From 59c75068b037f852172ea4c4c6828e6763e162fb Mon Sep 17 00:00:00 2001 From: Song Yoong Siang Date: Wed, 21 Aug 2024 11:29:40 +0800 Subject: [PATCH] INTEL-STAGING: Add disclaimer and CI workaround. Signed-off-by: Song Yoong Siang --- .github/workflows/build_gentoo.yml | 4 +- .github/workflows/ci.yml | 9 +- .github/workflows/coverity.yml | 18 ++-- .github/workflows/doc.yml | 7 +- .github/workflows/man.yml | 1 + .github/workflows/virus_scan.yml | 32 +++++++ README.md | 4 + doc/CODE_OF_CONDUCT.md | 133 +++++++++++++++++++++++++++++ doc/CONTRIBUTING.md | 59 +++++++++++++ doc/SECURITY.md | 7 ++ 10 files changed, 254 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/virus_scan.yml create mode 100644 doc/CODE_OF_CONDUCT.md create mode 100644 doc/CONTRIBUTING.md create mode 100644 doc/SECURITY.md diff --git a/.github/workflows/build_gentoo.yml b/.github/workflows/build_gentoo.yml index f12e2129..eadf3868 100644 --- a/.github/workflows/build_gentoo.yml +++ b/.github/workflows/build_gentoo.yml @@ -8,6 +8,7 @@ ############################################################################### name: build gentoo docker image +permissions: read-all # Start manually on: workflow_dispatch @@ -18,9 +19,6 @@ env: jobs: gentoo: runs-on: ubuntu-latest - permissions: - contents: read - packages: write steps: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b2ecf703..fe1e7023 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,7 @@ ############################################################################### name: continuous integration +permissions: read-all # On evry push and Pull Request (PR) on: [push, pull_request, workflow_dispatch] @@ -29,7 +30,7 @@ jobs: names: [deb.trixie, deb.bookworm, rpmbuild, pacmanbuild, portage] fail-fast: false container: - image: ghcr.io/${{ github.repository_owner }}/${{ matrix.names }}:latest + image: ghcr.io/erezgeva/${{ matrix.names }}:latest env: GITHUB_CONTAINER: ${{ matrix.names }} @@ -58,7 +59,7 @@ jobs: names: [deb.trixie, deb.bookworm] fail-fast: false container: - image: ghcr.io/${{ github.repository_owner }}/${{ matrix.names }}:latest + image: ghcr.io/erezgeva/${{ matrix.names }}:latest steps: @@ -77,7 +78,7 @@ jobs: names: [deb.trixie, deb.bookworm, rpmbuild, pacmanbuild, portage] fail-fast: false container: - image: ghcr.io/${{ github.repository_owner }}/${{ matrix.names }}:latest + image: ghcr.io/erezgeva/${{ matrix.names }}:latest env: GITHUB_CONTAINER: ${{ matrix.names }} @@ -112,7 +113,7 @@ jobs: abi: runs-on: ubuntu-latest container: - image: ghcr.io/${{ github.repository_owner }}/deb.trixie:latest + image: ghcr.io/erezgeva/deb.trixie:latest steps: diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 01cbc7e2..eff3fc18 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -10,6 +10,7 @@ ############################################################################### name: coverity scan +permissions: read-all # Start manually on: workflow_dispatch @@ -18,15 +19,18 @@ jobs: coverity: runs-on: ubuntu-latest steps: + - name: Install dependencies + run: git clone https://github.com/linux-rt/librtpi.git && cd librtpi && autoreconf --install && ./configure && sudo make install && cd - && sudo rm -rf librtpi - - name: checkout repository - uses: actions/checkout@v4 - + - name: Install dependencies + run: sudo apt-get install -y swig libtool-bin + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: autoreconf + run: autoreconf -i - name: configure - run: tools/ci_coverity.sh - - - name: coverity scan - uses: vapier/coverity-scan-action@v1 + run: ./configure + - uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0 with: email: ${{ secrets.COVERITY_SCAN_EMAIL }} token: ${{ secrets.COVERITY_SCAN_TOKEN }} + project: libptpmgmt_iaclocklib diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index a88570b0..ed9cd9cc 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -9,6 +9,7 @@ ############################################################################### name: deploy doxygen documents +permissions: read-all # Deploy after release a new version, or manually on: @@ -16,12 +17,6 @@ on: release: types: published -# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages -permissions: - contents: read - pages: write - id-token: write - # Allow only one concurrent deployment concurrency: group: "pages" diff --git a/.github/workflows/man.yml b/.github/workflows/man.yml index 2b7366a8..720c0601 100644 --- a/.github/workflows/man.yml +++ b/.github/workflows/man.yml @@ -11,6 +11,7 @@ ############################################################################### name: manual testing +permissions: read-all # Start manually on: workflow_dispatch diff --git a/.github/workflows/virus_scan.yml b/.github/workflows/virus_scan.yml new file mode 100644 index 00000000..d0cce25b --- /dev/null +++ b/.github/workflows/virus_scan.yml @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: LGPL-3.0-or-later +# SPDX-FileCopyrightText: Copyright © 2024 Intel Corporation. All rights reserved. +# +# @author Song Yoong Siang +# @copyright © 2024 Intel Corporation. All rights reserved. +# @license LGPL-3.0-or-later +# +# scan virus +############################################################################### + +name: "Virus Scan" +permissions: read-all + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + +jobs: + job_id: + name: Scan Virus + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4.0.0 + with: + fetch-depth: 0 + - name: Scan Repository + uses: hugoalh/scan-virus-ghaction@v0.20.0 + with: + statistics_summary: True diff --git a/README.md b/README.md index 5bf04b54..5ef2c517 100644 --- a/README.md +++ b/README.md @@ -180,3 +180,7 @@ The Licence of this project is * The library is under LGPL v3 or later. * The pmc and phc_ctl tools and the testing scripts are under GPL v3 or later. * Documentation is under under GFDL v1.3 or later without invariants sections. + +# Disclaimer +This project is under development. All source code and features on the main +branch are for the purpose of testing or evaluation and not production ready. diff --git a/doc/CODE_OF_CONDUCT.md b/doc/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..8e31d43d --- /dev/null +++ b/doc/CODE_OF_CONDUCT.md @@ -0,0 +1,133 @@ + +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +CommunityCodeOfConduct AT intel DOT com. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md new file mode 100644 index 00000000..5105bd99 --- /dev/null +++ b/doc/CONTRIBUTING.md @@ -0,0 +1,59 @@ + +# Contributing + +### License + + is licensed under the terms in [LICENSE]. By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms. + +### Sign your work + +Please use the sign-off line at the end of the patch. Your signature certifies that you wrote the patch or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: if you can certify +the below (from [developercertificate.org](http://developercertificate.org/)): + +``` +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +660 York Street, Suite 102, +San Francisco, CA 94110 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` + +Then you just add a line to every git commit message: + + Signed-off-by: Joe Smith + +Use your real name (sorry, no pseudonyms or anonymous contributions.) + +If you set your `user.name` and `user.email` git configs, you can sign your +commit automatically with `git commit -s`. diff --git a/doc/SECURITY.md b/doc/SECURITY.md new file mode 100644 index 00000000..d3c2570c --- /dev/null +++ b/doc/SECURITY.md @@ -0,0 +1,7 @@ + +# Security Policy +Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. + +## Reporting a Vulnerability +Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).