From c05e6faf2e8b5ba00b2b4d8d282a0c8f2243e2a5 Mon Sep 17 00:00:00 2001 From: David Walter Date: Thu, 28 May 2026 09:10:31 +0200 Subject: [PATCH 1/2] =?UTF-8?q?docs(ospo):=20community=20health=20rollout?= =?UTF-8?q?=20v2=20=E2=80=94=20README,=20agents.md,=20health=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduced by the Kiteworks Open Source Program Office (OSPO) on May 5, 2026. Changes: - README.md: rewritten with OSPO v2 template — license-specific migration guidance, Community & Support section, Contributing workflow, Security section pointing to security.owncloud.com + YesWeHack bug bounty - agents.md: AI agent context file with architecture, build commands, and OSPO Policy Constraints (GitHub Actions, Dependabot, Git Workflow) - CODE_OF_CONDUCT.md: redirect to https://owncloud.com/contribute/code-of-conduct/ - CONTRIBUTING.md: redirect to https://owncloud.com/contribute/ - SECURITY.md: redirect to https://security.owncloud.com + YesWeHack - SUPPORT.md: redirect to https://owncloud.com/contact-us/ + channels OSPO: https://kiteworks.com/opensource Signed-off-by: David Walter --- CODE_OF_CONDUCT.md | 8 ++ CONTRIBUTING.md | 9 +++ README.md | 177 ++++++++++++++++++++++++--------------------- SECURITY.md | 11 +++ SUPPORT.md | 10 +++ agents.md | 61 ++++++++++++++++ 6 files changed, 195 insertions(+), 81 deletions(-) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md create mode 100644 agents.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..ce144bf1 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,8 @@ +# Code of Conduct + +This project follows the ownCloud Code of Conduct. + +Please read the full Code of Conduct at: +**** + +By participating in this project, you agree to abide by its terms. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..65c99156 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,9 @@ +# Contributing + +Thank you for your interest in contributing to this project! + +Please read the full contributing guidelines at: +**** + +For development setup, coding standards, and pull request process, +see the README in this repository. diff --git a/README.md b/README.md index 931c557c..79c58716 100644 --- a/README.md +++ b/README.md @@ -1,132 +1,147 @@ +# iOS Scenario Testing -Scenarios contained in feature files written in Gherkin language. -Available scenarios can be found -[here](ios-scenario-testing/src/test/resources/io/cucumber). + -Defined for the [ownCloud iOS app](https://github.com/owncloud/ios) +[![License](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) [![ownCloud OSPO](https://img.shields.io/badge/OSPO-ownCloud-blue)](https://kiteworks.com/opensource) +End-to-end test automation framework for the ownCloud iOS app, using Gherkin-syntax feature files processed by Cucumber with Appium for device and simulator interaction. Written in Java, this project defines and executes behavioral scenarios against the iOS app to verify functionality across releases. -## Global overview +## Getting Started -- Scenarios are defined with [Gherkin -Syntax](https://cucumber.io/docs/gherkin/). +Follow the steps below to set up and run the end-to-end test suite. -- Steps are interpreted by [Cucumber](https://cucumber.io/). +### Prerequisites -- Step implementation language: -[Java](https://docs.oracle.com/javase/7/docs/) +- Java JDK +- Gradle +- Appium instance running and reachable +- iOS simulator attached and reachable +- `authorize-ios`, `ios-deploy`, `ideviceinstaller`, `ios-webkit-debug-proxy`, `ios-sim` -- Device interaction with [Appium](http://appium.io/) +### Running Tests -- Reports generated with [Cucumber Reports](https://reports.cucumber.io/) +```bash +git clone https://github.com/owncloud/ios-scenario-testing.git +cd ios-scenario-testing +./gradlew test +``` -![](architecture.png) +## Documentation -## Get the code +- [Gherkin Syntax Reference](https://cucumber.io/docs/gherkin/) +- [Appium Documentation](http://appium.io/) +- [Cucumber Reports](https://reports.cucumber.io/) -- With git: +## Part of the ownCloud Mobile Ecosystem -`git clone https://github.com/owncloud/ios-scenario-testing.git` +This repository provides automated scenario tests for the [ownCloud iOS app](https://github.com/owncloud/ios-app). Test results are published via [Cucumber Reports](https://reports.cucumber.io/). -- Download a [zip -file](https://github.com/owncloud/ios-scenario-testing/archive/master.zip) +## Reference +Key details from the project's test architecture and configuration: -## Requirements +### Architecture -Different requirements: +Tests use [Gherkin Syntax](https://cucumber.io/docs/gherkin/) scenarios interpreted by [Cucumber](https://cucumber.io/), with step implementations in Java and device interaction via [Appium](http://appium.io/). Reports are generated with [Cucumber Reports](https://reports.cucumber.io/). -* `Appium` instance running and reachable. +### Environment Variables -* At least, one iOS simulator attached and reachable. +| Variable | Required | Default | Description | +|---|---|---|---| +| `$OC_SERVER_URL` | Yes | -- | ownCloud server URL to test against | +| `$APPIUM_URL` | No | `localhost:4723/wd/hub` | Appium server URL | +| `$UDID_DEVICE` | No | -- | Simulator UDID (from `xcrun simctl list`) | -* The following libraries and dependencies to be installed: +### Building the App - * `authorize-ios`: A little utility that pre-authorizes Instruments to run UIAutomation scripts against iOS devices - * `ios-deploy` : Allows install and debug iOS apps from the command line - * `ideviceinstaller`: A command-line application to manage apps on iOS devices - * `ios-webkit-debug-proxy`: Allows to send commands to MobileSafari and UIWebViews - * `ios-sim` : Simulator manager (start, launch...) +Use the `buildapp/buildapp.sh` script to build the [ownCloud iOS app](https://github.com/owncloud/ios-app). The script disables the welcome wizard and release notes, forces basic auth, and moves the artifact to `src/test/resources/`. -## How to test +### Backend-Specific Tags -### 1. Build app +- `@nooc10` -- tests for oCIS only, not suitable for oC10 +- `@noocis` -- tests for oC10 only, not suitable for oCIS -First, build the [app](https://github.com/owncloud/ios-app) from the expected branch/commit to get the test object, by using the [buildapp](https://github.com/owncloud/ios-scenario-testing/blob/master/buildapp/buildapp.sh) script in the current repository. +Example: `./executeTests -t "not @ignore and not @noocis"` runs tests suitable for oCIS. -The [buildapp](https://github.com/owncloud/ios-scenario-testing/blob/master/buildapp/buildapp.sh) script: +### Test Results -- will disable welcome wizard -- will disable the release notes -- will set basic auth as forced authentication method, required to execute the test suites -- will move the final artifact to the correct place (`/src/test/resources` folder in the current structure) +Reports in HTML and JSON are generated in the `target/` directory. Integration with [Cucumber Reports](https://cucumber.io/docs/cucumber/reporting/?lang=java) is available by setting `CUCUMBER_PUBLISH_TOKEN` and enabling it in `cucumber.properties`. -Check the script's variables for the proper setup in your own environment or CI system. +### Version Matrix -In the current repository there will be always an `owncloud.app` file located in `/src/test/resources`, as example or fallback. +| Component | Version | +|---|---| +| Cucumber | 7.21.1 | +| Appium | 2.18.0 | +| Appium XCUITest Driver | 7.26.4 | +| Java Client | 9.4.0 | +## Community & Support -### 2. Execute tests +**[Star](https://github.com/owncloud/ios-scenario-testing)** this repo and **Watch** for release notifications! -The script `executeTests` will launch the tests. The following environment variables must be set in advance +- [ownCloud Website](https://owncloud.com) +- [Community Discussions](https://github.com/orgs/owncloud/discussions) +- [Matrix Chat](https://app.element.io/#/room/#owncloud:matrix.org) +- [Documentation](https://doc.owncloud.com) +- [Enterprise Support](https://owncloud.com/contact-us/) +- [OSPO Home](https://kiteworks.com/opensource) - $OC_SERVER_URL (mandatory): URL of ownCloud server to test against - $UDID_DEVICE (optional): UDID of the device to execute the tests against. - To get the UDID of available simulators, use the command `xcrun simctl list` - $APPIUM_URL (optional): Appium server URL. - If Appium Server is not specified, will be used "localhost:4723/wd/hub" +## Contributing -The script needs some parameters. Check help `executeTests -h` +We welcome contributions! Please read the [Contributing Guidelines](CONTRIBUTING.md) +and our [Code of Conduct](CODE_OF_CONDUCT.md) before getting started. -To execute all tests but the ignored ones (or any other tagged ones): +### Workflow - export UDID_DEVICE=F10FFCD4-CE92-4F40-B246-9709A4D4086A - export OC_SERVER_URL=https://my.owncloud.server - export APPIUM_URL=localhost:4723 - ./executeTests -t "not @ignore" +- **Rebase Early, Rebase Often!** We use a rebase workflow. Always rebase on the target branch before submitting a PR. +- **Dependabot**: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly. +- **Signed Commits**: All commits **must** be PGP/GPG signed. See [GitHub's signing guide](https://docs.github.com/en/authentication/managing-commit-signature-verification). +- **DCO Sign-off**: Every commit must carry a `Signed-off-by` line: + ``` + git commit -s -S -m "your commit message" + ``` +- **GitHub Actions Policy**: Workflows may only use actions that are (a) owned by `owncloud`, (b) created by GitHub (`actions/*`), or (c) verified in the GitHub Marketplace. -The execution will display step by step how the scenario is being executed. +## Security -More info in [Cucumber reference](https://cucumber.io/docs/cucumber/api/) +**Do not open a public GitHub issue for security vulnerabilities.** -**NOTE**: Since there are two kinds of backends available (oC10, oCIS), not all tests are suitable to be executed over both. Those tests have been tagged with: +Report vulnerabilities at **** -- see [SECURITY.md](SECURITY.md). -- `nooc10`: tests to be executed only over oCIS, not suitable for oC10. -- `noocis`: tests to be executed only over oC10, not suitable for oCIS. +Bug bounty: [YesWeHack ownCloud Program](https://yeswehack.com/programs/owncloud-bug-bounty-program) -It's important to execute the tests with the mentioned tags to avoid wrong positives. Example commands: +## License -`./executeTests -t "not @ignore and not @noocis"`
-This command will execute tests that are not ignored and suitable for oCIS. If this command is run over an oC10 instance, some tests will fail. +This project is licensed under the [MIT](LICENSE). -`./executeTests -t "not @ignore and not @nooc10"`
-This command will execute tests that are not ignored and suitable for oC10. If this command is run over an oCIS instance, some tests will fail. +## About the ownCloud OSPO +The [Kiteworks Open Source Program Office](https://kiteworks.com/opensource), operating under +the [ownCloud](https://owncloud.com) brand, launched on May 5, 2026, to steward the open source +ecosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance, +community health, and sustainable collaboration between the open source community and +[Kiteworks](https://www.kiteworks.com), which acquired ownCloud in 2023. -## Results +- **OSPO Home**: +- **GitHub**: +- **ownCloud**: -In the folder `target`, you will find a report with the execution results in html and json formats. +For questions about the OSPO or licensing, contact ospo@kiteworks.com. -Besides of that, by setting the `cucumber.properties` file allow to integrate reports with [Cucumber reports](https://cucumber.io/docs/cucumber/reporting/?lang=java). An account in such platform (integrated with GitHub) is enough to use it. A new env variable must be set in advance in order to send reports to the platform. Token is provided in the Cucumber Reports account for every collection: +### License Migration to Apache 2.0 - export CUCUMBER_PUBLISH_TOKEN=d97... +The OSPO is driving a strategic relicensing of ownCloud repositories toward the +[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0), following +the [Apache Software Foundation's third-party license policy](https://www.apache.org/legal/resolved.html). -Also, in `cucumber.properties` file with the following values (disabled by default): +Individual repositories will migrate as their audit is completed. The LICENSE file +in each repo reflects its **current** license status (not the target). - cucumber.publish.quiet=false - cucumber.publish.enabled=true +**Current license: MIT** (Category A per Apache policy -- permissive, compatible with Apache-2.0). -**Note**: This repository was forked from [Cucumber-java -skeleton](https://github.com/cucumber/cucumber-java-skeleton) -repository, which contains the base skeleton to start working. +Migration prerequisites for this repository: -## Versioning - -Up to date: 07/May/2025 - -|| | -|:-- |:------:| -| [Cucumber version](https://cucumber.io/docs/installation/java/) | 7.21.1 | -| [Appium version](https://github.com/appium/appium/releases)| 2.18.0 | -| [Appium xcuitest driver version](https://github.com/appium/appium-xcuitest-driver/releases)| 7.26.4 | -| [Java client version](https://github.com/appium/java-client/releases) | 9.4.0 | +- **CLA/DCO coverage**: All past contributors must have signed agreements permitting relicensing +- **Header updates**: All source file headers must be updated from MIT to Apache-2.0 notice +- **Dependency audit**: Verify no incompatible transitive dependencies diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..78094ae4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +## Reporting a Vulnerability + +**Do NOT open a public GitHub issue for security vulnerabilities.** + +Please report security issues responsibly via: +**** + +You can also report vulnerabilities through our YesWeHack bug bounty program: +**** diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 00000000..d87c0ca8 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,10 @@ +# Support + +For support with this project, please use the following channels: + +- **Enterprise Support**: +- **Community discussions**: https://github.com/orgs/owncloud/discussions +- **Matrix Chat**: +- **Documentation**: + +Please do not use GitHub issues for general support questions. diff --git a/agents.md b/agents.md new file mode 100644 index 00000000..8342783b --- /dev/null +++ b/agents.md @@ -0,0 +1,61 @@ +# agents.md -- iOS Scenario Testing + +## Repository Overview + +Automated end-to-end test framework for the ownCloud iOS app using Cucumber/Gherkin with Appium for device interaction. Written in Java with Gradle as the build system. Licensed under MIT. + +## Architecture & Key Paths + +- `src/` -- Java step definitions and test infrastructure +- `build.gradle` -- Gradle build configuration +- `gradlew` / `gradlew.bat` -- Gradle wrapper scripts +- `settings.gradle` -- Gradle settings +- `files/` -- Test fixture files +- `server/` -- Server-side test configuration +- `buildapp/` -- App build scripts +- `executeTests/` -- Test execution scripts +- `sample-dat/` -- Sample test data + +## Development Conventions + +- Feature files written in Gherkin syntax +- Step definitions in Java +- Gradle for build and dependency management +- Reports via Cucumber Reports service + +## Build & Test Commands + +```bash +./gradlew test # Run all tests +./gradlew build # Build the project +``` + +## Important Constraints + +- Licensed under MIT. The OSPO is driving Apache 2.0 migration across repositories. +- Do not introduce new **copyleft-licensed dependencies** (GPL, AGPL, LGPL, MPL) without explicit discussion in an issue first. This is especially important for repos that are migrating to or already under Apache 2.0, as copyleft dependencies would block or complicate that migration. +- Requires a running Appium instance and iOS simulator. +- All contributions require a DCO sign-off. + + +## OSPO Policy Constraints + +### GitHub Actions +- **Only** use actions owned by `owncloud`, created