issue] in this repository. + +When creating an issue, there will be a choice to create a "Bug report" or a "Feature request". +Choose "Feature request". + +## Bug Reporting + +All bug reports are "GitHub issues". +Before reporting on a bug, check to see if it has [already been reported]. +To report a bug, create a [GitHub issue] in this repository. + +When creating an issue, there will be a choice to create a "Bug report" or a "Feature request". +Choose "Bug report". + +## Contributing code or documentation + +To contribute code or documentation to the repository, you must have [License Agreements] in place. +This needs to be complete before a [Pull Request] can be accepted. + +### Setting up a development environment + +#### Set Environment variables + +These variables may be modified, but do not need to be modified. +The variables are used throughout the installation procedure. + +```console +export GIT_ACCOUNT=senzing +export GIT_REPOSITORY=bootcamp +``` + +Synthesize environment variables. + +```console +export GIT_ACCOUNT_DIR=~/${GIT_ACCOUNT}.git +export GIT_REPOSITORY_DIR="${GIT_ACCOUNT_DIR}/${GIT_REPOSITORY}" +export GIT_REPOSITORY_URL="git@github.com:${GIT_ACCOUNT}/${GIT_REPOSITORY}.git" +``` + +#### Clone repository + +Get repository. + +```console +mkdir --parents ${GIT_ACCOUNT_DIR} +cd ${GIT_ACCOUNT_DIR} +git clone ${GIT_REPOSITORY_URL} +cd ${GIT_REPOSITORY_DIR} +``` + +### Coding conventions + +### Testing + +### Pull Requests + +Code in the main branch is modified via GitHub pull request. +Follow GitHub's [Creating a pull request from a branch] or +[Creating a pull request from a fork] instructions. + +Accepting pull requests will be at the discretion of Senzing, Inc. and the repository owner(s). + +[already been reported]: https://github.com/search?q=+is%3Aissue+user%3Asenzing +[Asking questions]: #questions +[Code of Conduct]: CODE_OF_CONDUCT.md +[Contributing code or documentation]: #contributing-code-or-documentation +[Corporate Contributor License Agreement (CCLA)]: .github/senzing-corporate-contributor-license-agreement.pdf +[Creating a pull request from a branch]: https://help.github.com/articles/creating-a-pull-request/ +[Creating a pull request from a fork]: https://help.github.com/articles/creating-a-pull-request-from-a-fork/ +[Discussions]: https://github.com/senzing/bootcamp/discussions +[GitHub issue]: https://help.github.com/articles/creating-an-issue/ +[Individual Contributor License Agreement (ICLA)]: .github/senzing-individual-contributor-license-agreement.pdf +[License Agreements]: #license-agreements +[LICENSE]: LICENSE +[Pull Request]: #pull-requests +[Reporting bugs]: #bug-reporting +[Requesting features]: #feature-requests