INTEL-STAGING: Add disclaimer and CI workaround.

Signed-off-by: Song Yoong Siang <[email protected]>

.github/workflows/build_gentoo.yml

@@ -8,6 +8,7 @@
 ###############################################################################
 
 name: build gentoo docker image
+permissions: read-all
 
 # Start manually
 on: workflow_dispatch
@@ -18,9 +19,6 @@ env:
 jobs:
   gentoo:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
 
     steps:
 

.github/workflows/ci.yml

@@ -14,6 +14,7 @@
 ###############################################################################
 
 name: continuous integration
+permissions: read-all
 
 # On evry push and Pull Request (PR)
 on: [push, pull_request, workflow_dispatch]
@@ -29,7 +30,7 @@ jobs:
         names: [deb.trixie, deb.bookworm, rpmbuild, pacmanbuild, portage]
       fail-fast: false
     container:
-      image: ghcr.io/${{ github.repository_owner }}/${{ matrix.names }}:latest
+      image: ghcr.io/erezgeva/${{ matrix.names }}:latest
     env:
       GITHUB_CONTAINER: ${{ matrix.names }}
 
@@ -58,7 +59,7 @@ jobs:
         names: [deb.trixie, deb.bookworm]
       fail-fast: false
     container:
-      image: ghcr.io/${{ github.repository_owner }}/${{ matrix.names }}:latest
+      image: ghcr.io/erezgeva/${{ matrix.names }}:latest
 
     steps:
 
@@ -77,7 +78,7 @@ jobs:
         names: [deb.trixie, deb.bookworm, rpmbuild, pacmanbuild, portage]
       fail-fast: false
     container:
-      image: ghcr.io/${{ github.repository_owner }}/${{ matrix.names }}:latest
+      image: ghcr.io/erezgeva/${{ matrix.names }}:latest
     env:
       GITHUB_CONTAINER: ${{ matrix.names }}
 
@@ -112,7 +113,7 @@ jobs:
   abi:
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/${{ github.repository_owner }}/deb.trixie:latest
+      image: ghcr.io/erezgeva/deb.trixie:latest
 
     steps:
 

.github/workflows/coverity.yml

@@ -10,6 +10,7 @@
 ###############################################################################
 
 name: coverity scan
+permissions: read-all
 
 # Start manually
 on: workflow_dispatch
@@ -18,15 +19,18 @@ jobs:
   coverity:
     runs-on: ubuntu-latest
     steps:
+    - name: Install dependencies
+      run: git clone https://github.com/linux-rt/librtpi.git && cd librtpi && autoreconf --install && ./configure && sudo make install && cd - && sudo rm -rf librtpi
 
-    - name: checkout repository
-      uses: actions/checkout@v4
-
+    - name: Install dependencies
+      run: sudo apt-get install -y swig libtool-bin
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - name: autoreconf
+      run: autoreconf -i
     - name: configure
-      run: tools/ci_coverity.sh
-
-    - name: coverity scan
-      uses: vapier/coverity-scan-action@v1
+      run: ./configure
+    - uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0
       with:
         email: ${{ secrets.COVERITY_SCAN_EMAIL }}
         token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        project: libptpmgmt_iaclocklib

.github/workflows/doc.yml

@@ -9,19 +9,14 @@
 ###############################################################################
 
 name: deploy doxygen documents
+permissions: read-all
 
 # Deploy after release a new version, or manually
 on:
   workflow_dispatch:
   release:
     types: published
 
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
 # Allow only one concurrent deployment
 concurrency:
   group: "pages"

.github/workflows/man.yml

@@ -11,6 +11,7 @@
 ###############################################################################
 
 name: manual testing
+permissions: read-all
 
 # Start manually
 on: workflow_dispatch

.github/workflows/virus_scan.yml

@@ -0,0 +1,32 @@
+# SPDX-License-Identifier: LGPL-3.0-or-later
+# SPDX-FileCopyrightText: Copyright © 2024 Intel Corporation. All rights reserved.
+#
+# @author Song Yoong Siang <[email protected]>
+# @copyright © 2024 Intel Corporation. All rights reserved.
+# @license LGPL-3.0-or-later
+#
+# scan virus
+###############################################################################
+
+name: "Virus Scan"
+permissions: read-all
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  job_id:
+    name: Scan Virus
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+      - name: Scan Repository
+        uses: hugoalh/[email protected]
+        with:
+          statistics_summary: True

README.md

@@ -180,3 +180,7 @@ The Licence of this project is
   * The library is under LGPL v3 or later.
   * The pmc and phc_ctl tools and the testing scripts are under GPL v3 or later.
   * Documentation is under under GFDL v1.3 or later without invariants sections.
+
+# <u>Disclaimer</u>
+This project is under development. All source code and features on the main
+branch are for the purpose of testing or evaluation and not production ready.

doc/CODE_OF_CONDUCT.md

@@ -0,0 +1,133 @@
+<!-- SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later
+     SPDX-FileCopyrightText: Copyright © 2024 Intel Corporation. All rights reserved. -->
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+CommunityCodeOfConduct AT intel DOT com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq

doc/CONTRIBUTING.md

@@ -0,0 +1,59 @@
+<!-- SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later
+     SPDX-FileCopyrightText: Copyright © 2024 Intel Corporation. All rights reserved. -->
+# Contributing
+
+### License
+
+<PROJECT NAME> is licensed under the terms in [LICENSE]<link to license file in repo>. By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms.
+
+### Sign your work
+
+Please use the sign-off line at the end of the patch. Your signature certifies that you wrote the patch or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: if you can certify
+the below (from [developercertificate.org](http://developercertificate.org/)):
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+Then you just add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <[email protected]>
+
+Use your real name (sorry, no pseudonyms or anonymous contributions.)
+
+If you set your `user.name` and `user.email` git configs, you can sign your
+commit automatically with `git commit -s`.

doc/SECURITY.md

@@ -0,0 +1,7 @@
+<!-- SPDX-License-Identifier: GFDL-1.3-no-invariants-or-later
+     SPDX-FileCopyrightText: Copyright © 2024 Intel Corporation. All rights reserved. -->
+# Security Policy
+Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
+
+## Reporting a Vulnerability
+Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).