by GitHub (`actions/*`), verified on the GitHub Marketplace, or verified by the ownCloud Maintainers. +- Pin all actions to their full commit SHA (not tags): `uses: actions/checkout@ # vX.Y.Z` +- Never introduce actions from unverified third parties. + +### Dependency Management +- Dependabot is configured for automated dependency updates. +- Review and merge Dependabot PRs as part of regular maintenance. +- Do not introduce new dependencies without discussion in an issue first. + +### Git Workflow +- **Rebase policy**: Always rebase; never create merge commits. Use `git pull --rebase` and `git rebase` before pushing. +- **Signed commits**: All commits **must** be PGP/GPG signed (`git commit -S -s`). +- **DCO sign-off**: Every commit needs a `Signed-off-by` line (`git commit -s`). +- **Conventional Commits & Squash Merge**: Use the [Conventional Commits](https://www.conventionalcommits.org/) format where the repository enforces it. Many repos use squash merge, where the PR title becomes the commit message on the default branch — apply Conventional Commits format to PR titles as well. A reusable GitHub Actions workflow enforces this. + +## Context for AI Agents + +This is a test-only repository. Feature files in Gherkin define test scenarios, and Java code in `src/` implements the step definitions using Appium for iOS device interaction. Changes to test scenarios should follow Gherkin best practices. From 9d073c0a54cab76ec5a4347e3b8dbf04e4a6277e Mon Sep 17 00:00:00 2001 From: Jesus Recio Date: Wed, 3 Jun 2026 12:46:16 +0200 Subject: [PATCH 2/2] chore: polish README file --- README.md | 79 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 52 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 79c58716..2768d9e5 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,10 @@ End-to-end test automation framework for the ownCloud iOS app, using Gherkin-syntax feature files processed by Cucumber with Appium for device and simulator interaction. Written in Java, this project defines and executes behavioral scenarios against the iOS app to verify functionality across releases. +## Part of the ownCloud Mobile Ecosystem + +This repository provides automated scenario tests for the [ownCloud iOS app](https://github.com/owncloud/ios-app). Test results are published via [Cucumber Reports](https://reports.cucumber.io/). + ## Getting Started Follow the steps below to set up and run the end-to-end test suite. @@ -16,35 +20,39 @@ Follow the steps below to set up and run the end-to-end test suite. - Gradle - Appium instance running and reachable - iOS simulator attached and reachable -- `authorize-ios`, `ios-deploy`, `ideviceinstaller`, `ios-webkit-debug-proxy`, `ios-sim` +- The following libraries and dependencies to be installed: -### Running Tests + * `authorize-ios`: A little utility that pre-authorizes Instruments to run UIAutomation scripts against iOS devices + * `ios-deploy` : Allows install and debug iOS apps from the command line + * `ideviceinstaller`: A command-line application to manage apps on iOS devices + * `ios-webkit-debug-proxy`: Allows to send commands to MobileSafari and UIWebViews + * `ios-sim` : Simulator manager (start, launch...) -```bash -git clone https://github.com/owncloud/ios-scenario-testing.git -cd ios-scenario-testing -./gradlew test -``` +### Global architecture -## Documentation +![](architecture.png) -- [Gherkin Syntax Reference](https://cucumber.io/docs/gherkin/) -- [Appium Documentation](http://appium.io/) -- [Cucumber Reports](https://reports.cucumber.io/) +### Running Tests -## Part of the ownCloud Mobile Ecosystem +#### 1. Build app -This repository provides automated scenario tests for the [ownCloud iOS app](https://github.com/owncloud/ios-app). Test results are published via [Cucumber Reports](https://reports.cucumber.io/). +First, build the [app](https://github.com/owncloud/ios-app) from the expected branch/commit to get the test object, by using the [buildapp](https://github.com/owncloud/ios-scenario-testing/blob/master/buildapp/buildapp.sh) script