defenseunicorns · justinthelaw · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024
@@ -1,4 +1,11 @@
 **/*.tar.zst
+**/*.log*
+**/__pycache__
+**/.ruff_cache
 **/Dockerfile*
 **/.gitignore
-**/Makefile
+**/Makefile
+**/node_modules
+**/.svelte-kit
+**/zarf-sbom/
+**/zarf-*.tar.zst
@@ -0,0 +1,134 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+`leapfrogai [@] defenseunicorns.com`.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
@@ -0,0 +1,54 @@
+# Welcome to LeapfrogAI
+
+Thank you for your interest in LeapfrogAI!
+
+This document describes the process and requirements for contributing.
+
+## Developer Experience
+
+Continuous Delivery is core to our development philosophy. Check out [https://minimumcd.org](https://minimumcd.org) for a good baseline agreement on what that means.
+
+Specifically:
+
+- We do trunk-based development (main) with short-lived feature branches that originate from the trunk, get merged into the trunk, and are deleted after the merge
+- We don't merge code into main that isn't releasable
+- We perform automated testing on all changes before they get merged to main
+- Continuous integration (CI) pipeline tests are definitive
+- We create immutable release artifacts
+
+### Developer Workflow
+
+:key: == Required by automation
+
+1. Drop a comment in any issue to let everyone know you're working on it and submit a Draft PR (step 4) as soon as you are able.
+2. :key: Set up your Git config to GPG sign all commits. [Here's some documentation on how to set it up](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). You won't be able to merge your PR if you have any unverified commits.
+3. Use the [pre-commit](https://pre-commit.com/) hooks to provide localized checks against your new or modified code to catch mistakes before pushing.
+
+  - Pre-commit must be activated in a Python-enabled environment and installed to the local `.git` repository to activate the commit hooks properly
+  - UDS and Zarf Lints require the [UDS tasks](../tasks.schema.json), [UDS](../uds.schema.json), and [Zarf](<(../zarf.schema.json)>) JSON schemas to be up-to-date with the current UDS CLI version (e.g., v0.14.0)
+
+  ```bash
+  wget https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/uds.schema.json
+  wget https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/zarf.schema.json
+  wget https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/tasks.schema.json
+  ```
+
+4. Create a Draft Pull Request as soon as you can, even if it is just 5 minutes after you started working on it. We lean towards working in the open as much as we can.
+
+   > ⚠️ **NOTE:** _:key: We use [Conventional Commit messages](https://www.conventionalcommits.org/) in PR titles so, if you can, use one of `fix:`, `feat:`, `chore:`, `docs:` or similar. If you need help, just use with `wip:` and we'll help with the rest_
+
+5. :key: Automated tests will begin based on the paths you have edited in your Pull Request.
+
+   > ⚠️ **NOTE:** _If you are an external third-party contributor, the pipelines won't run until a [CODEOWNER](./CODEOWNERS) approves the pipeline run._
+
+6. :key: Be sure to heed the `needs-adr`,`needs-docs`,`needs-tests` labels as appropriate for the PR. Once you have addressed all of the needs, remove the label or request a maintainer to remove it.
+7. Once the review is complete and approved, a core member of the project will merge your PR. If you are an external third-party contributor, two core members (CODEOWNERS) of the project will be required to approve the PR.
+8. Close the issue if it is fully resolved by your PR. _Hint: You can add "Fixes #XX" to the PR description to automatically close an issue when the PR is merged._
+
+### Release Please
+
+We've chosen Google's [release-please](https://github.com/googleapis/release-please#release-please) as our automated tag and release solution. Below are some basic usage instructions. Read the documentation provided in the link for more advanced usage.
+
+- Use the conventional commits specification for all PRs that are merged into the `main` branch.
+- To specify a specific version, like a patch or minor, you must provide an empty commit like this: `git commit --allow-empty -m "chore: release 0.1.0" -m "Release-As: 0.1.0"`
+- Maintain and provide a `secrets.RELEASE_PLEASE_TOKEN` Personal Access Token (PAT) as identified in the GitHub workflow YAML.
@@ -7,21 +7,30 @@ assignees: ''
 ---
 
 ### Environment
-Device and OS:
-App/package versions:
-Kubernetes distro being used:
-Other:
+
+1. OS and Architecture:
+2. App or Package Name:
+2. App or Package Version:
+3. Kubernetes Distribution:
+4. Kubernetes Version:
+5. Other:
 
 ### Steps to reproduce
+
 1.
 
 ### Expected result
 
+-
+
 ### Actual Result
 
+-
+
 ### Visual Proof (screenshots, videos, text, etc)
 
-### Severity/Priority
+-
 
 ### Additional Context
+
 Add any other context or screenshots about the technical debt here.
@@ -19,7 +19,9 @@ assignees: ''
 **Then** [something happens]
 
 ### Describe alternatives you've considered
+
 (optional) A clear and concise description of any alternative solutions or features you've considered.
 
 ### Additional context
+
 Add any other context or screenshots about the feature request here.
@@ -7,10 +7,13 @@ assignees: ''
 ---
 
 ### Describe what should be investigated or refactored
+
 A clear and concise description of what should be changed/researched. Ex. This piece of the code is not DRY enough [...]
 
 ### Links to any relevant code
-(optional) i.e. - https://github.com/defenseunicorns/uds-software-factory/blob/main/README.md?plain=1#L1
+
+(optional) i.e. - <https://github.com/defenseunicorns/leapfrogai/blob/main/.github/CONTRIBUTING.md>
 
 ### Additional context
-Add any other context or screenshots about the technical debt here.
+
+Add any other context or screenshots about the technical debt here.
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+As the LeapfrogAI has not yet reached v1.0.0, only the current latest minor release is supported.
+
+## Reporting a Vulnerability
+
+Please email `leapfrogai [@] defenseunicorns.com` to report a vulnerability for more details. If you are unable to disclose details via email, please let us know and we can coordinate alternate communications.
@@ -0,0 +1,16 @@
+## Description
+
+### BREAKING CHANGES
+
+### CHANGES
+
+## Related Issue
+
+Fixes #
+<!-- or -->
+Relates to #
+
+## Checklist before merging
+
+- [ ] Tests, documentation, ADR added or updated as needed
+- [ ] Followed the [Contributor Guide Steps](https://github.com/defenseunicorns/leapfrogai/blob/main/.github/CONTRIBUTING.md)
@@ -0,0 +1,38 @@
+name: PR Title Commit Lint
+
+on:
+  push:
+    branches:
+    - "!main"
+  pull_request:
+    branches:
+    - "main"
+    types: [opened, edited, synchronize]
+
+concurrency:
+  group: commit-lint-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  title-check:
+    runs-on: ubuntu-latest
+    name: Validate PR Title
+
+    permissions: read-all
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        fetch-depth: 0
+
+    - name: Setup Node.js
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+
+    - name: Install commitlint
+      run: npm install --save-dev @commitlint/{config-conventional,cli}
+
+    - name: Lint PR title
+      env:
+        pull_request_title: ${{ github.event.pull_request.title }}
+      run: echo "$pull_request_title" | npx commitlint
@@ -0,0 +1,48 @@
+name: Docker Lint
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "packages"
+      - "Dockerfile.migrations"
+      - ".dockerignore"
+      - ".github/workflows/docker-lint.yaml"
+  pull_request:
+    branches:
+      - "main"
+    paths:
+      - "packages"
+      - "Dockerfile.migrations"
+      - ".dockerignore"
+      - ".github/workflows/docker-lint.yaml"
+
+concurrency:
+  group: docker-lint-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+    name: Lint Docker Manifest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout Repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: "*Dockerfile*"
+          recursive: true
+          config: .hadolint.yaml