From b259d74bd69e38ae2063d412ecd79da75d1f3a3a Mon Sep 17 00:00:00 2001 From: JiaJia Ji Date: Mon, 29 Apr 2024 12:52:34 +0200 Subject: [PATCH] [Task]: Update SECURITY.md (#9) * Update SECURITY.md * Create cla-check.yaml * Created stale.yml bot * Updated GitHub info --------- Co-authored-by: Shonster88 Co-authored-by: Bernhard Rusch --- .github/ISSUE_TEMPLATE/Bug-Report.yml | 37 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/Feature-Request.yml | 27 ++++++++++++++++ .github/ISSUE_TEMPLATE/Improvement.yml | 27 ++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 8 +++++ .github/workflows/cla-check.yaml | 14 ++++++++ .github/workflows/stale.yml | 10 ++++++ SECURITY.md | 22 +++++++++++++ 7 files changed, 145 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/Bug-Report.yml create mode 100644 .github/ISSUE_TEMPLATE/Feature-Request.yml create mode 100644 .github/ISSUE_TEMPLATE/Improvement.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/workflows/cla-check.yaml create mode 100644 .github/workflows/stale.yml create mode 100644 SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/Bug-Report.yml b/.github/ISSUE_TEMPLATE/Bug-Report.yml new file mode 100644 index 0000000..d17f59a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Bug-Report.yml @@ -0,0 +1,37 @@ +name: Bug Report +description: File a bug report +title: "[Bug]: " +labels: [Bug] +body: + - type: markdown + attributes: + value: | + ## Important notice + As an open source project we love to work together with our community to improve and develop our products. + It's also important for us to make clear that **we're not working for you or your company**, + but we enjoy to work together to solve existing bugs. + So we would love to see PRs with bugfixes, discuss them and we are happy to merge them when they are ready. + For details see also our [contributing guidelines](https://github.com/pimcore/pimcore/blob/10.x/CONTRIBUTING.md). + + Bug reports that do not meet the conditions listed below will be closed/deleted without comment. + + - Bug was verified on the latest supported version. + - This is not a security issue -> see [our security policy](https://github.com/pimcore/pimcore/security/policy) instead. + - You are not able to provide a pull request that fixes the issue. + - There's no existing ticket for the same issue. + + - type: textarea + attributes: + label: Expected behavior + validations: + required: true + - type: textarea + attributes: + label: Actual behavior + validations: + required: true + - type: textarea + attributes: + label: Steps to reproduce + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/Feature-Request.yml b/.github/ISSUE_TEMPLATE/Feature-Request.yml new file mode 100644 index 0000000..b224cda --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Feature-Request.yml @@ -0,0 +1,27 @@ +name: Feature Request +description: Request or propose a new feature +title: "[Feature]: " +labels: ["New Feature"] +body: + - type: markdown + attributes: + value: | + ## Important notice + As an open source project we love to work together with our community to improve and develop our products. + It's also important for us to make clear that **we're not working for you or your company**, + but we enjoy to work together to improve or add new features to the product. + So we are always ready to discuss features and improvements with our community. + Especially for bigger topics, please [start a discussion](https://github.com/pimcore/pimcore/discussions) first to aviod unnecessary efforts. + + As soon as a topic is more specific, feel free to create issues for it or even better provide a corresponding PR as we love to + review and merge contributions. + + Feature requests that do not meet the conditions listed below will be closed/deleted without comment. + - There's no existing ticket for the same topic + - This is already a specific ready-to-work-on feature request + + - type: textarea + attributes: + label: Feature description + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/Improvement.yml b/.github/ISSUE_TEMPLATE/Improvement.yml new file mode 100644 index 0000000..fb77d8d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Improvement.yml @@ -0,0 +1,27 @@ +name: Improvement +description: Request or propose an improvement +title: "[Improvement]: " +labels: ["Improvement"] +body: + - type: markdown + attributes: + value: | + ## Important notice + As an open source project we love to work together with our community to improve and develop our products. + It's also important for us to make clear that **we're not working for you or your company**, + but we enjoy to work together to improve or add new features to the product. + So we are always ready to discuss features and improvements with our community. + Especially for bigger topics, please [start a discussion](https://github.com/pimcore/pimcore/discussions) first to aviod unnecessary efforts. + + As soon as a topic is more specific, feel free to create issues for it or even better provide a corresponding PR as we love to + review and merge contributions. + + Feature requests that do not meet the conditions listed below will be closed/deleted without comment. + - There's no existing ticket for the same topic + - This is already a specific ready-to-work-on feature request + + - type: textarea + attributes: + label: Improvement description + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..8825080 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: We are hiring! + url: https://pimcore.com/en/careers?utm_source=github&utm_medium=issue-template-payment-provider-datatrans&utm_campaign=careers + about: Enjoy working with Pimcore? Join us on our mission! + - name: Community Support + url: https://github.com/pimcore/pimcore/discussions + about: Please ask and answer questions here. diff --git a/.github/workflows/cla-check.yaml b/.github/workflows/cla-check.yaml new file mode 100644 index 0000000..2c7cc9d --- /dev/null +++ b/.github/workflows/cla-check.yaml @@ -0,0 +1,14 @@ +name: CLA check + +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] + +jobs: + cla-workflow: + uses: pimcore/workflows-collection-public/.github/workflows/reusable-cla-check.yaml@v1.3.0 + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + secrets: + CLA_ACTION_ACCESS_TOKEN: ${{ secrets.CLA_ACTION_ACCESS_TOKEN }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..553c3b5 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,10 @@ +name: Handle stale issues + +on: + workflow_dispatch: + schedule: + - cron: '37 7 * * *' + +jobs: + call-stale-workflow: + uses: pimcore/workflows-collection-public/.github/workflows/stale.yml@v1.1.0 diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..15268a0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,22 @@ +# Security Policy + +## Reporting a Vulnerability + +If you think that you have found a security issue, +don’t use the bug tracker and don’t publish it publicly. +Instead, all security issues must be reported via a private vulnerability report. + +Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report. + + +## Resolving Process +Every submitted security issue is handled with top priority by following these steps: + +1. Confirm the vulnerability +2. Determine the severity +3. Contact reporter +4. Work on a patch +5. Get a CVE identification number (may be done by the reporter or a security service provider) +6. Patch reviewing +7. Tagging a new release for supported versions +8. Publish security announcement