in the current repository. -## Reference +The [buildapp](https://github.com/owncloud/ios-scenario-testing/blob/master/buildapp/buildapp.sh) script: -Key details from the project's test architecture and configuration: +- will disable welcome wizard +- will disable the release notes +- will set basic auth as forced authentication method, required to execute the test suites +- will move the final artifact to the correct place (`/src/test/resources` folder in the current structure) -### Architecture +Check the script's variables for the proper setup in your own environment or CI system. -Tests use [Gherkin Syntax](https://cucumber.io/docs/gherkin/) scenarios interpreted by [Cucumber](https://cucumber.io/), with step implementations in Java and device interaction via [Appium](http://appium.io/). Reports are generated with [Cucumber Reports](https://reports.cucumber.io/). +In the current repository there will be always an `owncloud.app` file located in `/src/test/resources`, as example or fallback. -### Environment Variables + +#### 2. Execute tests + +The script `executeTests` will launch the tests. The following environment variables must be set in advance | Variable | Required | Default | Description | |---|---|---|---| @@ -52,22 +60,38 @@ Tests use [Gherkin Syntax](https://cucumber.io/docs/gherkin/) scenarios interpre | `$APPIUM_URL` | No | `localhost:4723/wd/hub` | Appium server URL | | `$UDID_DEVICE` | No | -- | Simulator UDID (from `xcrun simctl list`) | -### Building the App +The script needs some parameters. Check help `executeTests -h` + +To execute all tests but the ignored ones (or any other tagged ones): -Use the `buildapp/buildapp.sh` script to build the [ownCloud iOS app](https://github.com/owncloud/ios-app). The script disables the welcome wizard and release notes, forces basic auth, and moves the artifact to `src/test/resources/`. + export UDID_DEVICE=F10FFCD4-CE92-4F40-B246-9709A4D4086A + export OC_SERVER_URL=https://my.owncloud.server + export APPIUM_URL=localhost:4723 + ./executeTests -t "not @ignore" -### Backend-Specific Tags +The execution will display step by step how the scenario is being executed. -- `@nooc10` -- tests for oCIS only, not suitable for oC10 -- `@noocis` -- tests for oC10 only, not suitable for oCIS +More info in [Cucumber reference](https://cucumber.io/docs/cucumber/api/) -Example: `./executeTests -t "not @ignore and not @noocis"` runs tests suitable for oCIS. +**NOTE**: Since there are two kinds of backends available (oC10, oCIS), not all tests are suitable to be executed over both. Those tests have been tagged with: -### Test Results +- `nooc10`: tests to be executed only over oCIS, not suitable for oC10. +- `noocis`: tests to be executed only over oC10, not suitable for oCIS. -Reports in HTML and JSON are generated in the `target/` directory. Integration with [Cucumber Reports](https://cucumber.io/docs/cucumber/reporting/?lang=java) is available by setting `CUCUMBER_PUBLISH_TOKEN` and enabling it in `cucumber.properties`. +It's important to execute the tests with the mentioned tags to avoid wrong positives. Example commands: -### Version Matrix +`./executeTests -t "not @ignore and not @noocis"`
+This command will execute tests that are not ignored and suitable for oCIS. If this command is run over an oC10 instance, some tests will fail. + +`./executeTests -t "not @ignore and not @nooc10"`
+This command will execute tests that are not ignored and suitable for oC10. If this command is run over an oCIS instance, some tests will fail. + +## Documentation + +- [Gherkin Syntax Reference](https://cucumber.io/docs/gherkin/) +- [Appium Documentation](http://appium.io/) + +## Version Matrix | Component | Version | |---|---| @@ -76,6 +100,7 @@ Reports in HTML and JSON are generated in the `target/` directory. Integration w | Appium XCUITest Driver | 7.26.4 | | Java Client | 9.4.0 | + ## Community & Support **[Star](https://github.com/owncloud/ios-scenario-testing)** this repo and **Watch** for release notifications!