From e8d0b42dc15ea1503320c746339cbf9d739f3e31 Mon Sep 17 00:00:00 2001 From: Austin Ziegler Date: Wed, 21 Aug 2024 20:46:51 -0400 Subject: [PATCH] Update policies and add funding - Add funding options - Add Tidelift security policy. - Update to latest Contributor Covenant for CoC. - Clean up .gitignore and .hoerc. - Clean up workflow --- .github/FUNDING.yml | 6 ++ .github/workflows/ci.yml | 147 +++++++++++++++++++++++++++++++-------- .gitignore | 2 - .hoerc | 44 ++++++------ Code-of-Conduct.md | 143 +++++++++++++++++++++++++------------ SECURITY.md | 7 ++ 6 files changed, 251 insertions(+), 98 deletions(-) create mode 100644 .github/FUNDING.yml create mode 100644 SECURITY.md diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..180321d --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,6 @@ +# These are supported funding model platforms + +github: halostatue +buy_me_a_coffee: halostatue +ko_fi: halostatue +tidelift: rubygems/mime-types diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fd7b95e..ec3784b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: CI +name: Ruby CI on: pull_request: @@ -7,53 +7,117 @@ on: workflow_dispatch: jobs: - test: + lint: + name: Lint + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - uses: ruby/setup-ruby@v1 + with: + ruby-version: '3.3' + rubygems: latest + bundler: 2 + bundler-cache: true + + - run: bundle exec standardrb + + required-ubuntu: name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }} + strategy: fail-fast: false matrix: os: - - macos-latest - ubuntu-20.04 + - ubuntu-22.04 + - ubuntu-24.04 ruby: - '2.6' - '2.7' - - '3.0' - '3.1' - '3.2' - '3.3' - - head - jruby - - jruby-head - truffleruby include: - - ruby: head + - ruby: jruby + os: ubuntu-22.04 continue-on-error: true - - ruby: jruby-head + - ruby: truffleruby + os: ubuntu-22.04 continue-on-error: true - - os: windows-latest - ruby: mingw - - os: windows-latest - ruby: mswin - - os: windows-latest - ruby: jruby - continue-on-error: true - - os: ubuntu-22.04 - ruby: head - continue-on-error: true - - os: ubuntu-22.04 - ruby: '3.1' - - os: ubuntu-22.04 - ruby: '3.2' - - os: ubuntu-22.04 - ruby: '3.3' - standardrb: true runs-on: ${{ matrix.os }} - continue-on-error: ${{ matrix.continue-on-error || false }} + continue-on-error: ${{ matrix.continue-on-error }} + + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: latest + bundler: 2 + bundler-cache: true + + - run: bundle exec ruby -S rake test --trace + + required-macos: + name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }} + + strategy: + fail-fast: false + matrix: + os: + - macos-12 + - macos-13 + - macos-14 + ruby: + - '2.6' + - '2.7' + - '3.1' + - '3.2' + - '3.3' + + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: latest + bundler: 2 + bundler-cache: true + + - run: bundle exec ruby -S rake test --trace + + required-windows: + name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: + - windows-2019 + - windows-2022 + ruby: + - '2.6' + - '2.7' + - '3.0' + - '3.1' + - '3.2' + - '3.3' + - mswin + - ucrt + include: + - ruby: mingw + os: windows-2022 + + runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} @@ -63,5 +127,30 @@ jobs: - run: bundle exec ruby -S rake test --trace - - if: matrix.standardrb == true - run: bundle exec standardrb + ruby-head-optional: + name: Ruby ${{ matrix.ruby }} - ${{ matrix.os }} (optional) + + strategy: + fail-fast: false + + matrix: + ruby: + - head + os: + - macos-latest + - ubuntu-latest + - windows-latest + + continue-on-error: true + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + rubygems: latest + bundler: 2 + bundler-cache: true + + - run: bundle exec ruby -S rake test --trace diff --git a/.gitignore b/.gitignore index 0083532..c2557d4 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,6 @@ .rake_tasks~ .source_index Gemfile.lock -coverage.info -coverage/ doc/ html/ pkg/ diff --git a/.hoerc b/.hoerc index 6dec75a..17059ec 100644 --- a/.hoerc +++ b/.hoerc @@ -6,14 +6,14 @@ exclude: !ruby/regexp '/ )$ | \.(?: - bundle| - git| - github| - hg| - idea| - svn| - vagrant - )\/ + bundle | + git | + github | + hg | + idea | + svn | + vagrant + )\/ | [gG]emfile(?:\.lock)? | @@ -22,31 +22,29 @@ exclude: !ruby/regexp '/ research )\/ | + \b(?i:TAGS)$ + | \.(?: appveyor | coveralls | fasterer | pullreview | - rubocop.* | + rubocop* | travis | unused - )\.yml$ - | - (?i:TAGS)$ + )\.yml$ | \.(?: - DS_Store | - autotest | - byebug_history | - gemtest | - gitattributes | - gitignore | - hoerc | - minitest.rb | - simplecov-prelude.rb + DS_Store | + autotest | + byebug_history | + gemtest | + gitattributes | + gitignore | + hoerc | + minitest.rb | + simplecov-prelude.rb )$ | \.gemspec$ - | - Vagrantfile$ /x' diff --git a/Code-of-Conduct.md b/Code-of-Conduct.md index 306de4e..184b5fb 100644 --- a/Code-of-Conduct.md +++ b/Code-of-Conduct.md @@ -2,72 +2,127 @@ ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our +community include: -- Using welcoming and inclusive language -- Being respectful of differing viewpoints and experiences -- Gracefully accepting constructive criticism -- Focusing on what is best for the community -- Showing empathy towards other community members +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -- The use of sexualized language or imagery and unwelcome sexual attention or - advances -- Trolling, insulting/derogatory comments, and personal or political attacks +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks - Public or private harassment -- Publishing others' private information, such as a physical or electronic - address, without explicit permission +- Publishing others' private information, such as a physical or email address, + without their explicit permission - Other conduct which could reasonably be considered inappropriate in a professional setting -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at [INSERT EMAIL ADDRESS]. All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +reported to the community leaders responsible for enforcement at [INSERT CONTACT +METHOD]. All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +. Translations are available at +. [homepage]: https://www.contributor-covenant.org +[Mozilla CoC]: https://github.com/mozilla/diversity diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..25e1cf1 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,7 @@ +# mime-types Security + +## Security contact information + +To report a security vulnerability, please use the +[Tidelift security contact](https://tidelift.com/security). Tidelift will +coordinate the fix and disclosure.