Merge pull request #188 from OWASP/feat/codeowners

feat: add commitlint and GH best practices

Author: commjoen

.github/dependabot.yml

@@ -17,6 +17,11 @@ updates:
     directory: "/wrongsecrets-balancer/ui" # Location of package manifests
     schedule:
       interval: "monthly"
+    # check our npm for dev
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "monthly"
   - package-ecosystem: "npm" # See documentation for possible values
     directory: "/cleaner" # Location of package manifests
     schedule:

.github/workflows/pre-commit.yml

@@ -3,13 +3,13 @@ name: Pre-commit check
 # Controls when the workflow will run
 on:
   pull_request:
-    branches: [master]
+    branches: [main]
   workflow_dispatch:
 
 env:
   TF_DOCS_VERSION: v0.16.0
-  TFSEC_VERSION: v1.27.6
-  TFLINT_VERSION: v0.41.0
+  TFLINT_VERSION: v0.44.1
+  TF_VERSION: "1.3.4"
 permissions:
   contents: read
 jobs:
@@ -42,10 +42,5 @@ jobs:
           tar -zxvf terraform_docs.tar.gz terraform-docs
           chmod +x terraform-docs
           mv terraform-docs /usr/local/bin/
-      - name: Setup tfsec
-        run: |
-          curl --output tfsec https://github.com/aquasecurity/tfsec/releases/download/${{env.TFSEC_VERSION}}/tfsec-linux-amd64
-          chmod +x tfsec
-          mv tfsec /usr/local/bin/
       - name: Pre-commit checks
         uses: pre-commit/[email protected]

.gitignore

@@ -18,3 +18,5 @@ db.zip
 .letsencrypt
 
 *.auto.tfvars
+node_modules
+.npm

.pre-commit-config.yaml

@@ -4,6 +4,7 @@ repos:
     rev: v4.3.0
     hooks:
       - id: check-yaml
+        exclude: ^helm/wrongsecrets-ctf-party/templates/
       - id: end-of-file-fixer
         exclude: ^(src/test/resources/yourkey.txt|src/test/resources/secondkey.txt)
       - id: trailing-whitespace
@@ -27,3 +28,8 @@ repos:
           - "--args=--only=terraform_standard_module_structure"
           - "--args=--only=terraform_workspace_remote"
       - id: terraform_docs
+  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+    rev: v9.4.0
+    hooks:
+      - id: commitlint
+        stages: [commit-msg]

CODEOWNERS

@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+*       @commjoen @bendehaan

