From 71c5a1f75bf48d28c5851055a11eaa9793817a95 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Lapersonne Date: Mon, 16 Sep 2024 12:58:28 +0200 Subject: [PATCH] Version 2.21.0 (#174) * [Project] Add missing files and improve project and repository hygiene - Add templates for issues and feature requests - Add common files like MAINTAINERS, CONTRIBUTING - Move files at root of project to dedicated folder Signed-off-by: Pierre-Yves Lapersonne * [Licenses Inventory] Update to v4.0.6 (#161) * chore(#160): update of LicensesInventory (v4.0.6) Integration of the work done by my colleague Laurent Body (LicensesInventory 4.0.6). Tested-by: Pierre-Yves Lapersonne Reviewed-by: Pierre-Yves Lapersonne Co-authored-by: Laurent Body Co-authored-by: Pierre-Yves Lapersonne Signed-off-by: Pierre-Yves Lapersonne * chore(#160): add entry in CHANGELOG Signed-off-by: Pierre-Yves Lapersonne --------- Signed-off-by: Pierre-Yves Lapersonne Co-authored-by: Laurent Body * Improve text generator for english emails - Fix typo in logs - Add .gitignore to exclude from versioning generated files - Add english template for newcomers on GitHub Signed-off-by: Pierre-Yves Lapersonne * [#171] [#172] Permission and path with whitespaces fixes (#173) * fix: failed to process Git repository at path with whitespaces (#172) Closes #172 Signed-off-by: Pierre-Yves Lapersonne * fix: execution permission to Shell script missing (#171) Closes #171 Signed-off-by: Pierre-Yves Lapersonne --------- Signed-off-by: Pierre-Yves Lapersonne * Prepare version 2.21.0 Signed-off-by: Pierre-Yves Lapersonne --------- Signed-off-by: Pierre-Yves Lapersonne Co-authored-by: Laurent Body --- AUTHORS.txt => .github/AUTHORS.txt | 0 CODEOWNERS => .github/CODEOWNERS | 11 ++- .../CODE_OF_CONDUCT.md | 0 .../CODE_OF_CONFLICT.md | 0 .github/CONTRIBUTING.md | 79 ++++++++++++++++ CONTRIBUTORS.txt => .github/CONTRIBUTORS.txt | 0 .github/ISSUE_TEMPLATE/BUG_TEMPLATE.md | 24 +++++ .../FEATURE_REQUEST_TEMPLATE.md | 18 ++++ .github/MAINTAINERS.md | 19 ++++ .github/RESPONSIBILITIES.md | 94 +++++++++++++++++++ SECURITY.md => .github/SECURITY.md | 2 +- CHANGELOG.md | 18 +++- CITATION.cff | 4 +- toolbox/LicensesInventory/README.md | 34 ++++++- .../test_1_all_dependencies.py | 1 - .../test_3_print_with_error_403.py | 4 + ...dependencies_per_platform_saving_errors.py | 4 +- toolbox/diver/extract-emails-from-history.sh | 0 toolbox/diver/generate-contributors-file.py | 14 +-- toolbox/utils/text-generator/.gitignore | 2 + ...ub-repository-contributors.en.template.txt | 67 +++++++++++++ .../utils/text-generator/text-generator.php | 6 +- 22 files changed, 376 insertions(+), 25 deletions(-) rename AUTHORS.txt => .github/AUTHORS.txt (100%) rename CODEOWNERS => .github/CODEOWNERS (80%) rename CODE_OF_CONDUCT.md => .github/CODE_OF_CONDUCT.md (100%) rename CODE_OF_CONFLICT.md => .github/CODE_OF_CONFLICT.md (100%) create mode 100644 .github/CONTRIBUTING.md rename CONTRIBUTORS.txt => .github/CONTRIBUTORS.txt (100%) create mode 100644 .github/ISSUE_TEMPLATE/BUG_TEMPLATE.md create mode 100644 .github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md create mode 100644 .github/MAINTAINERS.md create mode 100644 .github/RESPONSIBILITIES.md rename SECURITY.md => .github/SECURITY.md (85%) mode change 100644 => 100755 toolbox/diver/extract-emails-from-history.sh create mode 100644 toolbox/utils/text-generator/.gitignore create mode 100644 toolbox/utils/text-generator/_templates/new-GitHub-repository-contributors.en.template.txt diff --git a/AUTHORS.txt b/.github/AUTHORS.txt similarity index 100% rename from AUTHORS.txt rename to .github/AUTHORS.txt diff --git a/CODEOWNERS b/.github/CODEOWNERS similarity index 80% rename from CODEOWNERS rename to .github/CODEOWNERS index a298916..1a0f421 100644 --- a/CODEOWNERS +++ b/.github/CODEOWNERS @@ -6,13 +6,14 @@ AUTHORS.txt @pylapp CHANGELOG.md @pylapp CITATION.cff @pylapp -CODE_OF_CONDUCT.md @pylapp -CODE_OF_CONFLICT.md @pylapp -CONTRIBUTORS.txt @pylapp +DCO.txt @pylapp +gitleaks.toml @pylapp LICENSE.txt @pylapp README.md @pylapp -DCO.txt @pylapp -SECURITY.md @pylapp +renovate.json @pylapp +THIRD-PARTY.md @pylapp + +.github/ @pylapp # Toolbox diff --git a/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md similarity index 100% rename from CODE_OF_CONDUCT.md rename to .github/CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONFLICT.md b/.github/CODE_OF_CONFLICT.md similarity index 100% rename from CODE_OF_CONFLICT.md rename to .github/CODE_OF_CONFLICT.md diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..1cb5a0b --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,79 @@ +# Contributing to floss-toolbox + +**Thank you for your interest in floss-toolbox. Your contributions are highly welcome.