chore: #58 Improve CLO/FLX Insights score

Signed-off-by: Laurent Broudoux <[email protected]>

.github/workflows/build-verify.yml

@@ -2,15 +2,27 @@ name: build-verify-package
 on:
   push:
     paths-ignore:
+      - '.github/**'
       - '.gitignore'
+      - 'ADOPTERS*'
       - 'LICENSE'
       - 'README*'
+      - 'CHANGELOG*'
+      - 'ROADMAP*'
+      - 'SECURITY*'
+      - 'GOVERNANCE*'
   pull_request:
     paths-ignore:
       - '.github/**'
       - '.gitignore'
       - 'LICENSE'
       - 'README*'
+      - 'CHANGELOG*'
+      - 'ROADMAP*'
+      - 'SECURITY*'
+      - 'GOVERNANCE*'
+
+permissions: read-all
 
 jobs:
   build-verify-package:

.github/workflows/stale-issues-prs.yml

@@ -0,0 +1,36 @@
+name: Manage stale issues and PRs
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
+    if: startsWith(github.repository, 'microcks/')
+    name: Mark issue or PR as stale
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@99b6c709598e2b0d0841cd037aaf1ba07a4410bd #v5.2.0 but pointing to commit for security reasons
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: |
+            This issue has been automatically marked as stale because it has not had recent activity :sleeping:
+            
+            It will be closed in 30 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation. 
+            
+            There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. Microcks is a Cloud Native Computing Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under [open governance model](https://github.com/microcks/.github/blob/main/CODE_OF_CONDUCT.md). 
+            
+            Let us figure out together how to push this issue forward. Connect with us through [one of many communication channels](https://microcks.io/community/) we established here.
+            
+            Thank you for your patience :heart:
+          stale-pr-message: |
+            This pull request has been automatically marked as stale because it has not had recent activity :sleeping:
+            
+            It will be closed in 30 days if no further activity occurs. To unstale this pull request, add a comment with detailed explanation.
+            
+            There can be many reasons why some specific pull request has no activity. The most probable cause is lack of time, not lack of interest. Microcks is a Cloud Native Computing Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under [open governance model](https://github.com/microcks/.github/blob/main/CODE_OF_CONDUCT.md).

.github/workflows/welcome-new-users.yml

@@ -9,8 +9,13 @@ on:
     types: [opened, closed]
   issues:
     types: [opened]
+permissions:
+  contents: read
 jobs:
   run:
+    permissions:
+      issues: write  # for wow-actions/welcome to comment on issues
+      pull-requests: write  # wow-actions/welcome to comment on PRs
     # Do not run on bots and maintainers
     if: ${{ !contains(fromJson('["dependabot[bot]", "dependabot-preview[bot]", "allcontributors[bot]"]'), github.actor) }}
     runs-on: ubuntu-latest

ADOPTERS.md

@@ -0,0 +1,33 @@
+# Adopters
+
+**📢 _If you're using Microcks in your organization, please add your company name to this list. 🙏 It really helps the project to gain momentum and credibility. It's a small contribution back to the project with a big impact._**
+
+If you need to know why and how to add yourself to the list, please read the blog post "[Join the Microcks Adopters list](https://microcks.io/blog/join-adopters-list/) and Empower the vibrant open source Community 🙌"
+
+This document also lists the organizations that use Microcks based on public information available in blog posts, events and videos. If any organization would like to get added or removed please edit this file (make a pull request) after following our [contribution guide](https://github.com/microcks/.github/blob/master/CONTRIBUTING.md) and by following these specifics guidelines:
+- Please don't include your organization's logo or other trademarked material
+- Add a reference (link to a public blog post, video, slides, etc) mentioning that Microcks is used
+
+> You can also contact the project [maintainers](https://github.com/microcks/.github/blob/main/MAINTAINERS.md) if you have any questions or need further information.
+
+
+| Organization                                                                | Contact                                                                                                                                                                                                                                                          | Description of Use / Reference                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
+|-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [Lombard Odier Group](https://www.lombardodier.com/) | [Ludovic Pourrat](https://github.com/ludovic-pourrat) | Multi-protocol API Mocking and Sandbox as a service #APIOps
+| [Lombard Odier Group](https://www.lombardodier.com/) | [Ludovic Pourrat](https://github.com/ludovic-pourrat) | APIdays Paris 2022 - Adding a mock as a service capability to your API strategy portfolio 👉 [slide deck](https://speakerdeck.com/apidays/apidays-paris-2022-adding-a-mock-as-a-service-capability-to-your-api-strategy-portfolio-ludovic-pourrat-lombard-odier) ⭐️                                                               
+| [La Poste Groupe](https://www.lapostegroupe.com/) | [Nicolas Matelot](https://www.linkedin.com/in/nicolas-matelot/) [Romain Gil](https://www.linkedin.com/in/romain-gil-8444898a) | Cloud-native application development, API Mocking and Sandbox 
+| [J.B. Hunt](https://www.jbhunt.com/) | [Carol Gschwend](https://github.com/carolgschwend) |  Accelerating cloud-native application development "The developers of the project mentioned above saved at least 7 months using Microcks. They were not only able to work concurrently but also captured the exact business requirements specified by the product owner in the form of example request/response pairs. These persistent mocks can now be utilized in sandbox environments if needed." See J.B. Hunt ⭐️ [blog post](https://microcks.io/blog/jb-hunt-mock-it-till-you-make-it/) ⭐️       
+| [Société Générale](https://www.societegenerale.com/en) | [Patrice Lachance](https://github.com/patlachance) | Multi-protocol API Mocking, Testing and Sandbox for cloud-native APIs / applications. Integrated in [Cloud Innovation Platform](https://github.com/societe-generale/cloud-innovation-platform).                         
+| [Société Générale](https://www.societegenerale.com/en) | [Patrice Lachance](https://github.com/patlachance) | Cloud Innovation Platform presentation and Microcks demo 👉 [Red Hat Summit 2019](https://www.redhat.com/files/summit/session-assets/2019/T8B6B4.pdf) ⭐️      
+| [Deloitte](https://www.deloitte.com/global/en.html) | [Madiha Rehman](https://www.linkedin.com/in/madihar/) | Utilised Microcks to create backend mocks for 170+ APIs including REST and SOAP services
+| [sesam-vitale](https://www.sesam-vitale.fr/) | [Vincent Fasciaux](mailto:[email protected]) | We use Microcks to replace the SUT's dependencies with test doubles in order to accelerate our API deliveries
+| [BNP PARIBAS](https://group.bnpparibas/en/) | [Nadji BERRAF](https://www.linkedin.com/in/nadji-berraf-26707148/) | We use Microcks since 2022 to mock our legacy core banking systems and mainframe APIs in order to increase agility, accelerate development, and reduce costs. Microcks is also integrated into our API-first strategy for building and delivering new cloud-native services.
+| [Akwatype](https://akwatype.io) | [Pierre-Michel Bret](https://www.linkedin.com/in/pierre-michel-bret/) | Use of Microcks to mock the APIs corresponding to the OpenAPI contracts generated by Akwatype, integration through Git.
+| [codecentric AG](https://www.codecentric.de) | [Daniel Kocot](https://www.linkedin.com/in/danielkocot/) | API Operations pipeline with an integration of Microcks and consulting services around API Mocking and Testing.
+| [CNAM](https://www.ameli.fr) | [Sébastien Fraigneau](https://www.linkedin.com/in/s%C3%A9bastien-fraigneau-82826a2) | Using Microcks to mock SOAP services for the French healthcare system. REST is coming.
+| [API Quality](https://apiquality.io/en/) | [Omar del Valle](https://www.linkedin.com/in/omardelvalle/)| We are using Microcks for a step of the API first cycle.
+| [CloudAPPi](https://cloudappi.net) | [Marco Antonio Sanz Molina Prados](https://www.linkedin.com/in/marco-antonio-sanz-molina-prados-09733518/)| We manage over 40 APIs strategies in medium and big companies and install Microcks as a mock server.
+| [Sypid](https://www.sypid.com/) | [Zubair Aslam](https://www.linkedin.com/in/zubes1/)| Sypid consultants are highly experienced in the Spec-first approach to API and integration design. We use Microcks to implement this approach effectively. We found the docker extension is specifically useful to get started quickly.
+| [Inetum Software](https://www.inetum.com/) | [Jérôme Palon](https://www.linkedin.com/in/jpalon/)| We use Microcks as an API centralisation and mock server for the social and civil security division, paving the path for migration to microservices and event-driven cloud architecture.
+| [Fluent CI](https://fluentci.io/) | [Tsiry Sandratraina](https://github.com/tsirysndr)| We use Microcks to mock and test our REST and GraphQL APIs. We also provide an open source [Microcks module](https://github.com/fluent-ci-templates/microcks-pipeline) for [Dagger](https://dagger.io) and [Fluent CI](https://fluentci.io).
+| [Nordic Semiconductor](https://nordicsemi.com) | [Patrick Barnes](https://www.linkedin.com/in/patrick-barnes-pdx/) | We use Microcks mainly via testcontainers to test the REST APIs (and probably soon, our async, event-based APIs) for the microservices that comprise our IoT platform, [nRFCloud.com](https://nrfcloud.com/). Microcks has been invaluable, and the Microcks team a real pleasure to work with!

CHANGELOG.md

@@ -0,0 +1,13 @@
+# CHANGELOG
+
+## Introduction
+
+This file provides a high-level summary of the changes and updates made to the Microcks Testcontainers Java project.
+
+## Releases
+
+For a comprehensive list of changes, please visit the [official release page](https://github.com/microcks/microcks-testcontainers-java/releases) 
+
+## For More Information
+
+For more detailed release notes, please refer to the [Microcks blog page](https://microcks.io/blog/).

GOVERNANCE.md

@@ -0,0 +1,41 @@
+# Microcks Governance
+
+This document defines governance policies for the Microcks project.
+
+- [Principles](#principles)
+- [Code of Conduct](#code-of-conduct)
+- [Conflict Resolutions](#conflict-resolutions)
+- [Meetings](#meetings)
+- [Changes](#changes)
+- [Credits](#credits)
+
+## Principles
+The Microcks project community adheres to the following principles:
+
+- **Open**: The Microcks community strives to be open, accessible and welcoming to everyone. Anyone may contribute, and contributions are available to all users according to open source values and licenses.
+- **Transparent** and **accessible**: Any changes to the Microcks source code and collaborations on the project are publicly accessible (GitHub code, issues, PRs, and discussions).
+- Merit: Ideas and contributions are accepted according to their technical merit and alignment with project objectives, scope, and design principles.
+
+Join us 👉 https://microcks.io/community/
+
+## Code of Conduct
+Microcks follow the [Code of Conduct](CODE_OF_CONDUCT.md), which is aligned with the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
+
+## Conflict Resolutions
+Typically, it is assumed that disputes will be resolved amicably by those involved. However, if the situation becomes more serious, conflicts will be resolved through a voting process. A supermajority of votes from project maintainers is required to make a decision, and the project lead has the final say in the ruling.
+
+## Meetings
+🚧 We **will** hold monthly Open Community Meetings for each region, so we will have bi-weekly meetings to try to be worldwide friendly. Stay tuned, coming soon 🚧.
+
+The maintainers will also have closed meetings to discuss security reports or Code of Conduct violations. Any maintainer in charge should schedule such meetings upon receiving a security issue or CoC report. All current Maintainers must be invited to such closed meetings, except for any maintainer accused of a CoC violation.
+
+## Changes
+This Project Governance is a living document. All key project changes, including changes in project governance, can be proposed by a GitHub PR and then reviewed and voted on by project maintainers.
+
+As the Microcks community and project **grow**, we are **committed** to _progressing_ by _describing_ and _sharing_ our **governance model** along the way, **the open way**.
+
+## Credits
+Thanks to [Dawn Foster](https://github.com/geekygirldawn) for the inspiring talk and valuable insights at KubeCon Europe 2022: "Good Governance Practices for CNCF Projects":
+[Info](https://contribute.cncf.io/resources/videos/2022/good-governance-practices/), [Recording](https://youtu.be/x0tgEpIER1M?si=0EMgdfA1j5kxpXlW) and [slide deck](https://static.sched.com/hosted_files/kccnceu2022/7c/Good_Governance_CNCF_Projects.pdf) 👀
+
+Sections of this document have been borrowed and inspired from the [CoreDNS](https://github.com/coredns/coredns/blob/master/GOVERNANCE.md), [Kyverno](https://github.com/kyverno/kyverno/blob/main/GOVERNANCE.md) and [fluxcd](https://github.com/fluxcd/community/blob/main/GOVERNANCE.md) projects.

README.md

@@ -23,6 +23,12 @@ Current development version is `0.2.9-SNAPSHOT`.
 [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=microcks_microcks-testcontainers-java&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=microcks_microcks-testcontainers-java)
 [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=microcks_microcks-testcontainers-java&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=microcks_microcks-testcontainers-java)
 
+#### Fossa license and security scans
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-testcontainers-java.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks?ref=badge_shield&issueType=license)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-testcontainers-java.svg?type=shield&issueType=security)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks?ref=badge_shield&issueType=security)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-testcontainers-java.svg?type=small)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks?ref=badge_small)
+
 ## How to use it?
 
 ### Include it into your project dependencies

ROADMAP.md

@@ -0,0 +1,7 @@
+# Microcks Feature Planning and Tracking (roadmap) 🗓️
+
+Microcks features are planned and tracked via the Project Tracker board on GitHub. 
+
+👉 You can view the roadmap by [area](https://github.com/orgs/microcks/projects/1/views/1) or by [status](https://github.com/orgs/microcks/projects/1/views/2).
+
+The full release roadmaps of the main repo are managed via [release milestones](https://github.com/microcks/microcks/milestones?direction=asc&sort=due_date&state=open) on GitHub.