CONTRIBUTING.md

@@ -0,0 +1,101 @@
+# Contributing
+
+[![GitHub contributors](https://img.shields.io/github/contributors/OWASP/wrongsecrets-ctf-party.svg)](https://github.com/OWASP/wrongsecrets-ctf-party/graphs/contributors)
+![GitHub issues by-label "help wanted"](https://img.shields.io/github/issues/OWASP/wrongsecrets-ctf-party/help%20wanted.svg)
+
+This document describes how you can contribute to WrongSecrets CTF Party. Please read it carefully.
+
+**Table of Contents**
+
+- [How to Contribute to the Project](#how-to-contribute-to-the-project)
+- [How to set up your Contributor Environment](#how-to-set-up-your-contributor-environment)
+- [How to get your PR Accepted](#how-to-get-your-pr-accepted)
+
+## How to Contribute to the project
+
+There are a couple of ways on how you can contribute to the project:
+
+- **File [issues](https://github.com/OWASP/wrongsecrets-ctf-party/issues "WrongSecrets CTF Party Issues")** for missing content or errors. Explain what you think is missing and give a suggestion as to where it could be added.
+- **Create a [pull request (PR)](https://github.com/OWASP/wrongsecrets-ctf-party/pulls "Create a pull request")**. This is a direct contribution to the project and may be merged after review. You should ideally [create an issue](https://github.com/OWASP/wrongsecrets-ctf-party/issues "WrongSecrets CTF Party Issues") for any PR you would like to submit, as we can first review the merit of the PR and avoid any unnecessary work. This is of course not needed for small modifications such as correcting typos.
+- **Promote us by giving us a Star or share information via social media**.
+
+## How to get your PR accepted
+
+Your PR is valuable to us, and to make sure we can integrate it smoothly, we have a few items for you to consider. In short:
+The minimum requirements for code contributions are:
+
+1. The code _must_ be compliant with the configured pre-commit hooks.
+2. All new and changed code _should_ have a corresponding unit and/or integration test.
+3. New and changed lessons _must_ have a corresponding integration test.
+4. [Status checks](https://docs.github.com/en/github/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks) should pass for your last commit.
+
+Additionally, the following guidelines can help:
+
+### Keep your pull requests limited to a single issue
+
+Pull requests should be as small/atomic as possible. Large, wide-sweeping changes in a pull request will be **rejected**, with comments to isolate the specific code in your pull request. Some examples:
+
+- If you are making spelling corrections in the docs, don't modify other files.
+- If you are adding new functions don't '_cleanup_' unrelated functions. That cleanup belongs in another pull request.
+
+### Write a good commit message
+
+- Make sure your commit message passes the [conventional commit standards](https://www.conventionalcommits.org/en/v1.0.0/)
+- Explain why you make the changes. [More info about a good commit message.](https://betterprogramming.pub/stop-writing-bad-commit-messages-8df79517177d)
+- If you fix an issue with your commit, please close the issue by [adding one of the keywords and the issue number](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) to your commit message.
+
+  For example: `Fix #545` or `Closes #10`
+
+## How to set up your Contributor Environment
+
+1. Create a GitHub account. Multiple different GitHub subscription plans are available, but you only need a free one. Follow [these steps](https://help.github.com/en/articles/signing-up-for-a-new-github-account "Signing up for a new GitHub account") to set up your account.
+2. Fork the repository. Creating a fork means creating a copy of the repository on your own account, which you can modify without any impact on this repository. GitHub has an [article that describes all the needed steps](https://help.github.com/en/articles/fork-a-repo "Fork a repo").
+3. Clone your own repository to your host computer so that you can make modifications. If you followed the GitHub tutorial from step 2, you have already done this.
+4. Go to the newly cloned directory "wrongsecrets" and add the remote upstream repository:
+
+   ```bash
+   $ git remote -v
+   origin [email protected]:<your Github handle>/wrongsecrets-ctf-party.git (fetch)
+   origin [email protected]:<your Github handle>/wrongsecrets-ctf-party.git (push)
+
+   $ git remote add upstream [email protected]:OWASP/wrongsecrets-ctf-party.git
+
+   $ git remote -v
+   origin [email protected]:<your Github handle>/wrongsecrets-ctf-party.git (fetch)
+   origin [email protected]:<your Github handle>/wrongsecrets-ctf-party.git (push)
+   upstream [email protected]:OWASP/wrongsecrets-ctf-party.git (fetch)
+   upstream [email protected]:OWASP/wrongsecrets-ctf-party.git (push)
+   ```
+
+   See also the GitHub documentation on "[Configuring a remote for a fork](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/configuring-a-remote-for-a-fork "Configuring a remote for a fork")".
+
+5. Choose what to work on, based on any of the outstanding [issues](https://github.com/OWASP/wrongsecrets-ctf-party/issues "WrongSecrets CTF Party Issues").
+6. Create a branch so that you can cleanly work on the chosen issue: `git checkout -b fix/Issue66`
+7. Open your favorite editor and start making modifications. We recommend using the [IntelliJ Idea](https://www.jetbrains.com/idea/).
+8. Install [pre-commit](https://pre-commit.com/#install) the dependencies for our pre-commit configuration to make sure your code complies with standards used in the project. This requires terraform, [terraform-docs](https://github.com/terraform-docs/terraform-docs#installation), [tflint](https://github.com/terraform-linters/tflint#installation), and [commitlint](https://commitlint.js.org/#/guides-local-setup). For commitlint, you need [NodeJS](https://nodejs.org/en/download/) installed, after which you you can use `npm install` in the root folder of this project.
+9. Install the pre-commit hook using `pre-commit install --hook-type commit-msg`. We recommend to run `pre-commit run -a` every so often if you're working on a bigger change.
+10. After your modifications are done, push them to your forked repository. This can be done by executing the command `git add MYFILE` for every file you have modified, followed by `git commit -m 'your commit message here'` to commit the modifications and `git push` to push your modifications to GitHub.
+11. Create a Pull Request (PR) by going to your fork, <https://github.com/Your_Github_Handle/wrongsecrets> and click on the "New Pull Request" button. The target branch should typically be the main branch. When submitting a PR, be sure to follow the checklist that is provided in the PR template. The checklist itself will be filled out by the reviewer.
+12. If something in your git workflow went wrong (and e.g., the precommit hook CI run failed), check out ["O Shit, Git!?!"](https://ohshitgit.com/) to view tips on editing your historical commit message(s), among others.
+13. Your PR will be reviewed and comments may be given. In order to process a comment, simply make modifications to the same branch as before and push them to your repository. GitHub will automatically detect these changes and add them to your existing PR.
+14. When starting on a new PR in the future, make sure to always keep your local repo up to date:
+
+    ```bash
+    git fetch upstream
+    git merge upstream/develop
+    ```
+
+    See also the following article for further explanation on "[How to Keep a Downstream git Repository Current with Upstream Repository Changes](https://medium.com/sweetmeat/how-to-keep-a-downstream-git-repository-current-with-upstream-repository-changes-10b76fad6d97 "How to Keep a Downstream git Repository Current with Upstream Repository Changes")".
+
+If at any time you want to work on a different issue, you can simply switch to a different branch, as explained in step 5.
+
+> Tip: Don't try to work on too many issues at once though, as it will be a lot more difficult to merge branches the longer they are open.
+
+## What not to do
+
+Although we greatly appreciate any and all contributions to the project, there are a few things that you should take into consideration:
+
+- The Wrongsecrets project should not be used as a platform for advertisement for commercial tools, companies or individuals. Write-ups should be written with free and open-source tools in mind and commercial tools are typically not accepted, unless as a reference in the security tools section.
+- Unnecessary self-promotion of tools or blog posts is frowned upon. If you have a relation with on of the URLs or tools you are referencing, please state so in the PR so that we can verify that the reference is in line with the rest of the guide.
+
+Please be sure to take a careful look at our [Code of Conduct](https://github.com/OWASP/wrongsecrets-ctf-party/blob/main/CODE_OF_CONDUCT.md) for all the details.

PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+Thank you for submitting a pull request to the WrongSecrets Party!
+
+What kind of changes does this PR include?
+
+-   [ ] Fixes or refactors
+-   [ ] Platform support
+-   [ ] A new feature
+-   [ ] Additional documentation
+-   [ ] Something else
+
+Checklist:
+
+-   [ ] All the contributions made are solely the work of me and my co-authors
+-   [ ] I tested the changes in this PR (if applicable)
+-   [ ] I added tests to ensure my change works (if applicable)
+-   [ ] The PR passes pre-commit hooks and automated tests

aws/README.md

@@ -135,19 +135,19 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.48.0 |
-| <a name="provider_http"></a> [http](#provider\_http) | 3.2.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.1 |
+| <a name="provider_http"></a> [http](#provider\_http) | ~> 3.1 |
+| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_cluster_autoscaler_irsa_role"></a> [cluster\_autoscaler\_irsa\_role](#module\_cluster\_autoscaler\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.9.0 |
 | <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.9.0 |
-| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.4.2 |
+| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.7.0 |
 | <a name="module_load_balancer_controller_irsa_role"></a> [load\_balancer\_controller\_irsa\_role](#module\_load\_balancer\_controller\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.9.0 |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.18.1 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.19.0 |
 
 ## Resources
 

aws/shared-state/README.md

@@ -13,7 +13,7 @@ The documentation below is auto-generated to give insight on what's created via
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.48.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.0 |
 
 ## Modules
 

commitlint.config.js

@@ -0,0 +1,6 @@
+// commitlint.config.js
+module.exports = {
+  extends: [
+    "@commitlint/config-conventional", // scoped packages are not prefixed
+  ],
+};