From 8d4f1fbbb25a4c0471afa4ee413e88ba6979284b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Tue, 24 Oct 2023 17:04:14 +0200 Subject: [PATCH 1/4] chore(repo): remove scopes as mandatory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- .github/workflows/check-pr.yml | 13 +------------ CONTRIBUTING.md | 16 +--------------- commitlint.config.js | 2 +- 3 files changed, 3 insertions(+), 28 deletions(-) diff --git a/.github/workflows/check-pr.yml b/.github/workflows/check-pr.yml index 53e70d1b..c5cc3bae 100644 --- a/.github/workflows/check-pr.yml +++ b/.github/workflows/check-pr.yml @@ -27,18 +27,7 @@ jobs: fix test sec - requireScope: false - scopes: | - all - chart - operator - manifest - website - e2e - release - repo - deps - make + requireScope: false wip: false # If the PR only contains a single commit, the action will validate that # it matches the configured pattern. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2bbf9013..c6040fa2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -173,7 +173,7 @@ The semantics should indicate the change and it's impact. The general format for | |_______ Scope |____________ Type - The commits are checked on pull-request. If the commit message does not follow the format, the workflow will fail. See the [Types](#types) and [Scopes](#scopes) sections for more information. + The commits are checked on pull-request. If the commit message does not follow the format, the workflow will fail. See the [Types](#types) for the supported types. The scope is not required but helps to provide more context for your changes. Try to use a scope if possible. ### Types @@ -187,17 +187,3 @@ The following types are allowed for commits and pull requests: * `test`: test related changes * `sec`: security related changes -### Scopes - -The following types are allowed for commits and pull requests: - - * `all`: changes that affect all components - * `chart`: changes to the Helm chart - * `operator`: changes to the operator - * `manifest`: changes to the manifest installer - * `website`: changes to the website - * `e2e`: changes to the e2e testing process - * `release`: changes to the release process - * `repo`: changes to general repository files - * `deps`: dependency updates - * `make`: changes to Makefile diff --git a/commitlint.config.js b/commitlint.config.js index aff134fb..c43c3ce9 100644 --- a/commitlint.config.js +++ b/commitlint.config.js @@ -2,8 +2,8 @@ const Configuration = { extends: ['@commitlint/config-conventional'], plugins: ['commitlint-plugin-function-rules'], rules: { - 'scope-enum': [2, 'always', ['all', 'chart', 'operator', 'manifest', 'deps', 'release', 'website', 'repo', 'e2e', 'make']], 'type-enum': [2, 'always', ['chore', 'ci', 'docs', 'feat', 'test', 'fix', 'sec']], + 'body-max-line-length': [1, 'always', 500], }, /* * Whether commitlint uses the default ignore rules, see the description above. From c35e80468b01ad97d53b30db676471e2422bdb2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Tue, 24 Oct 2023 17:04:38 +0200 Subject: [PATCH 2/4] chore(repo): correct dependabot prefix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index df09b6d7..f95ca73d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,4 +13,4 @@ updates: interval: daily rebase-strategy: disabled commit-message: - prefix: "ci" + prefix: "ci(deps)" From 5edb5a316693b4a643a672a85f12b3e256b49909 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Tue, 24 Oct 2023 17:04:57 +0200 Subject: [PATCH 3/4] chore(repo): add distribution reference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- SECURITY-INSIGHTS.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index c22d0b29..420798ff 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -15,6 +15,8 @@ project-lifecycle: - github:oliverbaehler - github:bsctl - github:MaxFedotov +distribution-points: + - https://github.com/orgs/projectcapsule/packages?repo_name=capsule contribution-policy: accepts-pull-requests: true accepts-automated-pull-requests: true From 78cff33ba3fd7e11a0d193193eefa73efd5858c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Wed, 25 Oct 2023 09:00:35 +0200 Subject: [PATCH 4/4] chore: add more required metadata to security-insights MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- SECURITY-INSIGHTS.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index 420798ff..15ecca82 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -38,3 +38,19 @@ security-testing: before-release: true comment: | Dependabot is enabled for this repo. +dependencies: + third-party-packages: true + dependencies-lists: + - https://github.com/projectcapsule/capsule/blob/main/go.mod + sbom: + - sbom-file: https://github.com/projectcapsule/capsule/pkgs/container/sbom + sbom-format: CycloneDX + sbom-url: https://github.com/projectcapsule/capsule/blob/main/SECURITY.md#software-bill-of-materials-sbom +security-artifacts: + self-assessment: + self-assessment-created: false +security-contacts: +- type: email + value: cncf-capsule-maintainers@lists.cncf.io + primary: true +