docs: Tweak community files

Author: alessfg

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -19,7 +19,7 @@ body:
     attributes:
       label: Bug Overview
       description: A clear and concise overview of the bug.
-      placeholder: When I do "X", "Y" happens instead of "Z".
+      placeholder: When I do "X" with the NGINX unprivileged Docker image, "Y" happens instead of "Z".
     validations:
       required: true
 
@@ -28,7 +28,7 @@ body:
     attributes:
       label: Expected Behavior
       description: A clear and concise description of what you expected to happen.
-      placeholder: When I do "X", I expect "Z" to happen.
+      placeholder: When I do "X" with the NGINX unprivileged Docker image, I expect "Z" to happen.
     validations:
       required: true
 
@@ -37,7 +37,7 @@ body:
     attributes:
       label: Steps to Reproduce the Bug
       description: Detail the series of steps required to reproduce the bug. Deploy NGINX Unprivileged Docker image, View output/logs/configuration on '...', See error.
-      placeholder: When I run "X" using [...], "X" fails with "Y" error message. If I check the terminal outputs and/or logs, I see the following info.
+      placeholder: When I run the NGINX Docker unprivileged image using [...], the image fails with an error message. If I check the terminal outputs and/or logs, I see the following error info.
     validations:
       required: true
 
@@ -47,9 +47,10 @@ body:
       label: Environment Details
       description: Please provide details about your environment.
       value: |
-        - Version of Docker and method of installation (e.g. Docker Desktop / Docker Server)
-        - Version/tag of the NGINX Unprivileged Docker image (e.g. `nginxinc/nginx-unprivileged:alpine`)
-        - Target deployment environment/platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...)
+        - Version of Docker and method of installation: [e.g. Docker Desktop / Docker Server]
+        - Version/tag of the NGINX Docker unprivileged image or specific commit: [e.g. 1.4.3/commit hash]
+        - Target deployment platform: [e.g. OpenShift/Kubernetes/Docker Compose/local cluster/etc...]
+        - Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...]
     validations:
       required: true
 

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -22,7 +22,7 @@ body:
     attributes:
       label: Feature Overview
       description: A clear and concise description of what the feature request is.
-      placeholder: I would like this project to be able to do "X".
+      placeholder: I would like the NGINX Docker unprivileged image to be able to do "X".
     validations:
       required: true
 
@@ -31,7 +31,7 @@ body:
     attributes:
       label: Alternatives Considered
       description: Detail any potential alternative solutions/workarounds you've used or considered.
-      placeholder: I have done/might be able to do "X" in this project by doing "Y".
+      placeholder: I have done/might be able to do "X" using the NGINX Docker unprivileged image by doing "Y".
 
   - type: textarea
     id: context

.github/scorecard.yml

@@ -1,10 +1,7 @@
 ---
 annotations:
   - checks:
-      - contributors
       - fuzzing
-      - packaging
       - sast
-      - signed-releases
     reasons:
       - reason: not-applicable

.github/workflows/ossf_scorecard.yml

@@ -8,7 +8,7 @@ on:
   schedule:
     - cron: "0 0 * * 1"
   push:
-    branches: [main, master]
+    branches: [main]
   workflow_dispatch:
 # Declare default permissions as read only.
 permissions: read-all
@@ -23,12 +23,6 @@ jobs:
       security-events: write
       # Needed for GitHub OIDC token if publish_results is true.
       id-token: write
-      # Uncomment the permissions below if you are using the OSSF Scorecard on a private repository.
-      # contents: read
-      # actions: read
-      # issues: read # To allow GraphQL ListCommits to work
-      # pull-requests: read # To allow GraphQL ListCommits to work
-      # checks: read # To detect SAST tools
     steps:
       - name: Check out the codebase
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -40,12 +34,7 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-          # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if you want to enable the Branch-Protection or Webhooks check on a *private* repository.
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
           # Publish the results for public repositories to enable scorecard badges. For more details, see https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless of the value entered here.
           publish_results: true
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF format to the repository Actions tab.

CONTRIBUTING.md

@@ -1,29 +1,16 @@
 # Contributing Guidelines
 
-The following is a set of guidelines for contributing to the Docker Unprivileged NGINX image. We really appreciate that you are considering contributing!
+The following is a set of guidelines for contributing to the NGINX Docker unprivileged image. We really appreciate that you are considering contributing!
 
 #### Table Of Contents
 
 - [Getting Started](#getting-started)
 - [Contributing](#contributing)
 - [Code Guidelines](#code-guidelines)
-- [Docker NGINX Unprivileged Guidelines](#docker-nginx-unprivileged-guidelines)
-- [Git Guidelines](#git-guidelines)
-- [Code of Conduct](/CODE_OF_CONDUCT.md)
 
 ## Getting Started
 
-Follow the instructions on the README's [Getting Started](/README.md#Getting-Started) section to get this project up and running.
-
-<!-- ### Project Structure (OPTIONAL) -->
-## Ask a Question
-
-Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
-
-### Project Overview
-
-- The Docker Unprivileged NGINX repository is a mirror image of the [Docker NGINX image](https://github.com/nginxinc/docker-nginx). Changes have been made in order to support running NGINX in an unprivileged environment.
-- New Docker Unprivileged NGINX images are built on a weekly basis using GitHub actions.
+Look at the upstream Docker image [how to use this image guide](https://hub.docker.com/_/nginx/) to get the NGINX Docker unprivileged image up and running.
 
 ## Contributing
 
@@ -39,6 +26,10 @@ To suggest a feature or enhancement, please create an issue on GitHub with the l
 
 - Fork the repo, create a branch, implement your changes, test that the corresponding Docker images can be built and run as intended, and submit a PR when your changes are **tested** and ready for review.
 - Fill in the [PR template](/.github/pull_request_template.md).
+- This repository is a mirror image of the upstream [NGINX Docker image](https://github.com/nginxinc/docker-nginx) with minor changes in order to support running NGINX in an unprivileged environment. As such only two types of PRs will be considered:
+
+  1. PRs that incorporate changes made to the upstream image that have not yet been ported to this image (e.g. there's a new NGINX release).
+  2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify to the UID/GID of the image user).
 
 **Note:** If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/ISSUE_TEMPLATE/feature_request.yml) first to start a discussion about the feature.
 
@@ -50,12 +41,11 @@ If you have not yet agreed to the F5 CLA terms and submit a PR to this repositor
 
 ## Code Guidelines
 
-### Docker NGINX Unprivileged Guidelines
-
-Given this repository is a mirror image of the upstream [Docker NGINX image](https://github.com/nginxinc/docker-nginx), only two types of PRs will be considered:
+### Docker Guidelines
 
-1. PRs that incorporate changes made to upstream images (e.g. there's a new NGINX release).
-2. PRs that add a critical feature or a nice-to-have enhancement for running these images on an unprivileged environment (e.g. allowing users specify to the UID/GID of the image user).
+- Update any entrypoint scripts via the the scripts contained in the [`/entrypoint`](/entrypoint) directory.
+- Update any Dockerfiles via the Dockerfile templates in the root directory (e.g. [`Dockerfile-alpine.template`](/Dockerfile-alpine.template)).
+- Run the [`./update.sh`](/update.sh) script to apply all entrypoint/Dockerfile template changes to the relevant image entrypoints & Dockerfiles.
 
 ### Git Guidelines
 

README.md

@@ -1,4 +1,4 @@
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/nginx/template-repository/badge)](https://securityscorecards.dev/viewer/?uri=github.com/nginx/template-repository)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/nginx/docker-nginx-unprivileged/badge)](https://securityscorecards.dev/viewer/?uri=github.com/nginx/docker-nginx-unprivileged)
 [![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
 [![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](/SUPPORT.md)
 [![Community Forum](https://img.shields.io/badge/community-forum-009639?logo=discourse&link=https%3A%2F%2Fcommunity.nginx.org)](https://community.nginx.org)
@@ -56,7 +56,7 @@ Most images are built for the `amd64`, `arm32v5` (for Debian), `arm32v6` (for Al
     }
     ```
 
-## On Reporting Issues
+## On Reporting Issues and Opening PRs
 
 Whilst issues and PRs are welcome, please do note that:
 
@@ -72,4 +72,4 @@ Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to b
 
 [Apache License, Version 2.0](/LICENSE)
 
-© [F5, Inc.](https://www.f5.com/) 2018-2025
+© [F5, Inc.](https://www.f5.com/) 2018 - 2025

SECURITY.md

@@ -2,15 +2,20 @@
 
 ## Latest Versions
 
-We advise users to run or update to the most recent release of this project. Older versions of this project may not have all enhancements and/or bug fixes applied to them.
+We advise users to run or update to the most recent release of the NGINX Docker unprivileged image. Older versions of the NGINX Docker unprivileged image may not have all enhancements and/or bug fixes applied to them.
 
 ## Reporting a Vulnerability
 
 The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities:
 
-### Docker NGINX Unprivileged Image
+- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support).
+- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at <[email protected]>.
+
+For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability).
 
-If you find a security vulnerability that directly affects a direct NGINX library dependency we encourage you open an issue detailing the security vulnerability.
+## CVEs to be considered
+
+If you find a security vulnerability that directly affects a direct NGINX library dependency we encourage you open an issue detailing the security vulnerability. ***Only vulnerabilities related to to direct NGINX library dependencies will be considered. Other security vulnerabilities will be addressed by the weekly Monday night build and as such will be ignored/promptly closed.***
 
 For reference, the direct NGINX library dependencies are:
 
@@ -27,14 +32,3 @@ For reference, the direct NGINX library dependencies are:
   - `libpcre2`
   - `libssl`
   - `libz`
-
-***Note: Only vulnerabilities related to direct NGINX library dependencies will be considered. Other security vulnerabilities should be addressed by the weekly Monday night build and as such will be promptly closed.***
-
-### Codebase
-
-If you find a security vulnerability that affects the codebase, we encourage you to report it to the F5 Security Incident Response Team (F5 SIRT):
-
-- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support).
-- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at <[email protected]>.
-
-For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability).

SUPPORT.md

@@ -26,12 +26,12 @@ Want to get in touch with the NGINX development team directly? Try using the rel
 
 ## Contributing
 
-Please see the [contributing guide](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project.
+Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to best contribute to this project.
 
 ## Commercial Support
 
-Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info!
+Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.f5.com/products/get-f5/) or check your contract details for more info!
 
 ## Community Support
 
-This project does **not** offer commercial support. Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities.
+Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities.