Skip to content

Commit

Permalink
chore: add cve-scan.yaml to server template, download of shellcheck f…
Browse files Browse the repository at this point in the history
…or macos/ARM (#224)
  • Loading branch information
tricky42 authored Dec 27, 2024
1 parent 1af2225 commit 000f213
Show file tree
Hide file tree
Showing 15 changed files with 247 additions and 122 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-node@v2
with:
node-version: '18.10'
node-version: "18.10"
- uses: actions/setup-go@v3
with:
go-version: 1.19
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/licenses.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: '1.18'
go-version: "1.18"
- uses: actions/setup-node@v2
with:
node-version: '18.10'
node-version: "18.10"
- run: make licenses
10 changes: 5 additions & 5 deletions .github/workflows/stale.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
name: 'Close Stale Issues'
name: "Close Stale Issues"
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
- cron: "0 0 * * *"

jobs:
stale:
Expand All @@ -17,8 +17,8 @@ jobs:
stale-pr-message: |
Thank you for opening this pull request. It appears that a request for e.g. information has not yet been completed. Therefore this issue will be automatically
closed in 7 days, assuming that the proposed change is no longer required or has otherwise been resolved.
stale-issue-label: 'stale'
stale-pr-label: 'stale'
only-labels: 'needs more info'
stale-issue-label: "stale"
stale-pr-label: "stale"
only-labels: "needs more info"
days-before-stale: 7
days-before-close: 7
8 changes: 4 additions & 4 deletions .github/workflows/sync.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ on:
# action is triggered on push to the following paths
push:
paths:
- 'templates/**'
- 'scripts/sync*'
- 'package.json'
- '.github/workflows/sync.yml'
- "templates/**"
- "scripts/sync*"
- "package.json"
- ".github/workflows/sync.yml"
branches:
- master

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/text-run.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: '15'
node-version: "15"
- run: npm ci
- run: npm run text-run
17 changes: 13 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,20 @@ test: .bin/shellcheck .bin/shfmt node_modules # runs all linters

.bin/shellcheck: Makefile
echo installing Shellcheck ...
curl -sSL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.x86_64.tar.xz | tar xJ
mkdir -p .bin
mv shellcheck-stable/shellcheck .bin
rm -rf shellcheck-stable
touch .bin/shellcheck # update the timestamp so that Make doesn't re-install the file over and over again
if [ "$$(uname -s)" = "Darwin" ] && [ "$$(uname -m)" = "arm64" ]; then \
echo " - detected macOS ARM64" && \
curl -sSL https://github.com/koalaman/shellcheck/releases/download/v0.10.0/shellcheck-v0.10.0.darwin.aarch64.tar.xz | tar xJ; \
elif [ "$$(uname -s)" = "Linux" ] && [ "$$(uname -m)" = "x86_64" ]; then \
echo " - detected Linux AMD64" && \
curl -sSL https://github.com/koalaman/shellcheck/releases/download/v0.10.0/shellcheck-v0.10.0.linux.x86_64.tar.xz | tar xJ; \
else \
echo " - unsupported architecture: $$(uname -s) $$(uname -m)" && \
exit 1; \
fi
mv shellcheck-v0.10.0/shellcheck .bin
rm -rf shellcheck-v0.10.0
touch .bin/shellcheck

.bin/shfmt: Makefile
echo "Installing Shellfmt ..."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ jobs:
steps:
- uses: Actions-R-Us/actions-tagger@latest
env:
GITHUB_TOKEN: '${{ github.token }}'
GITHUB_TOKEN: "${{ github.token }}"
with:
publish_latest_tag: true
66 changes: 30 additions & 36 deletions templates/repository/common/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
Original file line number Diff line number Diff line change
@@ -1,45 +1,40 @@
description: 'Create a bug report'
description: "Create a bug report"
labels:
- bug
name: 'Bug Report'
name: "Bug Report"
body:
- attributes:
value: "Thank you for taking the time to fill out this bug report!\n"
type: markdown
- attributes:
label: 'Preflight checklist'
label: "Preflight checklist"
options:
- label:
'I could not find a solution in the existing issues, docs, nor
discussions.'
- label: "I could not find a solution in the existing issues, docs, nor
discussions."
required: true
- label:
"I agree to follow this project's [Code of
- label: "I agree to follow this project's [Code of
Conduct](https://github.com/$REPOSITORY/blob/master/CODE_OF_CONDUCT.md)."
required: true
- label:
"I have read and am following this repository's [Contribution
- label: "I have read and am following this repository's [Contribution
Guidelines](https://github.com/$REPOSITORY/blob/master/CONTRIBUTING.md)."
required: true
- label:
'I have joined the [Ory Community Slack](https://slack.ory.sh).'
- label:
'I am signed up to the [Ory Security Patch
Newsletter](https://www.ory.sh/l/sign-up-newsletter).'
- label: "I have joined the [Ory Community Slack](https://slack.ory.sh)."
- label: "I am signed up to the [Ory Security Patch
Newsletter](https://www.ory.sh/l/sign-up-newsletter)."
id: checklist
type: checkboxes
- attributes:
description:
'Enter the slug or API URL of the affected Ory Network project. Leave
empty when you are self-hosting.'
label: 'Ory Network Project'
placeholder: 'https://<your-project-slug>.projects.oryapis.com'
"Enter the slug or API URL of the affected Ory Network project. Leave
empty when you are self-hosting."
label: "Ory Network Project"
placeholder: "https://<your-project-slug>.projects.oryapis.com"
id: ory-network-project
type: input
- attributes:
description: 'A clear and concise description of what the bug is.'
label: 'Describe the bug'
placeholder: 'Tell us what you see!'
description: "A clear and concise description of what the bug is."
label: "Describe the bug"
placeholder: "Tell us what you see!"
id: describe-bug
type: textarea
validations:
Expand All @@ -53,28 +48,27 @@ body:
1. Run `docker run ....`
2. Make API Request to with `curl ...`
3. Request fails with response: `{"some": "error"}`
label: 'Reproducing the bug'
label: "Reproducing the bug"
id: reproduce-bug
type: textarea
validations:
required: true
- attributes:
description:
'Please copy and paste any relevant log output. This will be
description: "Please copy and paste any relevant log output. This will be
automatically formatted into code, so no need for backticks. Please
redact any sensitive information'
label: 'Relevant log output'
redact any sensitive information"
label: "Relevant log output"
render: shell
placeholder: |
log=error ....
id: logs
type: textarea
- attributes:
description:
'Please copy and paste any relevant configuration. This will be
"Please copy and paste any relevant configuration. This will be
automatically formatted into code, so no need for backticks. Please
redact any sensitive information!'
label: 'Relevant configuration'
redact any sensitive information!"
label: "Relevant configuration"
render: yml
placeholder: |
server:
Expand All @@ -83,14 +77,14 @@ body:
id: config
type: textarea
- attributes:
description: 'What version of our software are you running?'
description: "What version of our software are you running?"
label: Version
id: version
type: input
validations:
required: true
- attributes:
label: 'On which operating system are you observing this issue?'
label: "On which operating system are you observing this issue?"
options:
- Ory Network
- macOS
Expand All @@ -101,19 +95,19 @@ body:
id: operating-system
type: dropdown
- attributes:
label: 'In which environment are you deploying?'
label: "In which environment are you deploying?"
options:
- Ory Network
- Docker
- 'Docker Compose'
- 'Kubernetes with Helm'
- "Docker Compose"
- "Kubernetes with Helm"
- Kubernetes
- Binary
- Other
id: deployment
type: dropdown
- attributes:
description: 'Add any other context about the problem here.'
description: "Add any other context about the problem here."
label: Additional Context
id: additional
type: textarea
48 changes: 21 additions & 27 deletions templates/repository/common/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
description:
'A design document is needed for non-trivial changes to the code base.'
description: "A design document is needed for non-trivial changes to the code base."
labels:
- rfc
name: 'Design Document'
name: "Design Document"
body:
- attributes:
value: |
Expand All @@ -18,39 +17,34 @@ body:
after code reviews, and your pull requests will be merged faster.
type: markdown
- attributes:
label: 'Preflight checklist'
label: "Preflight checklist"
options:
- label:
'I could not find a solution in the existing issues, docs, nor
discussions.'
- label: "I could not find a solution in the existing issues, docs, nor
discussions."
required: true
- label:
"I agree to follow this project's [Code of
- label: "I agree to follow this project's [Code of
Conduct](https://github.com/$REPOSITORY/blob/master/CODE_OF_CONDUCT.md)."
required: true
- label:
"I have read and am following this repository's [Contribution
- label: "I have read and am following this repository's [Contribution
Guidelines](https://github.com/$REPOSITORY/blob/master/CONTRIBUTING.md)."
required: true
- label:
'I have joined the [Ory Community Slack](https://slack.ory.sh).'
- label:
'I am signed up to the [Ory Security Patch
Newsletter](https://www.ory.sh/l/sign-up-newsletter).'
- label: "I have joined the [Ory Community Slack](https://slack.ory.sh)."
- label: "I am signed up to the [Ory Security Patch
Newsletter](https://www.ory.sh/l/sign-up-newsletter)."
id: checklist
type: checkboxes
- attributes:
description:
'Enter the slug or API URL of the affected Ory Network project. Leave
empty when you are self-hosting.'
label: 'Ory Network Project'
placeholder: 'https://<your-project-slug>.projects.oryapis.com'
"Enter the slug or API URL of the affected Ory Network project. Leave
empty when you are self-hosting."
label: "Ory Network Project"
placeholder: "https://<your-project-slug>.projects.oryapis.com"
id: ory-network-project
type: input
- attributes:
description: |
This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts.
label: 'Context and scope'
label: "Context and scope"
id: scope
type: textarea
validations:
Expand All @@ -59,7 +53,7 @@ body:
- attributes:
description: |
A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals.
label: 'Goals and non-goals'
label: "Goals and non-goals"
id: goals
type: textarea
validations:
Expand All @@ -71,7 +65,7 @@ body:
The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals.
The point of writing a document over a more formal medium is to provide the flexibility to express the problem at hand in an appropriate manner. Because of this, there is no explicit guidance on how to actually describe the design.
label: 'The design'
label: "The design"
id: design
type: textarea
validations:
Expand All @@ -80,21 +74,21 @@ body:
- attributes:
description: |
If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead, focus on the parts that are relevant to the design and its trade-offs.
label: 'APIs'
label: "APIs"
id: apis
type: textarea

- attributes:
description: |
Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead, focus on the parts that are relevant to the design and its trade-offs.
label: 'Data storage'
label: "Data storage"
id: persistence
type: textarea

- attributes:
description: |
Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the feasibility of the design.
label: 'Code and pseudo-code'
label: "Code and pseudo-code"
id: pseudocode
type: textarea

Expand All @@ -107,7 +101,7 @@ body:
On the other end are systems where the possible solutions are very well defined, but it isn't at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn't designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language.
In this situation, you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are great, and hence such a document should focus on selecting the best way given all identified trade-offs.
label: 'Degree of constraint'
label: "Degree of constraint"
id: constrait
type: textarea

Expand Down
Loading

0 comments on commit 000f213

Please sign in to comment.