From 44c46c29434d5029a8e9bbf30e95d8a9a312036c Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Wed, 18 Sep 2024 00:47:28 +0530 Subject: [PATCH 1/9] Updating repo --- SECURITY.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f1d30dd --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,64 @@ +# Security Policy +We are very grateful to the security researchers and users that report +back Layer5 project security vulnerabilities. We investigate every report thoroughly. + +## Reporting a vulnerability +To make a report, send an email to the private +[security-vulns-reports@layer5.io](mailto:security-vulns-reports@layer5.io) +mailing list with the vulnerability details. For normal product bugs +unrelated to latent security vulnerabilities, please head to +the appropriate repository and submit a [new issue](../../issues/new/choose). + +### When to report a security vulnerability? + +Send us a report whenever you: + +- Think Layer5 projects have a potential security vulnerability. +- Are unsure whether or how a vulnerability affects Layer5 projects. +- Think a vulnerability is present in another project that Layer5 projects +depend on (Docker for example). + +### When not to report a security vulnerability? + +Don't send a vulnerability report if: + +- You need help tuning Layer5 project components for security. +- You need help applying security related updates. +- Your issue is not security related. + +## Evaluation + +The Layer5 team acknowledges and analyzes each vulnerability report within 10 working days. + +Any vulnerability information you share with the Layer5 team stays +within the Layer5 project. We don't disseminate the information to other +projects. We only share the information as needed to fix the issue. + +We keep the reporter updated as the status of the security issue is addressed. + +## Fixing the issue + +Once a security vulnerability has been fully characterized, a fix is developed by the Layer5 team. +The development and testing for the fix happens in a private GitHub repository in order to prevent +premature disclosure of the vulnerability. + +## Early disclosure + +The Layer5 team maintains a mailing list for private early disclosure of security vulnerabilities. +The list is used to provide actionable information to close Layer5 partners. The list is not intended +for individuals to find out about security issues. + +## Public disclosure + +On the day chosen for public disclosure, a sequence of activities takes place as quickly as possible: + +- Changes are merged from the private GitHub repository holding the fix into the appropriate set of public +branches. +- Layer5 team ensures all necessary binaries are promptly built and published. +- Once the binaries are available, an announcement is sent out on the following channels: + - The [Layer5 blog](https://layer5.io/blog/) + - The [Layer5 Twitter feed](https://twitter.com/layer5io) + - The #announcements channel on Slack + +As much as possible this announcement will be actionable, and include any mitigating steps customers can take prior to +upgrading to a fixed version. From 79ea21cfaa6b13a7c1a4d592a2bfa2cb1b93645d Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Wed, 18 Sep 2024 00:53:48 +0530 Subject: [PATCH 2/9] issue template of kind issue --- .github/ISSUE_TEMPLATE/ci.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/ci.md diff --git a/.github/ISSUE_TEMPLATE/ci.md b/.github/ISSUE_TEMPLATE/ci.md new file mode 100644 index 0000000..ada1adc --- /dev/null +++ b/.github/ISSUE_TEMPLATE/ci.md @@ -0,0 +1,23 @@ +--- +name: πŸ›  Continuous Integration / DevOps +about: Improve or update workflows or other automation +title: '[CI]' +labels: 'area/ci' +assignees: '' +--- +#### Current Behavior + + +#### Desired Behavior + + +#### Implementation + + +#### Acceptance Tests + + +--- +#### Contributor [Guides](https://docs.meshery.io/project/contributing) and Resources +- πŸ›  [Meshery Build & Release Strategy](https://docs.meshery.io/project/build-and-release) +- πŸ™‹πŸΎπŸ™‹πŸΌ Questions: [Discussion Forum](http://discuss.meshery.io) and [Community Slack](https://slack.meshery.io) From a1721c2e622a2bd9f71738fb5e740d2406464d05 Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Wed, 18 Sep 2024 01:24:33 +0530 Subject: [PATCH 3/9] Create PULL_REQUEST_TEMPLATE.md --- .github/PULL_REQUEST_TEMPLATE.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..4109eb3 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,23 @@ +**Description** + +This PR fixes # + +**Notes for Reviewers** + + +**[Signed commits](https://github.com/layer5io/meshery/blob/master/CONTRIBUTING.md#signing-off-on-commits-developer-certificate-of-origin)** +- [ ] Yes, I signed my commits. + + + From 2825f2f59149b3cd6b4028b59bcf990dfab12aff Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Wed, 18 Sep 2024 02:53:33 +0530 Subject: [PATCH 4/9] Create labeler.yml --- .github/labeler.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/labeler.yml diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..31afaf0 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,30 @@ +area/docs: +- changed-files: + - any-glob-to-any-file: + - "readme.md" + - "contributing.md" + - "docs/**/*" +area/cypress-action: +- changed-files: + - any-glob-to-any-file: + - "cypress-action/**/*" +area/node-action: +- changed-files: + - any-glob-to-any-file: + - "node-action/**/*" +area/playright-action: +- changed-files: + - any-glob-to-any-file: + - "playright-action/**/*" +area/ci: +- changed-files: + - any-glob-to-any-file: + - ".github/**/*" +playground: +- changed-files: + - any-glob-to-any-file: + - "install/playground/**/*" +opa: +- changed-files: + - any-glob-to-any-file: + - "*.rego" From 7730a2220f61cd35a3acc8bd56a3f1a3c68889e6 Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Wed, 18 Sep 2024 02:55:35 +0530 Subject: [PATCH 5/9] Create labeler.yml --- .github/workflows/labeler.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/workflows/labeler.yml diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 0000000..e5ba3b3 --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,14 @@ +name: "Pull Request Labeler" +on: +- pull_request_target + +jobs: + triage: + permissions: + contents: read + pull-requests: write + runs-on: ubuntu-22.04 + steps: + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" From 8856e1882ebc6b4eb7673afbd102c7ba70c95c89 Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Wed, 18 Sep 2024 22:58:40 +0530 Subject: [PATCH 6/9] replace with layer5 docs ci.md template --- .github/ISSUE_TEMPLATE/ci.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/ci.md b/.github/ISSUE_TEMPLATE/ci.md index ada1adc..4b413cb 100644 --- a/.github/ISSUE_TEMPLATE/ci.md +++ b/.github/ISSUE_TEMPLATE/ci.md @@ -2,7 +2,7 @@ name: πŸ›  Continuous Integration / DevOps about: Improve or update workflows or other automation title: '[CI]' -labels: 'area/ci' +labels: 'area/ci, framework/hugo' assignees: '' --- #### Current Behavior @@ -18,6 +18,9 @@ assignees: '' --- -#### Contributor [Guides](https://docs.meshery.io/project/contributing) and Resources -- πŸ›  [Meshery Build & Release Strategy](https://docs.meshery.io/project/build-and-release) -- πŸ™‹πŸΎπŸ™‹πŸΌ Questions: [Discussion Forum](http://discuss.meshery.io) and [Community Slack](https://slack.meshery.io) + +#### Contributor Guide and Resources +- πŸ“š [Instructions for contributing to documentation](https://github.com/layer5io/docs/blob/master/CONTRIBUTING.md) + - Layer5 documentation [site](https://docs.layer5.io) and [source](https://github.com/layer5io/docs/) +- 🎨 Wireframes and [designs for Layer5 site](https://www.figma.com/file/5ZwEkSJwUPitURD59YHMEN/Layer5-Designs) in Figma [(open invite)](https://www.figma.com/team_invite/redeem/qJy1c95qirjgWQODApilR9) +- πŸ™‹πŸΎπŸ™‹πŸΌ Questions: [Layer5 Discussion Forum](https://discuss.layer5.io) and [Layer5 Community Slack](http://slack.layer5.io) From 1bc0a86e8b025fc62b32b131b2e42f3bcfbc19ba Mon Sep 17 00:00:00 2001 From: raghav1783 Date: Sat, 21 Sep 2024 23:54:45 +0530 Subject: [PATCH 7/9] Snapshot Links Update --- action.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 4c6e08a..2778e21 100644 --- a/action.yml +++ b/action.yml @@ -152,5 +152,7 @@ runs: repository: ${{github.repository}} number: ${{ inputs.prNumber }} id: meshmap-snapshot - message: '[](https://meshery.layer5.io/catalog/content/catalog/${{ env.APPLICATION_ID }}) _[Understanding Meshery Relationships](https://docs.layer5.io/meshmap/concepts/relationships/)_' + message: '[](${{env.RESOURCE_URL}}) + [View the design on Meshery Playground](https://playground.meshery.io/extension/meshmap?mode=design&design=${{ env.APPLICATION_ID }}) , + _[Interpreting Meshery Designs](https://meshery.layer5.io/academy/learning-paths/mastering-meshery/introduction-to-meshery?chapter=interpreting-meshery-designs)_' append: false \ No newline at end of file From d9271405e5d5b6c837a0bf11417e02885134e728 Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Mon, 23 Sep 2024 02:20:41 +0530 Subject: [PATCH 8/9] Create label-commenter.yml --- .github/workflows/label-commenter.yml | 28 +++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/label-commenter.yml diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml new file mode 100644 index 0000000..84f159a --- /dev/null +++ b/.github/workflows/label-commenter.yml @@ -0,0 +1,28 @@ +name: Label Commenter + +on: + issues: + types: + - labeled + + pull_request_target: + types: + - labeled + +permissions: + contents: read + issues: write + pull-requests: write + +jobs: + comment: + runs-on: ubuntu-22.04 + steps: + - name: Checkout repo πŸ›ŽοΈ + uses: actions/checkout@master + with: + ref: master # Set your default branch + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Label Commenter + uses: peaceiris/actions-label-commenter@v1.10.0 From 1c0b7584ab6af1b426d6271c1a338c10f6f6b456 Mon Sep 17 00:00:00 2001 From: Vivek Vishal Date: Mon, 23 Sep 2024 02:42:41 +0530 Subject: [PATCH 9/9] Update label-commenter-config.yml --- .github/label-commenter-config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/label-commenter-config.yml b/.github/label-commenter-config.yml index 514ede4..7a98328 100644 --- a/.github/label-commenter-config.yml +++ b/.github/label-commenter-config.yml @@ -2,7 +2,7 @@ comment: # header: "Please note the following requirement:" footer: "\ ---\n\n - >         Be sure to [join the community](https://slack.meshery.io), if you haven't yet and please leave a :star: [star on the project](../stargazers) :smile: + >         Be sure to [join the community](https://slack.layer5.io), if you haven't yet and please leave a :star: [star on the project](../stargazers) :smile: " labels: @@ -17,19 +17,19 @@ labels: body: Checking in... it has been awhile since we've heard from you on this issue. Are you still working on it? Please let us know and please don't hesitate to contact a [MeshMate](https://layer5.io/community/meshmates/) or any other [community member](https://layer5.io/community/members) for assistance. action: open pr: - body: Checking in... it has been awhile since we've heard from you on this issue. Are you still working on it? Please let us know and please don't hesitate to contact a [MeshMate](https://layer5.io/community/meshmates/) or any other [community member](https://layer5.io/community/members) for assistance. + body: Checking in... it has been awhile since we've heard from you on this pull request. Are you still working on it? Please let us know and please don't hesitate to contact a [MeshMate](https://layer5.io/community/meshmates/) or any other [community member](https://layer5.io/community/members) for assistance. action: open - name: issue/dco labeled: issue: body: "🚨 Alert! Git Police! We couldn’t help but notice that one or more of your commits is missing a sign-off. _A what?_ A commit sign-off (your email address).\n\n - To amend the commits in this PR with your signoff using the instructions provided in the DCO check. \n\n - To configure your dev environment to automatically signoff on your commits in the future, see [these instructions](https://github.com/meshery/meshery/blob/master/CONTRIBUTING.md#signing-off-on-commits-developer-certificate-of-origin)." + To amend the commits in the raised PR with your signoff using the instructions provided in the DCO check. \n\n + To configure your dev environment to automatically signoff on your commits in the future, see [these instructions](https://github.com/layer5io/layer5/blob/master/CONTRIBUTING.md#signing-off-on-commits)." action: open pr: body: "🚨 Alert! Git Police! We couldn’t help but notice that one or more of your commits is missing a sign-off. _A what?_ A commit sign-off (your email address).\n\n To amend the commits in this PR with your signoff using the instructions provided in the DCO check. \n\n - To configure your dev environment to automatically signoff on your commits in the future, see [these instructions](https://github.com/meshery/meshery/blob/master/CONTRIBUTING.md#signing-off-on-commits-developer-certificate-of-origin)." + To configure your dev environment to automatically signoff on your commits in the future, see [these instructions](https://github.com/layer5io/layer5/blob/master/CONTRIBUTING.md#signing-off-on-commits)." action: open - name: component/ui labeled: