From b961e2951d34514f47efca1eacf834fbc64eb974 Mon Sep 17 00:00:00 2001 From: David Walter Date: Thu, 28 May 2026 09:12:46 +0200 Subject: [PATCH] =?UTF-8?q?docs(ospo):=20community=20health=20rollout=20v2?= =?UTF-8?q?=20=E2=80=94=20README,=20agents.md,=20health=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduced by the Kiteworks Open Source Program Office (OSPO) on May 5, 2026. Changes: - README.md: rewritten with OSPO v2 template — license-specific migration guidance, Community & Support section, Contributing workflow, Security section pointing to security.owncloud.com + YesWeHack bug bounty - agents.md: AI agent context file with architecture, build commands, and OSPO Policy Constraints (GitHub Actions, Dependabot, Git Workflow) - CODE_OF_CONDUCT.md: redirect to https://owncloud.com/contribute/code-of-conduct/ - CONTRIBUTING.md: redirect to https://owncloud.com/contribute/ - SECURITY.md: redirect to https://security.owncloud.com + YesWeHack - SUPPORT.md: redirect to https://owncloud.com/contact-us/ + channels OSPO: https://kiteworks.com/opensource Signed-off-by: David Walter --- CODE_OF_CONDUCT.md | 8 +++ CONTRIBUTING.md | 32 ++--------- README.md | 138 ++++++++++++++++++++++++++++++++++----------- SECURITY.md | 11 ++++ SUPPORT.md | 10 ++++ agents.md | 62 ++++++++++++++++++++ 6 files changed, 201 insertions(+), 60 deletions(-) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md create mode 100644 agents.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..ce144bf1 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,8 @@ +# Code of Conduct + +This project follows the ownCloud Code of Conduct. + +Please read the full Code of Conduct at: +**** + +By participating in this project, you agree to abide by its terms. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5b1fafef..65c99156 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,29 +1,9 @@ -## Submitting issues +# Contributing -If you have questions about how to install or use ownCloud, please direct these to the [mailing list][mailinglist] or our [forum][forum]. We are also available on [IRC][irc]. +Thank you for your interest in contributing to this project! -### Short version +Please read the full contributing guidelines at: +**** - * The [**issue template can be found here**][template]. Please always use the issue template when reporting issues. - -### Guidelines -* Please search the existing issues first, it's likely that your issue was already reported or even fixed. - - Go to one of the repositories, click "issues" and type any word in the top search/command bar. - - You can also filter by appending e. g. "state:open" to the search string. - - More info on [search syntax within github](https://help.github.com/articles/searching-issues) -* This repository ([notes](https://github.com/owncloud/notes/issues)) is *only* for issues within the ownCloud notes code. -* __SECURITY__: Report any potential security bug to security@owncloud.com following our [security policy](https://owncloud.org/security/) instead of filing an issue in our bug tracker -* Report the issue using our [template][template], it includes all the information we need to track down the issue. - -Help us to maximize the effort we can spend fixing issues and adding new features, by not reporting duplicate issues. - -[template]: https://raw.github.com/owncloud/core/master/issue_template.md -[mailinglist]: https://mailman.owncloud.org/mailman/listinfo/owncloud -[forum]: https://forum.owncloud.org/ -[irc]: https://webchat.freenode.net/?channels=owncloud&uio=d4 -[irc-dev]: https://webchat.freenode.net/?channels=owncloud-dev&uio=d4 - -### Contribute Code and translations -Please check [core's contribution guidelines](https://github.com/owncloud/core/blob/master/CONTRIBUTING.md) for further information about contributing code and translations. - -For further development questions / discussions you can also join the [#owncloud-dev][irc-dev] IRC channel. \ No newline at end of file +For development setup, coding standards, and pull request process, +see the README in this repository. diff --git a/README.md b/README.md index f081018b..fea401b6 100644 --- a/README.md +++ b/README.md @@ -1,57 +1,127 @@ # Notes -[![Build Status](https://drone.owncloud.com/api/badges/owncloud/notes/status.svg?branch=master)](https://drone.owncloud.com/owncloud/notes) -[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=owncloud_notes&metric=alert_status)](https://sonarcloud.io/dashboard?id=owncloud_notes) -[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=owncloud_notes&metric=security_rating)](https://sonarcloud.io/dashboard?id=owncloud_notes) -[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=owncloud_notes&metric=coverage)](https://sonarcloud.io/dashboard?id=owncloud_notes) + -The Notes app is a distraction free notes taking app. It offers a [RESTful API](https://github.com/owncloud/notes/wiki/API-0.2) for app developers. The source code is [available on GitHub](https://github.com/owncloud/notes) +[![License](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](COPYING) [![ownCloud OSPO](https://img.shields.io/badge/OSPO-ownCloud-blue)](https://kiteworks.com/opensource) [![Docker Hub](https://img.shields.io/docker/pulls/owncloud)](https://hub.docker.com/r/owncloud/server) -![Screenshot of ownCloud Notes](https://cloud.githubusercontent.com/assets/4741199/17731273/e557b5fe-646c-11e6-9975-d6b242454482.png) +A distraction-free note-taking app for ownCloud Server that stores notes as plain text files in the user's cloud storage. It provides a clean web-based editor with a RESTful API for third-party app integration, enabling mobile and desktop note clients to sync notes through ownCloud. -For further developer and user documentation please visit [the wiki](https://github.com/owncloud/notes/wiki) +## Getting Started -## Maintainers -- [Hendrik Leppelsack](https://github.com/Henni) -- [Lukas Reschke](https://github.com/LukasReschke) +Follow the steps below to install and enable the Notes app. -## Requirements -##### Minimum PHP Version -* PHP >= 5.4 +### Prerequisites -##### Minimum ownCloud Version -* >= 8.1 +- ownCloud Server 8.1+ +- PHP 5.4+ -##### Supported Webservers -* Apache +### Installation -##### Supported Browsers -* latest 3 versions of Chrome, Firefox and Edge -* we *do not* officially support Internet Explorer and Safari (Patches accepted though) +Clone into your ownCloud apps directory and enable: +```bash +git clone https://github.com/owncloud/notes.git /var/www/owncloud/apps/notes +occ app:enable notes +``` -## Bugs -Before reporting bugs: +### Build -* check the requirements above -* get the newest version of the Notes app -* [check if they have already been reported](https://github.com/owncloud/notes/issues?state=open) +```bash +make build +``` +### Run Tests -## Git (development version) +```bash +make test-php-unit +make test-php-style +``` -#### Installation +## Documentation -* Clone the **Notes** app into the **/var/www/owncloud/apps/** directory +- [Notes Wiki](https://github.com/owncloud/notes/wiki) +- [REST API Documentation](https://github.com/owncloud/notes/wiki/API-0.2) - ```git clone https://github.com/owncloud/notes.git``` +## Part of ownCloud Server (Classic) -* Activate the **Notes** app in the apps menu +This app is a plugin for [ownCloud Server 10](https://github.com/owncloud/core) (version 8.1+). Install it from the [ownCloud Marketplace](https://marketplace.owncloud.com) or directly from the repository. +This component is included in the [ownCloud Server Docker image](https://hub.docker.com/r/owncloud/server). -#### Keep up to date +## Community & Support -To update the Notes app use:: +**[Star](https://github.com/owncloud/notes)** this repo and **Watch** for release notifications! - cd /var/www/owncloud/apps/notes - git pull --rebase origin master +- [ownCloud Website](https://owncloud.com) +- [Community Discussions](https://github.com/orgs/owncloud/discussions) +- [Matrix Chat](https://app.element.io/#/room/#owncloud:matrix.org) +- [Documentation](https://doc.owncloud.com) +- [Enterprise Support](https://owncloud.com/contact-us/) +- [OSPO Home](https://kiteworks.com/opensource) + +## Contributing + +We welcome contributions! Please read the [Contributing Guidelines](CONTRIBUTING.md) +and our [Code of Conduct](CODE_OF_CONDUCT.md) before getting started. + +### Workflow + +- **Rebase Early, Rebase Often!** We use a rebase workflow. Always rebase on the target branch before submitting a PR. +- **Dependabot**: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly. +- **Signed Commits**: All commits **must** be PGP/GPG signed. See [GitHub's signing guide](https://docs.github.com/en/authentication/managing-commit-signature-verification). +- **DCO Sign-off**: Every commit must carry a `Signed-off-by` line: + ``` + git commit -s -S -m "your commit message" + ``` +- **GitHub Actions Policy**: Workflows may only use actions that are (a) owned by `owncloud`, (b) created by GitHub (`actions/*`), or (c) verified in the GitHub Marketplace. + +## Translations + +Help translate this project on Transifex: +**** + +Please submit translations via Transifex -- do not open pull requests for translation changes. + +## Security + +**Do not open a public GitHub issue for security vulnerabilities.** + +Report vulnerabilities at **** -- see [SECURITY.md](SECURITY.md). + +Bug bounty: [YesWeHack ownCloud Program](https://yeswehack.com/programs/owncloud-bug-bounty-program) + +## License + +This project is licensed under the [AGPL-3.0](COPYING). + +## About the ownCloud OSPO + +The [Kiteworks Open Source Program Office](https://kiteworks.com/opensource), operating under +the [ownCloud](https://owncloud.com) brand, launched on May 5, 2026, to steward the open source +ecosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance, +community health, and sustainable collaboration between the open source community and +[Kiteworks](https://www.kiteworks.com), which acquired ownCloud in 2023. + +- **OSPO Home**: +- **GitHub**: +- **ownCloud**: + +For questions about the OSPO or licensing, contact ospo@kiteworks.com. + +### License Migration to Apache 2.0 + +The OSPO is driving a strategic relicensing of ownCloud repositories toward the +[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0), following +the [Apache Software Foundation's third-party license policy](https://www.apache.org/legal/resolved.html). + +Individual repositories will migrate as their audit is completed. The LICENSE file +in each repo reflects its **current** license status (not the target). + +**Current license: AGPL-3.0** (Category X per Apache policy -- cannot be included in Apache-2.0 works). + +Migration prerequisites for this repository: + +- **CLA/DCO coverage**: All past contributors must have signed agreements permitting relicensing +- **Copyleft dependency audit**: All AGPL/GPL dependencies must be replaced or isolated +- **KDE heritage review**: Any code with KDE-era copyrights requires legal analysis +- **Complete relicensing**: AGPL-3.0 is a strong copyleft license; migration requires full relicensing of all files, not just a header change diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..78094ae4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +## Reporting a Vulnerability + +**Do NOT open a public GitHub issue for security vulnerabilities.** + +Please report security issues responsibly via: +**** + +You can also report vulnerabilities through our YesWeHack bug bounty program: +**** diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 00000000..d87c0ca8 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,10 @@ +# Support + +For support with this project, please use the following channels: + +- **Enterprise Support**: +- **Community discussions**: https://github.com/orgs/owncloud/discussions +- **Matrix Chat**: +- **Documentation**: + +Please do not use GitHub issues for general support questions. diff --git a/agents.md b/agents.md new file mode 100644 index 00000000..ff2b7f4d --- /dev/null +++ b/agents.md @@ -0,0 +1,62 @@ +# agents.md -- Notes + +## Repository Overview + +Distraction-free note-taking app for ownCloud Server with a RESTful API. Licensed under AGPL-3.0. PHP backend with JavaScript frontend. + +## Architecture & Key Paths + +- `controller/` -- HTTP controllers +- `service/` -- Business logic services +- `db/` -- Database mappers and entities +- `js/` -- Frontend JavaScript +- `css/` -- Stylesheets +- `templates/` -- Server-side templates +- `appinfo/` -- ownCloud app metadata +- `l10n/` -- Translation files +- `tests/` -- Unit and integration tests +- `Makefile` -- Build and test automation +- `composer.json` -- PHP dependencies + +## Development Conventions + +- PHP code follows ownCloud coding standards (phpcs) +- Static analysis with PHPStan + +## Build & Test Commands + +```bash +make build # Build the app +make test-php-unit # Run PHP unit tests +make test-php-integration # Run PHP integration tests +make test-php-style # Check PHP code style +make dist # Create distribution package +``` + +## Important Constraints + +- Licensed under AGPL-3.0 (copyleft). Apache 2.0 migration planned. +- All contributions require a DCO sign-off. + + +## OSPO Policy Constraints + +### GitHub Actions +- **Only** use actions owned by `owncloud`, created by GitHub (`actions/*`), verified on the GitHub Marketplace, or verified by the ownCloud Maintainers. +- Pin all actions to their full commit SHA (not tags): `uses: actions/checkout@ # vX.Y.Z` +- Never introduce actions from unverified third parties. + +### Dependency Management +- Dependabot is configured for automated dependency updates. +- Review and merge Dependabot PRs as part of regular maintenance. +- Do not introduce new dependencies without discussion in an issue first. + +### Git Workflow +- **Rebase policy**: Always rebase; never create merge commits. Use `git pull --rebase` and `git rebase` before pushing. +- **Signed commits**: All commits **must** be PGP/GPG signed (`git commit -S -s`). +- **DCO sign-off**: Every commit needs a `Signed-off-by` line (`git commit -s`). +- **Conventional Commits & Squash Merge**: Use the [Conventional Commits](https://www.conventionalcommits.org/) format where the repository enforces it. Many repos use squash merge, where the PR title becomes the commit message on the default branch — apply Conventional Commits format to PR titles as well. A reusable GitHub Actions workflow enforces this. + +## Context for AI Agents + +Standard OC10 app with controller/service/db architecture. The REST API is documented in the wiki. Notes are stored as plain text files in user cloud storage.