Open yada opened 2 months ago
yada
commented
2 months ago List of tasks to perform and take care of in order of priority and execution:
yada
commented
2 months ago By the way, we should add the LICENSE file (Apache License 2.0) to this repo so we can copy it (sync) to the others. Ex: sync to https://github.com/microcks/community
yada
commented
1 month ago GitHub action that can help from our AsyncAPI friends: https://github.com/derberg/manage-files-in-multiple-repositories?tab=readme-ov-file
lbroudoux
commented
3 weeks ago I think the first step is to define the different kinds of repos we have under the Microcks organization. As those different kinds of repos don't have the same licensing or security scanning requirements, this could help us putting the right effot as the right place.
I see at least 4 different categories of repositories:
microcks, microcks-testcontainers-java, microcks-operator, microcks-quarkus, etc..microcks-quarkus-demo, microcks-testcontainers-node-nest-demo, api-lifecycle, api-tooling, etc...microcks.io and microcks.github.io.github, community-mocks, microcks-quickstarters, etc...At first, I was wondering if repos containing ecosystem plugins (like Jenkins plugin, Backstage plugin, etc...) had to be considered differently but it's still components we're delivering for and that targets production usage. So it fits in the 1st category.
What do you think? Do you agree with this way of sorting things?
Now what is the impact of this categorization? I see we have different needs and constraints depending on the type of repo.
| Needs/Constraints | Β Delivered components | Demonstrations | Documentation | Community resources |
|---|---|---|---|---|
| Apache 2.0 License | Β β | β | ||
| Licence Scanning | Β β | |||
| Security Scanning | Β β | |||
| Security Infos | Β β | β | ||
| QA Scanning | Β β | |||
| MIT License | Β | β | β | |
| Infos in README | β | β | β | β |
| Codeowners | β | β | β | β |
| Contribution guide | β | β | β | |
| Staling of issues | β | β | ||
| Governance infos | β | β | β | |
| Changelog infos | β | β | ||
| Roadmap infos | β | β | ||
| Adopters infos | β | β | ||
| Code of conduct | β | β | β | β |
| CLO Monitor (*1)/LFX Insights presence | β
with code and community checks |
β
with docs checks |
In addition, putting Security, License or QA Scanning in place has some consequences as we also need to set up some additiional tools like Sonar (QA & Security), FOSSA (License) and Quay.io/Docker Scout (Security of container image).
Also, all the files mentioned above cannot be synced as-is. Typically:
CHANGELOG.md is specific for each repo as it contains a link to the repo releasesCONTRIBUTING.md file is quite generic but may require some repo-specific information on build tools and others.(*1): See, CLOMonitor checks description: https://clomonitor.io/docs/topics/checks/
yada
commented
3 weeks ago Make sense and looks good to me π
lbroudoux
commented
3 weeks ago Comprehensive list in different repos categories (as of today π)
Delivered components
Demonstrations
Documentation
Community resources
yada
commented
3 weeks ago I think we also need to include some workflow, ex: welcome-new-users.yml can be copied to all repos @lbroudoux agree?
yada
commented
3 weeks ago As a test and first workflow for this issue, let's start by replicating CODE_OF_CONDUCT.md to all repos:
yada
commented
4 days ago CLOMonitor data source update (add repos and checks as described above) has been requested; see: https://github.com/cncf/clomonitor/pull/1571
yada
commented
3 days ago Sync and merged in all repos as described above done β for files:
Reason/Context
We need to use the .github repo as our single source of truth for all the community health files we would generally have to duplicate in each (or multiple) repository. All community contributions on these files (PR) will be accepted in this repo (.github) and synced to the others; no update on the destination repo will be allowed.
Warning: any new files (new creation) must be added to the exclusion regex of each repo/workflow auto-build process, ex: https://github.com/microcks/microcks/blob/master/.github/workflows/build-verify.yml
Description
The current files concerned are:
β οΈ All of them need to be first added to the exclusion regex of each repo/workflow auto-build process β οΈ
Implementation ideas
Sync for each file proposition is:
Ideally, the sync process needs to be fully automated using GitHub actions: