openinf / .github Goto Github PK
View Code? Open in Web Editor NEWA ✨special✨ repository: org-level default metadata & community health files for use across all OpenINF projects on GitHub
Home Page: https://github.com/OpenINF/.github#readme
A ✨special✨ repository: org-level default metadata & community health files for use across all OpenINF projects on GitHub
Home Page: https://github.com/OpenINF/.github#readme
How this got so out of hand so quickly is impressive.
Caution
Failures on multiple fronts potentially leading to cognitive overload and decision fatigue.
Witness the barrage of questions that get thrown your way during VSCode bootup, then even more during project bootstrap, and the remainder is uncharted territory.
Here's why: the canonical storage location for our standard project label packs happen to be provided by the solution we have chosen for managing default github repo settings; namely the GitHub App simply named "Settings", which syncs repository settings defined in .github/settings.yml
to GitHub, enabling Pull Requests for these now-serialized repository settings.
i have been meaning to do this for a very long time:
every project repo transferred under @OpenINF umbrella has to undergo a certain procedure before we can properly maintain it or bring it up to a recovered state where we may begin to place within the context of our project lifecycle(s); let us flesh that out (minimally at first, then more-so in the short-term)
Refs: https://github.blog/2018-02-22-label-improvements-emoji-descriptions-and-more/
we have spiffy labels in some repos now, but they are not evenly distributed; we should prioritize keeping them nice and safe here w/ directions on how to apply them everywhere else:
syncing scripting:
@DerekNonGeneric, suggest rfc{1123,3339} date format instead (?)
Originally posted by @OpenINFbot in #655 (comment)
Our tasking situation here will get a lot more impressive and be less-incomplete once the changes i had proposed in ampproject/amp.dev#3346 finally make their way over here. That is quite a high priority since it precludes the org-wide adoption of our tasking structure here. The funny thing about our currently-incomplete tasking situation here is that it is very home-grown, and although it may have already outgrown its original training wheels (the nps
solution), they are still fully-functional and even still used by the CI to this day.
Apparently pnpm's lockfile never got updated as the package-lock.json normally would w/ PRs made by @dependabot & @renovatebot. They have now become desynchronized w/ only the pinned deps in the package.json being accurate.
Running the command npm doctor
helps to diagnose several problems often faced by package repos organized like this one.
Two things it looks at currently cause their checks to fail:
node
npm
We fail these since we have been sticking to Gallium 16.x LTS.
Apparently the CI's in need of repair most likely due to breaking changes affecting the APIs of the plugins employed by the script that evaluates Markdown files: “verify.md” —
The script called "verify.md" which runs "node build/tasks/verify/verify-md.mjs" failed with exit code 1
— the context of the above error message viewable in the below image.
Self-assigned; however, this will not be receiving our final intended solution to the pre-submit testing of Markdown expected to be done by our CI; commits addressing this issue should not be expected to implement our final ideal solution…
How we expect to achieve our final ideal solution begins to be hashed out by myself in the following thread on the topic.
🔗:https://twitter.com/DerekNonGeneric/status/1660506159978086403
So, yes, this codebase will need to undergo “comprehensive deregulation”. We do not plan on having this be the location where rules are defined or enforced/triaged, but more on that a little later tonight once we can get a green CI for merging our translations…
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
@babel/core
, @babel/eslint-parser
, @babel/plugin-syntax-jsx
, @babel/plugin-transform-modules-commonjs
, @babel/preset-env
)actions/checkout
, docker/dockerfile
, dprint
, editorconfig-checker
, eslint-plugin-json-schema-validator
, eslint-plugin-jsonc
, eslint-plugin-promise
, eslint-plugin-regexp
, pnpm
, prettier
, returntocorp/semgrep
, ruby
, ruby/setup-ruby
, typescript
, unified
)@typescript-eslint/eslint-plugin
, @typescript-eslint/parser
)Gemfile
github-linguist "~> 7.28"
jekyll "~> 4.3.0"
kramdown-parser-gfm '~> 1.1'
jekyll-redirect-from undefined
jekyll-relative-links undefined
yaml-lint undefined
webrick undefined
dotenv undefined
rb-inotify undefined
.devcontainer/Dockerfile
openinf/fisher-ubuntu latest
.devcontainer/experimental/Dockerfile
docker/dockerfile 1@sha256:a57df69d0ea827fb7266491f2813635de6f17269be881f696fbfdf2d83dda33e
openinf/grimesai-salvage-tex lunar@sha256:85db277df2bb6b07922478085cd612a67a9a7d3923b09135a7f6bd9bd65ca89a
.github/workflows/lint-and-test.yml
actions/checkout v4.1.6@a5ac7e51b41094c92402da3b24376905380afc29
actions/setup-node v4.0.2@60edb5dd545a775178f52524783378180af0d1f8
ruby/setup-ruby v1.176.0@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49
dorny/paths-filter v3.0.2@de90cc6fb38fc0963ad72b210f1f284cd68cea36
.github/workflows/semgrep.yml
actions/checkout v4.1.6@a5ac7e51b41094c92402da3b24376905380afc29
returntocorp/semgrep sha256:18fcd539c83a1e8a3df78e77dddce457511f25dc2bd92b6e3bf999f51ab425d3
ubuntu 22.04
package.json
@babel/core 7.24.5
@babel/eslint-parser 7.24.5
@babel/plugin-syntax-jsx 7.24.1
@babel/plugin-syntax-top-level-await 7.14.5
@babel/plugin-transform-modules-commonjs 7.24.1
@babel/preset-env 7.24.5
@iktakahiro/markdown-it-katex 4.0.1
@openinf/util-text 1.1.2
@shopify/prettier-plugin-liquid 1.5.0
@types/markdown-it 14.1.1
@types/node 20.x
@typescript-eslint/eslint-plugin 7.9.0
@typescript-eslint/parser 7.9.0
@yarnpkg/shell 4.0.2
dictionary-en 4.0.0
dprint 0.45.1
editorconfig-checker 5.1.5
eslint 9.2.0
eslint-config-prettier 9.1.0
eslint-import-resolver-node 0.3.9
eslint-import-resolver-typescript 3.6.1
eslint-plugin-import 2.29.1
eslint-plugin-json-schema-validator 5.1.0
eslint-plugin-jsonc 2.15.1
eslint-plugin-markdown 5.0.0
eslint-plugin-prettier 5.1.3
eslint-plugin-promise 6.1.1
eslint-plugin-regexp 2.5.0
eslint-plugin-simple-import-sort 12.1.0
eslint-plugin-unicorn 53.0.0
eslint-plugin-wix-editor 3.3.0
eslint-plugin-yml 1.14.0
markdown-it 14.1.0
markdown-it-abbr 2.0.0
markdown-it-anchor 9.0.1
markdown-it-footnote 4.0.0
markdown-it-sub 2.0.0
markdown-it-sup 2.0.0
markdown-it-task-lists 2.1.1
markdown-it-toc-done-right 4.2.0
markdownlint-cli2 0.13.0
markdownlint-cli2-formatter-default 0.0.4
nps 5.10.0
prettier 3.2.5
remark 15.0.1
remark-cli 12.0.1
remark-directive 3.0.0
remark-footnotes 4.0.1
remark-frontmatter 5.0.0
remark-gfm 4.0.0
remark-github 12.0.0
remark-heading-id 1.0.1
remark-hint 1.0.10
remark-html 16.0.1
remark-lint 10.0.0
remark-lint-blockquote-indentation 4.0.0
remark-lint-checkbox-character-style 5.0.0
remark-lint-checkbox-content-indent 5.0.0
remark-lint-code-block-style 4.0.0
remark-lint-definition-spacing 4.0.0
remark-lint-fenced-code-flag 4.0.0
remark-lint-first-heading-level 4.0.0
remark-lint-maximum-line-length 4.0.1
remark-lint-no-duplicate-headings-in-section 4.0.0
remark-lint-no-file-name-consecutive-dashes 3.0.0
remark-lint-no-file-name-irregular-characters 3.0.0
remark-lint-no-file-name-mixed-case 3.0.0
remark-lint-no-heading-punctuation 4.0.0
remark-lint-no-html 4.0.0
remark-preset-lint-consistent 6.0.0
remark-preset-lint-markdown-style-guide 6.0.0
remark-preset-lint-recommended 7.0.0
remark-preset-prettier 2.0.1
remark-retext 6.0.0
remark-validate-links 13.0.1
retext-english 5.0.0
retext-passive 5.0.0
retext-readability 8.0.0
retext-repeated-words 5.0.0
retext-sentence-spacing 6.0.0
retext-simplify 8.0.0
retext-spell 6.1.0
retext-syntax-mentions 4.0.0
retext-syntax-urls 4.0.0
strip-comments 2.0.1
typescript 5.4.5
unified 11.0.4
pnpm 9.1.1
.nvmrc
.config/.ruby-version
ruby 3.3.1
.ruby-version
ruby 3.3.1
Currently, this field specified in package.json:
{
"packageManager": "[email protected]+"
}
Output:
derek@WIN-QCQNRDEGMKF:~/projects/openinf-github-dotrepo$ corepack enable
derek@WIN-QCQNRDEGMKF:~/projects/openinf-github-dotrepo$ pnpm i
Usage Error: Invalid package manager specification in package.json; expected a semver version
$ pnpm ...
Seeing as how this did in fact pass the validation, it should be noted that the regex for validating this field (package.json
schema on schemastore) is wrong when validating this field…
This is not a pnpm field, though; this is a corepack field, which is very confusing…
Refs: https://pnpm.io/package_json
Refs: https://github.com/nodejs/corepack#when-authoring-packages
/cc @arcanis as am currently unsure what is going on here (would like to specify global npm is req'd)
I mentioned to @yuvilio (via email) that we would be striving towards maxing out OpenSSF Scorecard.
Let's be sure that while resolving #147 (specifically the deps automerge), those principles are respected (inlined for convenience):
Name | Description | Risk Level | Token Required | Note |
---|---|---|---|---|
Binary-Artifacts | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | |
Branch-Protection | Does the project use Branch Protection ? | High | PAT (repo or repo> public_repo ), GITHUB_TOKEN |
certain settings are only supported with a maintainer PAT |
CI-Tests | Does the project run tests in CI, e.g. GitHub Actions, Prow? | Low | PAT, GITHUB_TOKEN | |
CII-Best-Practices | Does the project have an OpenSSF (formerly CII) Best Practices Badge? | Low | PAT, GITHUB_TOKEN | |
Code-Review | Does the project require code review before code is merged? | High | PAT, GITHUB_TOKEN | |
Contributors | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | |
Dangerous-Workflow | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | |
Dependency-Update-Tool | Does the project use tools to help update its dependencies? | High | PAT, GITHUB_TOKEN | |
Fuzzing | Does the project use fuzzing tools, e.g. OSS-Fuzz? | Medium | PAT, GITHUB_TOKEN | |
License | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | |
Maintained | Is the project at least 90 days old, and maintained? | High | PAT, GITHUB_TOKEN | |
Pinned-Dependencies | Does the project declare and pin dependencies? | Medium | PAT, GITHUB_TOKEN | |
Packaging | Does the project build and publish official packages from CI/CD, e.g. GitHub Publishing ? | Medium | PAT, GITHUB_TOKEN | |
SAST | Does the project use static code analysis tools, e.g. CodeQL, LGTM (deprecated), SonarCloud? | Medium | PAT, GITHUB_TOKEN | |
Security-Policy | Does the project contain a security policy? | Medium | PAT, GITHUB_TOKEN | |
Signed-Releases | Does the project cryptographically sign releases? | High | PAT, GITHUB_TOKEN | |
Token-Permissions | Does the project declare GitHub workflow tokens as read only? | High | PAT, GITHUB_TOKEN | |
Vulnerabilities | Does the project have unfixed vulnerabilities? Uses the OSV service. | High | PAT, GITHUB_TOKEN | |
Webhooks | Does the webhook defined in the repository have a token configured to authenticate the origins of requests? | High | maintainer PAT (admin: repo_hook or admin> read:repo_hook doc |
EXPERIMENTAL |
At the time of attempting to implement a check using this toolset, these packages were still in their infancy w/ unstable guidance coming from their documentation… 1 2
No biggie; this all looks to have [somewhat] stabilized since then:
A cultural diversity experience awaits (!) since it never did work…
Serbian is practically the only European standard language whose speakers are fully functionally digraphic, using both Cyrillic and Latin alphabets.
— https://en.wikipedia.org/wiki/Serbian_language#cite_ref-18
This seems to be a unique case in natural languages, but the Serbian language can be expressed in either Latin (sr_Latn
) or Cyrillic script (sr_Cyrl
), so what i said about “two-letter codes, one per language” in #34 (comment) is a little bit incorrect due to this edge case. I think we will need to specify which one of the alphabets we are using when making these translations to prevent mixing them.
/cc @emmitrovic as i am unsure which one we should use (is one preferable or maybe we need both?)
I am not exactly sure, but the only other time this may come up elsewhere is when distinguishing btwx Simplified Chinese (zh_Hans
) and Traditional Chinese (zh_Hant
)…
/cc @septs as this file naming scheme seems to be gaining widespread adoption (guideline may be needed)
To be clear, this is not about localization in the sense of wanting to distinguish btwx Portuguese from Portugal (pt_PT
) and Portuguese from Brazil (pt_BR
), which use the same alphabets. On the topic of Portuguese: I was hoping to be able to only use pt
and leave the translation style up to whomever does the translation. For example, some things sound better in pt_BR
and others in pt_PT
, so if we can avoid making the distinction, i would prefer that.
/cc @ErickWendel as am unsure if this would be practical (am still learning and unsure of edge cases)
Any additional insight you all can provide would be appreciated!
Codacy is configured to use remark-lint
(in addition to our current Markdown linter), which appears to be using the default rules since we currently lack a configuration file for it in this repo. Some Markdown lint rules are unique to this linter that we could benefit from, so we should have it properly configured to pass checks for that tool. Fortunately, we had already been using this Markdown linter in our site repo, so may be able to copy that configuration over and add any additional tasks or rules to ensure we can run it locally before pushing up any new commits.
The contribution guidelines surrounding licensing are too simplistic and unclear.
Lines 77 to 79 in 77515ff
This is also not the whole story about what we currently do. Expand and clarify.
So much depends on the outcome of our issue named ⚖️ get real about license guidance in contribution guidelines.
The public is clamoring for us "get real" because the topic of Licensing a Repository could not be adequately addressed within a CONTRIBUTING file w/o completely taking over the majority of the document's real estate due to the sheer quantity of content necessary to adequately address the various topics involved and be successful in pursuit of the endeavor.
Requested new document: Licensing a Repository (Rebranded w/o Pitfalls)
Alterations summary: Most are already known to document editor/remaining to be raised during review.
Would you like to include a changelog?
A changelog contains a curated, chronologically ordered list of notable changes for each project version. To make it easier for users and contributors to see precisely what notable changes have been made between each project release (or version). Whether consumers or developers, the end users of software are human beings, who care about what's in the software. When the software changes, people want to know why and how.
I owe our entire community an apology. Recently, in an overzealous attempt at efficiency, I deleted a detailed record related to scaling our ADRs without adequately considering the impact. If any of you wish to give input on appropriate amends or share constructive criticism I should hear, please come to me openly. We shall become wiser together.
At the most fundamental level, i will:
Consider the record returned in full. ✅
This initial action, however, only partially encompasses the amends entailed. I openly welcome any additional constructive feedback on rectifying my mistakes in judgment - be they replenishments in process, safeguards against repetition, or building renewed understanding. My responsibility in this situation stretches beyond data to trust and respect among teammates. Please come to me freely with thoughts so we may walk this path to redemption together. With open ears, hearts, and minds on all sides, I am confident in our bonds moving forward.
Woo foo!
The 5 extension(s) below, in workspace recommendations have issues:
knisterpeter.vscode-commitizen
(not found in marketplace)lunaryorn.fish-ide
(not found in marketplace)mrmlnc.vscode-json5
(not found in marketplace)skyapps.fish-vscode
(not found in marketplace)travisthetechie.write-good-linter
(not found in marketplace)it's a doozie bc we are mid-migration to eslint 9
This has been an ongoing issue, and we (@OpenINF/wg-a-team) have started working on this in other channels and repos (e.g., our yet-to-be launched @OpenINF/standards repo).
I want to get this taken care of here and now while taking those learnings back to that project.
i noticed that jekyll plugins (and mostly themes) have defined naming conventions:
🔗 https://jekyllrb.com/docs/themes/#installing-a-theme
jekyll-
prefix for all jekyll plugins (perhaps postfix -plugin)jekyll-theme-
prefix for theme pluginsFisher plugins should probably also retain some convention (thoughts include):
fisher-gap
fisher-plugin-gap
fisher-gap-plugin
maybe this would be our ideal name here (based on repo name):
OpenINF/fisher-gap-plugin
🔗🐙/cc @jorgebucaran
@restyled-commits
style: apply changes from whitespace restyler
b1c34adSigned-off-by: Restyled Commits [email protected]
This commit message is incorrect and must be corrected. We must tame the bot (sounds fun)
We have regularly been receiving dependency update requests from the following:
They each have their own way of titling their PRs and sometimes those titles match the first line of the commit message (other times they do not). The request is to fix these requests to match our needs.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.