** + +We would like to improve documentation, curent scripts and tools and maangement of GitHub / GitLab API in CLI. +We would like also to extract interesting KPI and emtrics from Git histories. +Keep in mind we are in the worst case possible with only Git histories and free GitHub / GitLab organizations, so some features can have been implemented in premium plans but we don't have them today. + +---- + +## Ground Rules + +- Be nice. You can apply here the [Crocker's rules](https://old-wiki.lesswrong.com/wiki/Crocker%27s_rules) for better efficiency if you want. Some peoplee here do. +- We have a [CODE_OF_CONDUCT](CODE_OF_CONDUCT) you **must** apply. +- For any improvemens or issues, bring tests data +- When in doubt, open an issue. For almost any type of contribution, the first step is opening an issue. Even if you think you already know what the solution is, writing down a description of the problem you're trying to solve will help everyone get context when they review your pull request. If it's truly a trivial change (e.g. spelling error), you can skip this step -- but as the subject says, when it doubt. +- Only submit your own work (or work you have sufficient rights to submit). Please make sure that any code or documentation you submit is your work or you have the rights to submit. We respect the intellectual property rights of others, and as part of contributing, we'll ask you to sign your contribution with a "Developer Certificate of Origin" (DCO) that states you have the rights to submit this work and you understand we'll use your contribution. There's more information about this topic in the [DCO section](#developer-certificate-of-origin). Keep also meta field oin your Git commits body with **Co-authored-by:**. + +## Bug Reports + +Ugh! Bugs! + +A bug is when software behaves in a way that you didn't expect and the developer didn't intend. To help us understand what's going on, we first want to make sure you're working from the latest version. + +Once you've confirmed that the bug still exists in the latest version, you'll want to check to make sure it's not something we already know about on the [open issues GitHub page](https://github.com/Orange-OpenSource/floss-toolbox/issues). + +## Feature Requests & Proposals + +If you've thought of a way that floss-tooblox could be better, we want to hear about it. We track `feature requests` ([examples](https://github.com/search?q=org%3Aopensearch-project+%22Is+your+feature+request+related+to+a+problem%3F%22&type=Issues)) using GitHub, so please feel free to open an issue which describes the feature you would like to see, why you need it, and how it should work. If you would like contribute code toward building it, you might consider a `feature-request` ([examples](https://github.com/Orange-OpenSource/floss-toolbox/issues?q=is%3Aissue+is%3Aopen+label%3A%22feature-request%22)) instead. A feature request is the first step to helping the community better understand what you are planning to contribute, why it should be built, and collaborate on ensuring you have all the data points you need for implementation. + +## Documentation Changes + +There are few documentations, mainly absed on README.md files. There must be kept updated with each fixes or evolutions.two types of documentation in OpenSearch: developer documentation, which describes how OpenSearch is designed internally, and user documentation, which describes how to use OpenSearch. +Feel free to improve the suitable files. + +## Contributing Code + +As with other types of contributions, the first step is to [open an issue on GitHub](https://github.com/Orange-OpenSource/floss-toolbox/issues/new). Opening an issue before you make changes makes sure that someone else isn't already working on that particular problem. It also lets us all work together to find the right approach before you spend a bunch of time on a PR. So again, when in doubt, open an issue. + +## Developer Certificate of Origin + +floss-tooblox is an open source product released under the Apache 2.0 license (see either [the Apache site](https://www.apache.org/licenses/LICENSE-2.0) for example. The Apache 2.0 license allows you to freely use, modify, distribute, and sell your own products that include Apache 2.0 licensed software. See also the file *LICENSE.txt*. + +We respect intellectual property rights of others and we want to make sure all incoming contributions are correctly attributed and licensed. A Developer Certificate of Origin (DCO) is a lightweight mechanism to do that. + +The DCO is a declaration attached to every contribution made by every developer. In the commit message of the contribution, the developer simply adds a `Signed-off-by` statement and thereby agrees to the DCO, which you can find below or at [DeveloperCertificate.org](http://developercertificate.org/). See also the file *DCO.txt*. + +We require that every contribution to floss-toolbox is signed with a Developer Certificate of Origin. Additionally, please use your real name. We do not accept anonymous contributors nor those utilizing pseudonyms. + +Each commit must include a DCO which looks like this + +``` +Signed-off-by: Jane Smith +``` +You may type this line on your own when writing your commit messages. However, if your user.name and user.email are set in your git configs, you can use `-s` or `--signoff` to add the `Signed-off-by` line to the end of the commit message. + +If you worked with other people on the provided contributions, add also the *Co-authored-by* in your commit body if relevant. + +## Changelog, versioning and commits + +floss-toolbox follows [Keep A Changelog](https://keepachangelog.com/en/1.0.0/) format and *semantic verisoning*. +We try also to apply [commit message conventions](https://www.conventionalcommits.org/en/v1.0.0/#summary) + +## How to contribute + +- Open an issue descrbing your needs and the evolutions or fixes you will bring +- Submit a pull request +- Ensure your commits are clean (atomic, DCO applied, co-authoring if needed) +- Keep the CHANGELOG updated +- Attach to the PR the tests data +- Do not forget to update the README associate to the folderwhere your evolutions are + +Project maintainers will then update the wiki and the CONTRIBUTORS file once your pull request will be merged. + +About the source files, ensure you commented and documented the use of the scripts and tools like the others existing files. +Use also the SPDX format headers. + +**Thanks for your contributions!** +**Have fun, and happy coding!** diff --git a/CONTRIBUTORS.txt b/.github/CONTRIBUTORS.txt similarity index 100% rename from CONTRIBUTORS.txt rename to .github/CONTRIBUTORS.txt diff --git a/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md b/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md new file mode 100644 index 0000000..1d2ea2d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUG_TEMPLATE.md @@ -0,0 +1,24 @@ +--- +name: 🐛 Bug report +about: Create a report to help us improve +title: '[BUG]' +labels: 'bug, untriaged' +assignees: '' +--- +### What is the bug? +_A clear and concise description of the bug._ + +### How can one reproduce the bug? +_Steps to reproduce the behavior._ + +### What is the expected behavior? +_A clear and concise description of what you expected to happen._ + +### What is your host/environment? +_Operating system, version._ + +### Do you have any screenshots? +_If applicable, add screenshots to help explain your problem._ + +### Do you have any additional context? +_Add any other context about the problem._ diff --git a/.github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..55b3ddf --- /dev/null +++ b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST_TEMPLATE.md @@ -0,0 +1,18 @@ +--- +name: 🎆 Feature request +about: Request a feature in this project +title: '[FEATURE]' +labels: 'enhancement, untriaged' +assignees: '' +--- +### Is your feature request related to a problem? +_A clear and concise description of what the problem is, e.g. I'm always frustrated when [...]._ + +### What solution would you like? +_A clear and concise description of what you want to happen._ + +### What alternatives have you considered? +_A clear and concise description of any alternative solutions or features you've considered._ + +### Do you have any additional context? +_Add any other context or screenshots about the feature request here._ diff --git a/.github/MAINTAINERS.md b/.github/MAINTAINERS.md new file mode 100644 index 0000000..fb7ca51 --- /dev/null +++ b/.github/MAINTAINERS.md @@ -0,0 +1,19 @@ +- [Overview](#overview) +- [Current Maintainers](#current-maintainers) +- [Emeritus](#emeritus) + +## Overview + +This document contains a list of maintainers in this repo. See [floss-toolbox/.github/RESPONSIBILITIES.md](https://github.com/floss-toolbox/.github/blob/master/RESPONSIBILITIES.md#maintainer-responsibilities) that explains what the role of maintainer means, what maintainers do in this and other repos, and how they should be doing it. If you're interested in contributing, and becoming a maintainer, see [CONTRIBUTING](CONTRIBUTING.md). + +## Current Maintainers + +| Maintainer | GitHub ID | Affiliation | +| ------------------------ | --------------------------------------------------------- | -------------- | +| Pierre-Yves Lapersonne | [pylapp](https://github.com/pylapp) | Orange SA | + + +## Emeritus + +| Maintainer | GitHub ID | Affiliation | +| ------------------------ | --------------------------------------------------------- | -------------- | diff --git a/.github/RESPONSIBILITIES.md b/.github/RESPONSIBILITIES.md new file mode 100644 index 0000000..a0e1ce7 --- /dev/null +++ b/.github/RESPONSIBILITIES.md @@ -0,0 +1,94 @@ +- [Overview](#overview) +- [Current Maintainers](#current-maintainers) +- [Maintainer Responsibilities](#maintainer-responsibilities) + - [Uphold Code of Conduct](#uphold-code-of-conduct) + - [Prioritize Security](#prioritize-security) + - [Review Pull Requests](#review-pull-requests) + - [Triage Open Issues](#triage-open-issues) + - [Automatically Label Issues](#automatically-label-issues) + - [Be Responsive](#be-responsive) + - [Maintain Overall Health of the Repo](#maintain-overall-health-of-the-repo) + - [Keep Dependencies up to Date](#keep-dependencies-up-to-date) + - [Manage Roadmap](#manage-roadmap) + - [Add Continuous Integration Checks](#add-continuous-integration-checks) + - [Use Semver](#use-semver) + - [Release Frequently](#release-frequently) + - [Promote Other Maintainers](#promote-other-maintainers) + - [Describe the Repo](#describe-the-repo) +- [Becoming a Maintainer](#becoming-a-maintainer) + - [Nomination](#nomination) + - [Interest](#interest) + - [Addition](#addition) +- [Removing a Maintainer](#removing-a-maintainer) + - [Moving On](#moving-on) + - [Inactivity](#inactivity) + - [Negative Impact on the Project](#negative-impact-on-the-project) + +## Overview + +This document explains who maintainers are, what they dothis repository, and how they should be doing it. If you're interested in contributing, see [CONTRIBUTING](CONTRIBUTING.md). + +## Current Maintainers + +See the [MAINTAINERS.md](MAINTAINERS.md) file that lists current maintainers. + +## Maintainer Responsibilities + +Maintainers are active and visible members of the community, and have high-level permissions on the repository. Use those privileges to serve the community and evolve code as follows. + +### Uphold Code of Conduct + +Model the behavior set forward by the [Code of Conduct](CODE_OF_CONDUCT.md) and apply the [Code of Conflict](CODE_OF_CONFLCIT.md). + +### Review Pull Requests + +It's our responsibility to ensure the content and code in pull requests are correct and of high quality before they are merged. Here are some best practices: + +- Leverage the issue triaging process to review pull requests and assign them to maintainers for review (use [CODEOWNERS](CODEOWNERS) if needed). +- In cases of uncertainty on how to proceed, search for related issues and reference the pull request to find additional collaborators. +- When providing feedback on pull requests, make sure your feedback is actionable to guide the pull request towards a conclusion. +- If a pull request is valuable but isn't gaining traction, consider reaching out to fulfill the necessary requirements. This way, the pull request can be merged, even if the work is done by several individuals. +- Lastly, strive for progress, not perfection. + +### Triage Open Issues + +Manage labels, review issues regularly, and triage by labelling them. + +Use labels to target an issue or a PR for a given release, add `Good first issue` to good issues for new community members, and `Help wanted` for issues that scare you or need immediate attention. Request for more information from a submitter if an issue is not clear. Create new labels as needed by the project. + +#### Automatically Label Issues + +There are many tools available in GitHub for controlling labels on issues and pull requests. Use standard issue templates in the [./.github/ISSUE_TEMPLATE](./.github/ISSUE_TEMPLATE) directory to apply appropriate labels such as `bug` and `untriaged`. + +### Be Responsive + +Respond to enhancement requests, and discussions. Allocate time to reviewing and commenting on issues and conversations as they come in. + +### Maintain Overall Health of the Repo + +Keep the `master` branch at production quality at all times. Backport features as needed. Cut release branches and tags to enable future patches. + +#### Keep Dependencies up to Date + +Maintaining up-to-date dependencies on third party projects reduces the risk of security vulnerabilities. The Open Source Security Foundation (OpenSSF) [recommends](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool) either [dependabot](https://docs.github.com/en/code-security/dependabot) or [renovatebot](https://docs.renovatebot.com/). Both of these applications generate Pull Requests for dependency version updates. We use Renovate here.Renovate is integrated as part of the Remediate app in [Mend for Github](https://github.com/apps/mend-for-github-com), which is enabled on this repository. + +### Use Semver + +Use and enforce [semantic versioning](https://semver.org/) and do not let breaking changes be made outside of major releases. + +### Release Frequently + +Make frequent project releases to the community. + +### Promote Other Maintainers + +Assist, add, and remove [MAINTAINERS](MAINTAINERS.md). Exercise good judgement, and propose high quality contributors to become co-maintainers. See [Becoming a Maintainer](#becoming-a-maintainer) for more information. + +### Describe the Repo + +Make sure the repo has a well-written, accurate, and complete description. + +### Becomong or not a Maintainer + +The repository admins, seens as top maintainer, are the onle ones able to choose wether or not somebody can be named as maintainer, in the way they want. + diff --git a/SECURITY.md b/.github/SECURITY.md similarity index 85% rename from SECURITY.md rename to .github/SECURITY.md index df53f0f..e54f98b 100644 --- a/SECURITY.md +++ b/.github/SECURITY.md @@ -2,6 +2,6 @@ ## Reporting a vulnerability -Send an e-mail to opensource.contact@orange.com to report a vulnerability and contact all people in CONTRIBUTORS. +Send an e-mail to opensource.contact@orange.com to report a vulnerability and contact all people in CONTRIBUTORS and MAINTAINERS. If accepted, we'll create a security advisory and add you and/or your team as collaborators. Please allow our team sufficient time to resolve the vulnerability before disclosing it ; we'll remain in contact about the fix and may ask for your assistance to verify it is resolved. diff --git a/CHANGELOG.md b/CHANGELOG.md index e5e6bd2..83b1579 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,23 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.20.0..dev) +## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.21.0..dev) + +## [2.21.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.21.0..2.20.0) - 2024-09-164 + +### Added + +- English template for email text generation about GitHub newcomers +- Bug and feature request templates, and other files for the hygiene of the project + +### Changed + +- [Licenses Inventory] Update to v4.0.6 ([#160](https://github.com/Orange-OpenSource/floss-toolbox/issues/160)) + +### Fixed + +- [Diver] Missing execution permission for extract-emails-from-history.sh ([#171](https://github.com/Orange-OpenSource/floss-toolbox/issues/171)) +- [Diver] Failed to process repositories at path with whitespaces ([#172](https://github.com/Orange-OpenSource/floss-toolbox/issues/172)) ## [2.20.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.20.0..2.19.0) - 2024-04-04 diff --git a/CITATION.cff b/CITATION.cff index 01b16d0..9ba60c2 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -39,5 +39,5 @@ keywords: - audits - history license: Apache-2.0 -version: v2.20.0 -date-released: '2024-04-04' +version: v2.21.0 +date-released: '2024-09-16' diff --git a/toolbox/LicensesInventory/README.md b/toolbox/LicensesInventory/README.md index cad3c63..1fc8d76 100644 --- a/toolbox/LicensesInventory/README.md +++ b/toolbox/LicensesInventory/README.md @@ -4,6 +4,7 @@ Table of Contents ================= * [Licenses inventory](#licenses-inventory) * [Disclaimer](#disclaimer) + * [Developer notice](#developer-notice) * [What the tool does](#what-the-tool-does) * [Prerequisites](#prerequisites) * [Fill the configuration file](#fill-the-configuration-file) @@ -39,6 +40,31 @@ The tool searches a license for each dependency found in the files to treat. **This is an experimental feature designed and implemented by a blind colleague, you must always keep in mind our [Code of Conduct](https://github.com/Orange-OpenSource/floss-toolbox/blob/dev/CODE_OF_CONDUCT.md) for any issues nor comments, and be benevolent and kind. This is mandatory.** +## Developer notice + +- Unit tests: in *tests/unittests* +- Integration tests: in *tests/integrationtests* +- To test the main: in *sources/test_main.py* + with the data in *sources/data_to_test_main* + +Do not delete the file 'to_add_this_folder_to_git.tmp' in: + real_data/licenses* + real_data/no_file + +For integrationtest/test_3_print: +- you have to uncomment the first line in the test method to see the displays +- the test does not pass: it is normal, it tests the displaying after testing, you have to comment this line: the test will pass + +After executing of the integration tests: +- delete the directories 'real_data/licenses*' +- execute the following commands: + +```shell + git checkout tests\integrationtests\real_data\licenses + git checkout tests\integrationtests\real_data\licenses_with_errors + git checkout tests\integrationtests\real_data\licenses_with_retry_after +``` + ## What the tool does 1. Read the file 'config.ini' ; @@ -79,11 +105,11 @@ For example: # Where to find the package manager files above, must be defined, target must exist path to parse = /absolute/path/to/project_to_test # The name of the package manager file to process stored above, must be defined -the filenames = go.mod +the filenames = go.mod, build.gradle, build.gradle.kts, package.json # For outputs, must be defined, target must exists path to store the licenses = /absolute/path/to/project_to_test-licences # Erros maangement if requests failed -number of authorized successive errors = 1 +number of authorized successive errors = 2 ``` where: @@ -112,7 +138,7 @@ python3 -m pytest -s tests/integrationtests/*.py python3 -m pytest tests/unittests/*.py ``` -To run the unit tests, you must get the assets attached as artificats to [the release you got](https://github.com/Orange-OpenSource/floss-toolbox/releases). +To run the unit tests, you must get the assets attached as artifacts to [the release you got](https://github.com/Orange-OpenSource/floss-toolbox/releases). For integration tests, get the *real_data* folder in the *integrationtests* folder and move it to the same folder in your project. For unit tests, get the *data* folder in the *unittests* folder and move it to the same folder in your project. @@ -231,4 +257,4 @@ A file 'licenses.txt' is created in the folder 'licenses'. This file contains the list of the licenses for each dependency. To personalize this folder, use 'config.ini'. -Beware of your proxys or public IP address to not be blocked by such platforms, and avoid flooding them. +Beware of your proxys or public IP address to not be blocked by such platforms, and avoid flooding them. \ No newline at end of file diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_1_all_dependencies.py b/toolbox/LicensesInventory/tests/integrationtests/test_1_all_dependencies.py index b3ca661..cbd4bef 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_1_all_dependencies.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_1_all_dependencies.py @@ -40,7 +40,6 @@ def test_new_dependencies(self): ins_config = CConfig() ins_config.path = self.path_data - ins_config.filename = "config.ini" ins_config.get_the_config() ins_filter = CFilter() diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_3_print_with_error_403.py b/toolbox/LicensesInventory/tests/integrationtests/test_3_print_with_error_403.py index eb83b25..af90f4d 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_3_print_with_error_403.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_3_print_with_error_403.py @@ -25,6 +25,9 @@ class TestDependencies(unittest.TestCase): """ Tests with real data + Before to test the saving of the dependencies on error, in integrationtests, delete the files in: + licenses_with_errors + licenses_with_retry_after """ @classmethod @@ -52,6 +55,7 @@ def test_print_with_error_403(self, mock_requests_get): the_dependencies_by_platform = ins_dependencies.get_the_dependencies(ins_filter) if the_dependencies_by_platform == None: return + # requests import requests response = requests.models.Response diff --git a/toolbox/LicensesInventory/tests/integrationtests/test_4_2_dependencies_per_platform_saving_errors.py b/toolbox/LicensesInventory/tests/integrationtests/test_4_2_dependencies_per_platform_saving_errors.py index 2043800..92f724e 100644 --- a/toolbox/LicensesInventory/tests/integrationtests/test_4_2_dependencies_per_platform_saving_errors.py +++ b/toolbox/LicensesInventory/tests/integrationtests/test_4_2_dependencies_per_platform_saving_errors.py @@ -25,6 +25,9 @@ class TestDependencies(unittest.TestCase): """ Tests with real data + Before to test the saving of the dependencies on error, in integrationtests, delete the files in: + licenses_with_errors + licenses_with_retry_after """ @classmethod @@ -53,7 +56,6 @@ def test_new_dependencies(self, mock_requests_get): return self.assertEqual(7, len(the_dependencies_by_platform)) - number = 2 number = 2 the_d = the_dependencies_by_platform[CName().cocoapods] self.assertEqual(number, len(the_d)) diff --git a/toolbox/diver/extract-emails-from-history.sh b/toolbox/diver/extract-emails-from-history.sh old mode 100644 new mode 100755 diff --git a/toolbox/diver/generate-contributors-file.py b/toolbox/diver/generate-contributors-file.py index 344ff4a..2f1ffb2 100755 --- a/toolbox/diver/generate-contributors-file.py +++ b/toolbox/diver/generate-contributors-file.py @@ -10,7 +10,7 @@ # Authors: See CONTRIBUTORS.txt # Software description: A toolbox of scripts to help work of forges admins and open source referents -# Version.............: 1.0.0 +# Version.............: 1.0.1 # Since...............: 03/04/2023 # Description.........: Using the Git history, generates a CONTRIBUTORS.md file @@ -56,7 +56,7 @@ print(f"✏️ Creating folder '{TEMP_FOLDER}' with internal stuff in target") os.makedirs(TEMP_FOLDER_FULL_PATH, exist_ok=True) -# Check if Git repository is empty (check if there are at least 1 commit in the logs) +# Check if Git repository is empty (check if there is at least 1 commit in the logs) command_result_output = subprocess.check_output("git log --oneline -1 > /dev/null 2>&1 | wc -l", shell=True) command_result = int(command_result_output.decode().strip()) if command_result == "0": @@ -67,15 +67,15 @@ # Dump Git logs print("✏️ Dumping Git logs") -# Create the log file, go to targetn and run the git command -# Format the output to have first name, last name (upercased) and email, sorted alphabetically ascending -# Deal also the case where we only have one value between first and last name +# Create the log file, go to target, and run the git command. +# Format the output to have first name, last name (upercased) and email, sorted ascending alphabetically. +# Deal also the case where we only have one value between first and last name. git_log_command = """ -touch {log_file} && cd {target} && git log --all --format="%aN <%aE>" | sort | uniq | awk '{{if ($2 !~ /@/) {{print $1, toupper($2), $3}} else {{print $1, $2, $3}}}}' | sort -k2 > {log_file} +touch "{log_file}" && cd "{target}" && git log --all --format="%aN <%aE>" | sort | uniq | awk '{{if ($2 !~ /@/) {{print $1, toupper($2), $3}} else {{print $1, $2, $3}}}}' | sort -k2 > "{log_file}" """.format(target=target, log_file=GIT_LOG_TEMP_FILE_PATH) os.system(git_log_command) -contributors_count_output = subprocess.check_output("cat {log_file} | wc -l".format(log_file=GIT_LOG_TEMP_FILE_PATH), shell=True) +contributors_count_output = subprocess.check_output("cat '{log_file}' | wc -l".format(log_file=GIT_LOG_TEMP_FILE_PATH), shell=True) contributors_count = int(contributors_count_output.decode().strip()) print(f"👉 Found maybe {contributors_count} contributors") diff --git a/toolbox/utils/text-generator/.gitignore b/toolbox/utils/text-generator/.gitignore new file mode 100644 index 0000000..42ed6af --- /dev/null +++ b/toolbox/utils/text-generator/.gitignore @@ -0,0 +1,2 @@ +_templates/new-GitHub-repository-contributors.fr.template.txt.result +_templates/new-GitHub-repository-contributors.en.template.txt.result \ No newline at end of file diff --git a/toolbox/utils/text-generator/_templates/new-GitHub-repository-contributors.en.template.txt b/toolbox/utils/text-generator/_templates/new-GitHub-repository-contributors.en.template.txt new file mode 100644 index 0000000..96ce3bb --- /dev/null +++ b/toolbox/utils/text-generator/_templates/new-GitHub-repository-contributors.en.template.txt @@ -0,0 +1,67 @@ +Hi! + +The GitHub users below will be added with permissions "%FORGE_ADDED_USERS_PERMISSION%" to the GitHub repository "%FORGE_REPO_NAME%" [1]: +%FORGE_ADDED_HANDLES_LIST%. +Normally these rights will be sufficient but we invite you to contact us if this is not the case, providing the appropriate arguments. + +The users have been added to a GitHub team ("%FORGE_REPO_TEAM_NAME%"), but this is for our internal needs on the administrators side. +This team, for the same reasons, was added with "%FORGE_REPO_TEAM_PERMISSION%" rights to the repository, you will have to leave things as they are. +The users have been added to our mailing list of public software forge users (low frequency of emails sent) (%RESSOURCE_MAILING_LIST_FORGE_USERS%). + +Users should soon receive email invitations for several topics: +- Join the Group's GitHub organization (%FORGE_ORG_NAME%); +- Join the repository (%FORGE_REPO_NAME%). + +GitHub accounts must follow the rules below, this only takes a few minutes and it is essential to do so. +The administrators of the organization do not have control over the accounts, their owners must take charge of them, a mandatory condition for using the repositories. +1. Have your first and last name clearly displayed; +2. Display your company in the “company” field (e.g. “Orange”); +3. Display your membership in the GitHub organization (see this documentation [2]); +4. Add your professional email address among the email addresses in your GitHub account ; please note, your account is personal, do not put your professional email address as the "primary" address. + +Please note that only internal people (permanent contracts, apprentices, doctoral students) are affected by the above-mentioned criteria, and not subcontractors and interns who cannot join the organization (but can be added to the repositories). + +Concerning your future contributions, we will ask you to be vigilant in your Git configuration (first and last name correctly entered in the "user.name", professional email address correctly entered in the "user.email"). +We will also ask you to apply the DCO (signed-off option from your Git client). +For external users, if you have an Orange email address, you must use it. Otherwise it will be your employer email address. + +Obviously, you should take the greatest care with your commits, and be vigilant about fixing vulnerabilities and secrets leaks. + +By default people will have "%FORGE_ADDED_USERS_PERMISSION%" rights, we only authorize the "admin" right on a case-by-case basis taking into account the possibilities of this permission. +We reserve the right to withdraw these rights at any time without notice if individuals do not follow the rules. + +As a reminder, the GitHub ToS [3] do not allow having multiple free GitHub accounts, and Orange does not provide any GitHub account to its employees, so you will need to use your personal GitHub account to contribute if you have one. +For more information, we invite you to consult this document [4] which covers the points to be addressed concerning your GitHub accounts. + +Also don't forget to sign your commits with signoff [5] (cryptographic signatures via GPG are not required but nothing prevents you from doing so). +It will also be necessary to be vigilant regarding Dependabot alerts [6] and leaks of secrets detectable via gitleaks [7]. + +Also remember to have the source file headers up to date [8] and to maintain the file listing third-party dependencies if necessary [9]. +Adding third-party apps or GitHub Actions to repositories is subject to validation by the organization's administrators, let us know when you make such requests as we only have fragmentary information. +For this topic or any questions, you can contact us via %RESSOURCE_MAILING_LIST_ADMINS%. + +To go further, we have: +- a %TOOL_CHAT_NAME% space for chatting [10]; +- a %TOOL_DOCS_NAME% space dedicated to open source [11]; +- a %TOOL_DOCS_NAME% space dedicated to intellectual property [12]; +- an internal website [11]; +- an external website [12]; +- a showcase site for GitHub [13]. + +Remaining available, + +[1] %FORGE_REPO_URL% +[2] https://docs.github.com/fr/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/publicizing-or-hiding-organization-membership +[3] https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#3-account-requirements +[4] %RESSOURCE_DOC_GITHUB-ACCOUNT-SETTINGS% +[5] %RESSOURCE_DOC_COMMITS-SIGNING% +[6] %RESSOURCE_DOC_DEPENDABOT% +[7] %RESSOURCE_DOC_GITLEAKS% +[8] %RESSOURCE_DOC_ABOUT_HEADERS% +[9] %RESSOURCE_DOC_ABOUT_THIRD-PARTY% +[10] %TOOL_CHAT_LINK% +[11] %TOOL_DOCS_OPENSOURCE_LINK% +[12] %TOOL_DOCS_IPJD_LINK% +[11] %RESSOURCES_WEB_INTERNAL-SITE% +[12] %RESSOURCES_WEB_PUBLIC-SITE% +[13] %RESSOURCES_WEB_GITHUB-SITE% diff --git a/toolbox/utils/text-generator/text-generator.php b/toolbox/utils/text-generator/text-generator.php index 890429a..7a3b01c 100755 --- a/toolbox/utils/text-generator/text-generator.php +++ b/toolbox/utils/text-generator/text-generator.php @@ -13,14 +13,14 @@ # Since...............: 29/02/2024 # Description.........: Generates a text based on a template and a list of variables to replace -# Version.............: 1.0.0 +# Version.............: 1.0.1 // ------------- // Configuration // ------------- // Script version -$VERSION = "1.0.0"; +$VERSION = "1.0.1"; // Error codes $EXIT_OK = 0; @@ -92,7 +92,7 @@ echo "Error: Something wrong occured during writing process".PHP_EOL; exit($ERROR_DURING_OUTPUT); } else { - echo "The final file has been created / update at '$destinationName'".PHP_EOL; + echo "The final file has been created or updated at '$destinationName'".PHP_EOL; exit($EXIT_OK); } ?>