diff --git a/.github/license-reminder.md b/.github/license-reminder.md deleted file mode 100644 index 6fb1c3a3..00000000 --- a/.github/license-reminder.md +++ /dev/null @@ -1,3 +0,0 @@ -It's a new year! 🎉 🎆 -Please update the LICENSE file to include the current year (e.g., 2025). -This helps keep the copyright notice accurate. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 43a37033..dc222018 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,58 +1,95 @@ -## Pull request type - +# Pull request type +**🚨 Jekyll Precheck Verify blog(s), page(s) before merge 🚨** +- [ ] title +- [ ] tags +- [ ] categories +- [ ] date + + +Pull Request/Issue Number: N/A + Please check the type of change your PR introduces: -- [ ] New blog post -- [ ] Bugfix +- [ ] New blog post(s) +- [ ] Bugfix(es) +- [ ] Code change(s) - [ ] Jekyll change(s) - [ ] Liquid change(s) - [ ] Markdown change(s) - [ ] YAML change(s) - [ ] Build error(s) -- [ ] Feature +- [ ] Feature(s) - [ ] Code style update (formatting, renaming) - [ ] Refactoring (no functional changes, no api changes) -- [ ] Build related changes -- [ ] Documentation content changes +- [ ] Build related change(s) +- [ ] Documentation content change(s) - [ ] Other (please describe): -## Language +## Language(s) +- [ ] Assembler - [ ] awk - [ ] C/C++/C# +- [ ] HTML +- [ ] Javascript +- [ ] Jekyll +- [ ] Liquid +- [ ] Markdown - [ ] Ruby -- [ ] Python - -## Files added - -- +- [ ] Python +- [ ] YAML -## Files modified +## Operating System(s) -- - -## Files deleted - -- +- [ ] Linux +- [ ] Unix +- [ ] Solaris +- [ ] Windows ## What is the current behavior? - -Issue Number: N/A +- ## What is the new behavior? - - + +## Files Added + - + +## Files Modified + +- + +## Files Deleted + - ## Other information + + +- - \ No newline at end of file +## Hardware + +- [ ] ARM +- [ ] DEC PDP-8 +- [ ] DEC PDP-11 +- [ ] DEC VAX +- [ ] DEC VAXStation +- [ ] Intel 8080 +- [ ] Intel Core +- [ ] Motorola 68000 +- [ ] Raspberry Pi +- [ ] RISC/V +- [ ] Sun SPARCStation \ No newline at end of file diff --git a/.github/quarterlyRelease.md b/.github/quarterlyRelease.md deleted file mode 100644 index 1ba6229e..00000000 --- a/.github/quarterlyRelease.md +++ /dev/null @@ -1 +0,0 @@ -Create a quarterly release \ No newline at end of file diff --git a/.github/workflows/GitHubActionPermissions.md b/.github/workflows/GitHubActionPermissions.md new file mode 100644 index 00000000..6a495a3c --- /dev/null +++ b/.github/workflows/GitHubActionPermissions.md @@ -0,0 +1,12 @@ +permissions: + actions: read|write|none + checks: read|write|none + contents: read|write|none + deployments: read|write|none + issues: read|write|none + packages: read|write|none + pull-requests: read|write|none + repository-projects: read|write|none + security-events: read|write|none + statuses: read|write|none + \ No newline at end of file diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f44682e7..e6724abe 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -15,11 +15,11 @@ jobs: runs-on: "ubuntu-latest" strategy: matrix: - jekyll: ["~> 4.3.4"] + jekyll: ["~> 4.3.4", "~>4.4.1"] env: JEKYLL_VERSION: ${{ matrix.jekyll }} steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -27,9 +27,9 @@ jobs: - name: Checkout Repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set Up Ruby 3.4.7 - uses: ruby/setup-ruby@ae195bbe749a7cef685ac729197124a48305c1cb # v1.276.0 + uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 with: ruby-version: 3.4.7 bundler-cache: true - - name: Run tests - run: script/cibuild + # - name: Run tests + # run: script/cibuild \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bc82a95a..68c60919 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,92 +9,70 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # -name: "CodeQL Advanced" +name: "CodeQL" on: push: - branches: [ "main", "main*" ] + branches: ["main"] pull_request: - branches: [ "main", "main*" ] + # The branches below must be a subset of the branches above + branches: ["main"] schedule: - - cron: '43 4 * * 3' + - cron: "0 0 * * 1" permissions: contents: read jobs: analyze: - name: Analyze (${{ matrix.language }}) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + name: Analyze + runs-on: ubuntu-latest permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories actions: read contents: read + security-events: write strategy: fail-fast: false matrix: - include: - - language: ruby - build-mode: none - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + language: ["ruby"] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + steps: - - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 - with: - egress-policy: audit + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + with: + egress-policy: audit + + - name: Checkout repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - run: | - echo 'If you are using a "manual" build mode for one or more of the' \ - 'languages you are analyzing, replace this with the commands to build' \ - 'your code, for example:' - echo ' make bootstrap' - echo ' make release' - exit 1 + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + with: + category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/dependabot.txt b/.github/workflows/dependabot.txt new file mode 100644 index 00000000..28985a91 --- /dev/null +++ b/.github/workflows/dependabot.txt @@ -0,0 +1,35 @@ +# Basic `dependabot.yml` file with +# minimum configuration for two package managers + +version: 2 +updates: +permissions: + contents: write + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates every day (weekdays) + schedule: + interval: "daily" + commit-message: + prefix: "[info](sec) npm:" + + # Enable version updates for Ruby + - package-ecosystem: "bundler" + # Look for `Ruby Gems` in the following directories + directories: + - "/" + # - "_plugins" + # Check for updates once a week + schedule: + interval: "daily" + commit-message: + prefix: "[info](sec) bundler:" + + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily +commit-message: + prefix: "[info](sec) gh-actions:" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index fb1ffe6c..bafd3cb5 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -2,15 +2,26 @@ # # This Action will scan dependency manifest files that change as part of a Pull Request, # surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. +# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable +# packages will be blocked from merging. # # Source repository: https://github.com/actions/dependency-review-action -name: 'dependency – Dependency Review' -on: [pull_request] +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency review' +on: + pull_request: + branches: [ "main", "main*" ] +# If using a dependency submission action in this workflow this permission will need to be set to: +# +# permissions: +# contents: write +# +# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api permissions: contents: read + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option + pull-requests: write jobs: dependency-review: @@ -21,7 +32,13 @@ jobs: with: egress-policy: audit - - name: 'Checkout Repository' + - name: 'Checkout repository' uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: 'Dependency Review' uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 + # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. + with: + comment-summary-in-pr: always + # fail-on-severity: moderate + # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later + # retry-on-snapshot-warnings: true \ No newline at end of file diff --git a/.github/workflows/issueQuarterlyRelease.yml b/.github/workflows/issueQuarterlyRelease.yml index 4fce4f7a..3a7fbe33 100644 --- a/.github/workflows/issueQuarterlyRelease.yml +++ b/.github/workflows/issueQuarterlyRelease.yml @@ -7,13 +7,15 @@ on: - cron: 30 5 31 12 * #workflow_dispatch: -permissions: read-all +permissions: + contents: read jobs: create-issue: runs-on: ubuntu-latest permissions: issues: write + steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 @@ -21,11 +23,25 @@ jobs: egress-policy: audit - name: Create Quarterly Release - uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6.0.0 - with: - title: "Issue Quarterly Release" - content-filepath: .github/quarterlyRelease.md - assignees: RalphHightower - labels: | - maintenance - license \ No newline at end of file + run: | + new_issue_url=$(gh issue create \ + --title "$TITLE" \ + --assignee "$ASSIGNEES" \ + --label "$LABELS" \ + --body "$BODY") + if [[ $PINNED == true ]]; then + gh issue pin "$new_issue_url" + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + TITLE: "Maintenance: Quarterly Release" + ASSIGNEES: "RalphHightower" + LABELS: "maintenance,release – minor" + BODY: | + # Quarterly Release + + - [ ] Create Quarterly Release. + + PINNED: false + CLOSE_PREVIOUS: false \ No newline at end of file diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index d14ddd15..95ab7f7c 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -31,7 +31,7 @@ jobs: build: runs-on: ubuntu-22.04 steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -39,11 +39,11 @@ jobs: - name: Checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Ruby - uses: ruby/setup-ruby@ae195bbe749a7cef685ac729197124a48305c1cb # v1.276.0 + uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 with: ruby-version: '3.4.7' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically - cache-version: 1 # Increment this number if you need to re-download cached gems + cache-version: 5 # Increment this number if you need to re-download cached gems - name: Setup Pages id: pages uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 @@ -66,11 +66,11 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 \ No newline at end of file diff --git a/.github/workflows/newYearUpdateCopyright.yml b/.github/workflows/newYearUpdateCopyright.yml index f8562bb9..cf4bc6eb 100644 --- a/.github/workflows/newYearUpdateCopyright.yml +++ b/.github/workflows/newYearUpdateCopyright.yml @@ -1,29 +1,40 @@ -name: newYearUpdateCopyright.yml – New Year LICENSE Reminder - +name: Create Issue to Update Year In Relevant Files +# developer: @RalphHightower on: schedule: - - cron: '0 5 1 1 *' # Midnight EST on Jan 1 America/New_York + - cron: "0 5 1 1 *" # America/New_York (UTC-5:00) #workflow_dispatch: -permissions: read-all - +permissions: + contents: read + jobs: - create-issue: + create_issue: + name: Create issue to update copyright year runs-on: ubuntu-latest permissions: issues: write steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 - with: - egress-policy: audit + - name: Happy New Year! + run: | + new_issue_url=$(gh issue create \ + --title "$TITLE" \ + --assignee "$ASSIGNEES" \ + --label "$LABELS" \ + --body "$BODY") + if [[ $PINNED == true ]]; then + gh issue pin "$new_issue_url" + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + TITLE: Happy New Year! 🎆 – 🍾 Update License Year + ASSIGNEES: RalphHightower + LABELS: "maintenance" + BODY: | + # New Year's Maintenance + + - [ ] Update LICENSE. Add new year to year's span. - - name: Create LICENSE update issue - uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6.0.0 - with: - title: "Update LICENSE for the new year" - content-filepath: .github/license-reminder.md - assignees: RalphHightower - labels: | - maintenance - license \ No newline at end of file + PINNED: false + CLOSE_PREVIOUS: false \ No newline at end of file diff --git a/.github/workflows/permission_advisor.yml b/.github/workflows/permission_advisor.yml index fee36ebd..d1a47f04 100644 --- a/.github/workflows/permission_advisor.yml +++ b/.github/workflows/permission_advisor.yml @@ -21,7 +21,7 @@ jobs: advisor: runs-on: ubuntu-latest steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -29,4 +29,4 @@ jobs: - uses: GitHubSecurityLab/actions-permissions/advisor@babd69bc8d78e6cdece903dfdcfb72d4e1a4f00d # v1.0.2-beta5 with: name: ${{ inputs.name }} - count: ${{ inputs.count }} + count: ${{ inputs.count }} \ No newline at end of file diff --git a/.github/workflows/readme-checker.yml b/.github/workflows/readme-checker.yml index f54635c0..f0fc8d01 100644 --- a/.github/workflows/readme-checker.yml +++ b/.github/workflows/readme-checker.yml @@ -8,7 +8,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -22,3 +22,4 @@ jobs: *.md **/*.md !test/*.md + !_data/*.md \ No newline at end of file diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 879a13df..14672297 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -39,4 +39,4 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} # this is a built-in strategy in release-please, see "Action Inputs" # for more options - release-type: simple + release-type: simple \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fdb4b33f..4480df3f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,9 +16,9 @@ jobs: pull-requests: write # to be able to comment on released pull requests id-token: write # to enable use of OIDC for npm provenance name: release - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -32,8 +32,7 @@ jobs: - run: corepack npm audit signatures # pinned version updated automatically by Renovate. # details at https://semantic-release.gitbook.io/semantic-release/usage/installation#global-installation - - run: npx semantic-release@v24.2.0 + - run: npx semantic-release@v24.2.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN}} - + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f9a38c7d..9b9037d4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,41 +1,78 @@ -name: scorecard.yml — OpenSSF Scorecard -"on": +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: scorecard.yml – Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: 31 2 * * 1 + - cron: '18 23 * * 6' push: - branches: - - main + branches: [ "main" ] + +# Declare default permissions as read only. permissions: read-all + jobs: analysis: name: Scorecard analysis runs-on: ubuntu-latest permissions: + # Needed to upload the results to code-scanning dashboard. security-events: write + # Needed to publish results and get a badge (see publish_results below). id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - name: Checkout code + - name: "Checkout code" uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - name: Run analysis + + - name: "Run analysis" uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. publish_results: true - - name: Upload artifact + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif retention-days: 5 - - name: Upload to code-scanning + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 620e75d7..d7392934 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -16,7 +16,7 @@ # under the License. -name: symantic-release.yml – Semantic Pull Request +name: Semantic Pull Request on: pull_request: @@ -125,4 +125,4 @@ jobs: # # [fix][test] flaky test V1_ProxyAuthenticationTest.anonymousSocketTest headerPattern: '^\[(\w*?)