diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..880b45f7 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +* @petesramek + +.github/ @petesramek +src/ @petesramek +tests/ @petesramek diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 61fc2653..bffc605e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -222,12 +222,28 @@ jobs: nuget-feed-api-key: ${{ secrets.NUGET_PACKAGE_FEED_API_KEY }} nuget-feed-server: 'AzureArtifacts' working-directory: ${{ runner.temp }}/${{ env.nuget-packages-directory }} - dotnet-sdk-version: ${{ env.dotnet-sdk-version }}' + dotnet-sdk-version: ${{ env.dotnet-sdk-version }} + + security: + name: 'Check for vulnerable packages' + needs: [build] + runs-on: ubuntu-latest + steps: + - name: 'Checkout ${{ github.head_ref || github.ref }}' + uses: actions/checkout@v6 + + - name: 'Setup .NET' + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ env.dotnet-sdk-version }} + + - name: 'Check for vulnerable packages' + run: dotnet list src/PolylineAlgorithm/PolylineAlgorithm.csproj package --vulnerable --include-transitive benchmark: - if: ${{ github.env.is_release || vars.BENCHMARKDOTNET_RUN_OVERRIDE == 'true' }} + if: ${{ needs.workflow-variables.outputs.is-release == 'true' || vars.BENCHMARKDOTNET_RUN_OVERRIDE == 'true' }} name: Benchmark with .NET CLI on ${{ matrix.os }} - needs: [build] + needs: [workflow-variables, build] strategy: matrix: os: [ubuntu-latest, windows-latest, macos-latest] diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..2b72d20e --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +# Changelog + +Release history is tracked via GitHub Releases. + +See all releases at: diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..d0b9d1d8 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,47 @@ +# Contributor Covenant Code of Conduct + +## Our Commitment + +We are committed to providing a welcoming and inspiring community for all. We pledge to create an environment in which every individual feels valued, respected, and free from harassment and discrimination. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment include: + +- Using welcoming and inclusive language +- Being respectful of differing opinions, viewpoints, and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery and unwelcome sexual attention or advances +- Trolling, insulting/derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or electronic address, without explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting + +## Enforcement + +Community leaders are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for behaviors that they deem inappropriate, threatening, offensive, or harmful. + +## Reporting + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement. All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. diff --git a/Directory.Build.props b/Directory.Build.props index 96ebb124..80c3886e 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -6,6 +6,8 @@ enable true en + true + embedded @@ -20,6 +22,7 @@ + diff --git a/docs/local-development.md b/docs/local-development.md index 48fa5f76..ab2da8ab 100644 --- a/docs/local-development.md +++ b/docs/local-development.md @@ -72,3 +72,24 @@ The CI `format` job also runs `dotnet format` automatically on every push to non ## Editor Configuration Code style rules are stored in `.editorconfig` at the repository root. Any compliant IDE (Visual Studio, VS Code with C# Dev Kit, Rider) will pick these up automatically. + +## Required Repository Secrets and Variables + +The CI/CD workflows rely on the following GitHub repository secrets and variables. + +### Secrets + +| Name | Description | +|------|-------------| +| `NUGET_PACKAGE_FEED_API_KEY` | API key for the Azure Artifacts NuGet feed | + +### Variables + +| Name | Description | +|------|-------------| +| `NUGET_PACKAGE_FEED_URL` | NuGet feed URL | +| `BENCHMARKDOTNET_RUN_OVERRIDE` | Set to `true` to force benchmarks to run on non-release PRs | +| `BENCHMARKDOTNET_RUNTIMES` | Runtimes to benchmark (e.g. `net8.0 net10.0`) | +| `BENCHMARKDOTNET_FILTER` | Benchmark filter pattern (e.g. `*`) | +| `DEFAULT_BUILD_FRAMEWORK` | Default target framework for builds (e.g. `net10.0`) | +| `SRC_DEFAULT_GLOB_PATTERN` | Glob pattern for source project files (e.g. `**/PolylineAlgorithm.csproj`) |