\](?:\[(.*?)\])?(?:\s*)(.*)$' - headerPatternCorrespondence: type, scope, subject + headerPatternCorrespondence: type, scope, subject \ No newline at end of file diff --git a/.github/workflows/stale-branches.yml b/.github/workflows/stale-branches.yml index 1b3f35a2..5a835612 100644 --- a/.github/workflows/stale-branches.yml +++ b/.github/workflows/stale-branches.yml @@ -37,4 +37,4 @@ jobs: # include-protected-branches: false # include-ruleset-branches: false # ignore-commit-messages: '' - # ignore-committers: '' + # ignore-committers: '' \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 99615d33..eb03cbef 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,15 +34,15 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: git config --global user.name github-actions - run: git config --global user.email github-actions@github.com - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: ${{ matrix.node-version }} cache: npm @@ -56,17 +56,17 @@ jobs: timeout-minutes: 5 steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - name: Harden Runner + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - name: Test - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: git config --global user.name github-actions - run: git config --global user.email github-actions@github.com - name: Use Node.js from .nvmrc - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version-file: .nvmrc cache: npm @@ -83,8 +83,8 @@ jobs: - test_matrix if: ${{ !cancelled() }} steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - name: Harden Runner + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/updateLabels.yml b/.github/workflows/updateLabels.yml new file mode 100644 index 00000000..5b95bf3a --- /dev/null +++ b/.github/workflows/updateLabels.yml @@ -0,0 +1,9 @@ +name: updateLabels.yml – Write labels to a file when there is a change in [a] label(s) + +permissions: + contents: read + +on: + label: + types: [created, edited, deleted] + workflow_dispatch: \ No newline at end of file diff --git a/.github/workflows/workflows.md b/.github/workflows/workflows.md index 4f5f310f..735fbffe 100644 --- a/.github/workflows/workflows.md +++ b/.github/workflows/workflows.md @@ -1,23 +1,29 @@ +--- +layout: page +title: GitHub Workflows +--- + +## Revision Date: 2025-03-06 10:39 AM + | action | date | github | |---|---|---| -| DavidAnson/markdownlint-cli2-action@v18.0.0 | Nov 14, 2024 |[DavidAnson/markdownlint-cli2-action: A GitHub Action to run the markdownlint-cli2 tool for linting Markdown/CommonMark files with the markdownlint library](https://github.com/DavidAnson/markdownlint-cli2-action) | -| GitHubSecurityLab/actions-permissions/advisor@v1.0.2-beta4 | Nov 22, 2024 | [GitHubSecurityLab/actions-permissions: GitHub token permissions Monitor and Advisor actions](https://github.com/GitHubSecurityLab/actions-permissions) | -| actions/checkout@v4.2.2 | Oct 23, 2024 | [actions/checkout: Action for checking out a repo](https://github.com/actions/checkout) | +| DavidAnson/markdownlint-cli2-action@v20.0.0 | May 15, 2025 | [DavidAnson/markdownlint-cli2-action: A GitHub Action to run the markdownlint-cli2 tool for linting Markdown/CommonMark files with the markdownlint library](https://github.com/DavidAnson/markdownlint-cli2-action) | +| GitHubSecurityLab/actions-permissions/advisor@v1.0.2-beta7 | Sep 24, 2025 | [GitHubSecurityLab/actions-permissions: GitHub token permissions Monitor and Advisor actions](https://github.com/GitHubSecurityLab/actions-permissions) | +| actions/checkout@v5.0.0 | Aug 11, 2025 | [actions/checkout: Action for checking out a repo](https://github.com/actions/checkout) | | actions/configure-pages@v5.0.0 | Mar 29, 2024 | [actions/configure-pages: An action to enable Pages and extract various metadata about a site. It can also be used to configure various static site generators we support as starter workflows.](https://github.com/actions/configure-pages) | -| actions/dependency-review-action@v4.5.0 | Nov 20, 2024 | [actions/dependency-review-action: A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs](https://github.com/actions/dependency-review-action) | +| actions/dependency-review-action@v4.8.0 | Sep 26, 2025 | [actions/dependency-review-action: A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs](https://github.com/actions/dependency-review-action) | | actions/deploy-pages@4.0.5 | Mar 18, 2024 | [actions/deploy-pages: GitHub Action to publish artifacts to GitHub Pages for deployments](https://github.com/actions/deploy-pages) | | actions/jekyll-build-pages@v1.0.13 | Aug 6, 2024 | [actions/jekyll-build-pages: A simple GitHub Action for producing Jekyll build artifacts compatible with GitHub Pages.](https://github.com/actions/jekyll-build-pages) | -| actions/setup-node@v4.1.0 | Oct 24, 2024 | [actions/setup-node: Set up your GitHub Actions workflow with a specific version of node.js](https://github.com/actions/setup-node) | -| actions/upload-artifact@v4.4.3 | Oct 9, 2024 14 | [actions/upload-artifact](https://github.com/actions/upload-artifact) | -| actions/upload-pages-artifact@v3.0.1 | Feb 7, 2024 | [actions/upload-pages-artifact: A composite action for packaging and uploading an artifact that can be deployed to GitHub Pages.](https://github.com/actions/upload-pages-artifact) | -| amannn/action-semantic-pull-request@v5.5.3 | Jun 28, 2024 | [amannn/action-semantic-pull-request: A GitHub Action that ensures that your PR title matches the Conventional Commits spec](https://github.com/amannn/action-semantic-pull-request) | -| github/codeql-action/analyze@v2.19.4 | Dec 2, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| github/codeql-action/autobuild@v2.19.4 | Dec 2, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| github/codeql-action/init@v2.19.4 | Dec 2, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| github/codeql-action/upload-sarif@v2.19.4 | Dec 2, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| googleapis/release-please-action@4.1.3 | Jun 10, 2024 | [googleapis/release-please-action: automated releases based on conventional commits](https://github.com/googleapis/release-please-action) -| googleapis/release-please@v16.15.0 | Dec 2, 2024 | [googleapis/release-please: generate release PRs based on the conventionalcommits.org spec](https://github.com/googleapis/release-please) | +| actions/setup-node@v5.0.0 | Sep 3, 2025 | [actions/setup-node: Set up your GitHub Actions workflow with a specific version of node.js](https://github.com/actions/setup-node) | +| actions/upload-artifact@v4.6.2 | Mar 19, 2025 | [actions/upload-artifact](https://github.com/actions/upload-artifact) | +| actions/upload-pages-artifact@v4.0.0 | Aug 14, 2025 | [actions/upload-pages-artifact: A composite action for packaging and uploading an artifact that can be deployed to GitHub Pages.](https://github.com/actions/upload-pages-artifact) | +| amannn/action-semantic-pull-request@v6.1.1 | Aug 22, 2025 | [amannn/action-semantic-pull-request: A GitHub Action that ensures that your PR title matches the Conventional Commits spec](https://github.com/amannn/action-semantic-pull-request) | +| github/codeql-action/analyze@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| github/codeql-action/autobuild@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| github/codeql-action/init@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| github/codeql-action/upload-sarif@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| googleapis/release-please-action@v4.3.0 | **Aug 30, 2025** | [googleapis/release-please-action: automated releases based on conventional commits](https://github.com/googleapis/release-please-action) | lowlighter/metrics@3.34 | Sep 12, 2023 | [lowlighter/metrics: 📊 An infographics generator with 30+ plugins and 300+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON!](https://github.com/lowlighter/metrics) | -| ossf/scorecard-action@v2.4.0 | Jul 26, 2024 | [ossf/scorecard-action: Official GitHub Action for OpenSSF Scorecard.](https://github.com/ossf/scorecard-action) | -| ruby/setup-ruby@v1.203.0 | Dec 6, 2024 | [ruby/setup-ruby: An action to download a prebuilt Ruby and add it to the PATH in 5 seconds](https://github.com/ruby/setup-ruby) | -| step-security/harden-runner@v2.10.2 | Nov 18, 2024 | [step-security/harden-runner: Network egress filtering and runtime security for GitHub-hosted and self-hosted runners](https://github.com/step-security/harden-runner) | +| ossf/scorecard-action@v2.4.2 | May 30, 2025 | [ossf/scorecard-action: Official GitHub Action for OpenSSF Scorecard.](https://github.com/ossf/scorecard-action) | +| ruby/setup-ruby@v1.263.0 | Sep 22, 2025 | [ruby/setup-ruby: An action to download a prebuilt Ruby and add it to the PATH in 5 seconds](https://github.com/ruby/setup-ruby) | +| step-security/harden-runner@v2.13.1 | Sep 9, 2025 | [step-security/harden-runner: Network egress filtering and runtime security for GitHub-hosted and self-hosted runners](https://github.com/step-security/harden-runner) | diff --git a/LICENSE b/LICENSE index 0d604a04..bba83b59 100644 --- a/LICENSE +++ b/LICENSE @@ -187,7 +187,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016-2025 Ralph M. Hightower, Jr. + Copyright 2016-2026 Ralph M. Hightower, Jr. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.