From a95f13088e02fdd604436cc9258c3fc0c40e9cda Mon Sep 17 00:00:00 2001 From: Jason Meridth Date: Fri, 16 Feb 2024 12:13:21 -0600 Subject: [PATCH] chore: prep repo for move to github.com/procore-oss (open-source) github org (#68) * chore: prep repo for move to github.com/procore-oss (open-source) github org [OSPO-45](https://procoretech.atlassian.net/browse/OSPO-45) - [x] setup .github folder (actions, dependabot.yaml, ISSUE_TEMPLATES, PULL_REQUEST_TEMPLATE.md, CODEOWNERS) - [x] remove circleci, replace with github actions - [x] setup required files (README.md, SECURITY.md, CODE_OF_CONDUCT.md, LICENSE.md, CONTRIBUTING.md) - [x] update gemspec file - [x] verify no procore specific stuff present - [x] drop sonarqube, we are using other tooling (codeql, GHAS) in open-source Signed-off-by: jmeridth * fix: incomplete phrase in feature issue template Signed-off-by: jmeridth * fix: change license owner name in license to procore Signed-off-by: jmeridth --------- Signed-off-by: jmeridth --- .circleci/config.yml | 77 ------------ .github/CODEOWNERS | 4 +- .github/ISSUE_TEMPLATE/bug.yml | 66 ++++++++++ .github/ISSUE_TEMPLATE/config.yml | 1 + .github/ISSUE_TEMPLATE/docs.yml | 18 +++ .github/ISSUE_TEMPLATE/feature-request.yml | 36 ++++++ .github/ISSUE_TEMPLATE/question-support.yml | 18 +++ .github/PULL_REQUEST_TEMPLATE.md | 15 +++ .github/dependabot.yaml | 20 +++ .github/workflows/auto-assign-author.yaml | 13 ++ .github/workflows/codeql.yaml | 43 +++++++ .github/workflows/release.yaml | 40 ++++++ .github/workflows/stale.yaml | 38 ++++++ .github/workflows/test.yaml | 38 ++++++ CODE_OF_CONDUCT.md | 130 ++++++++++++++++++++ CONTRIBUTING.md | 37 ++++++ LICENSE.txt => LICENSE.md | 2 +- README.md | 4 +- SECURITY.md | 19 +++ procore.gemspec | 7 +- sonar-project.properties | 24 ---- 21 files changed, 542 insertions(+), 108 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/ISSUE_TEMPLATE/bug.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/docs.yml create mode 100644 .github/ISSUE_TEMPLATE/feature-request.yml create mode 100644 .github/ISSUE_TEMPLATE/question-support.yml create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/dependabot.yaml create mode 100644 .github/workflows/auto-assign-author.yaml create mode 100644 .github/workflows/codeql.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 .github/workflows/stale.yaml create mode 100644 .github/workflows/test.yaml create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md rename LICENSE.txt => LICENSE.md (95%) create mode 100644 SECURITY.md delete mode 100644 sonar-project.properties diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 6cc5f72..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,77 +0,0 @@ -version: 2.1 -executors: - sonar-scanner: - docker: - - image: sonarsource/sonar-scanner-cli:4.7.0 -jobs: - test-ruby: - parameters: - ruby_version: - type: string - docker: - - image: "cimg/ruby:<< parameters.ruby_version >>" - - image: cimg/redis:6.2.6 - - image: memcached:1.6.18 - working_directory: /home/circleci/ruby-sdk - steps: - - checkout - - run: - name: Install dependencies - command: bundle install - - run: - name: Run tests - command: COVERAGE=true bundle exec rake - - persist_to_workspace: - root: ./ - paths: - - coverage - publish: - docker: - - image: cimg/ruby:3.2.0 - steps: - - checkout - - run: - name: Install dependencies - command: bundle install - - run: - name: Publish to Rubygems - command: bundle exec rake release - sonarqube_analysis: - working_directory: /home/circleci/ruby-sdk - executor: sonar-scanner - steps: - - checkout - - attach_workspace: - at: . - - store_artifacts: - path: coverage - - run: - name: Execute sonar-scanner - command: sonar-scanner -Dsonar.host.url=$SONARQUBE_HOST -Dsonar.token=$SONARQUBE_OPS_CI_TOKEN -Dsonar.buildString=$CIRCLE_SHA1 -Dsonar.analysis.build.url=$CIRCLE_BUILD_URL -workflows: - test-and-publish: - jobs: - - test-ruby: - matrix: - parameters: - ruby_version: ["3.2", "3.1", "3.0", "2.7"] - filters: - tags: - only: /.*/ - - publish: - requires: - - test-ruby - filters: - tags: - only: /.*/ - branches: - ignore: /.*/ - - sonarqube_analysis: - context: - - procore-sonarqube-ci - requires: - - test-ruby-3.2 - filters: - branches: - only: - - master diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index d49a531..689f554 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1 @@ -# Read more about CODEOWNERS here - https://github.com/blog/2392-introducing-code-owners - -* @procore/team-api +* @procore-oss/procore-ospo @procore-oss/procore-ruby-sdk diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml new file mode 100644 index 0000000..bd3c1c9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug.yml @@ -0,0 +1,66 @@ +name: 🐞 Bug +description: File a bug/issue +title: "[bug] " +labels: [bug, needs-triage] +body: +- type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched the existing issues + required: true +- type: checkboxes + attributes: + label: Is this a regression? + description: Did this behavior work before? + options: + - label: Yes, this used to work before + required: false +- type: textarea + attributes: + label: Current Behavior + description: A concise description of what you're experiencing. + validations: + required: false +- type: textarea + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen. + validations: + required: false +- type: textarea + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + 1. + 2. + 3. + 4. + validations: + required: true +- type: textarea + attributes: + label: Environment + description: | + examples: + - **OS**: OSX 13.3.1 + - **Browser Name and Version**: Chrome Version 112.0.5615.49 (Official Build) (arm64) + - **Ruby Version**: 3.0.0 + value: | + - OS: + - Browser Name and version: + - Ruby Version: + render: markdown + validations: + required: true +- type: textarea + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the issue you are encountering! + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..3ba13e0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false diff --git a/.github/ISSUE_TEMPLATE/docs.yml b/.github/ISSUE_TEMPLATE/docs.yml new file mode 100644 index 0000000..387c39d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/docs.yml @@ -0,0 +1,18 @@ +name: 📚 Documentation or README.md issue report +description: File a bug/issue for docs or README.md +title: "[bug] <title>" +labels: [docs, needs-triage] +body: +- type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched the existing issues + required: true +- type: textarea + attributes: + label: Docs/README.md Part to update + description: A concise description of what you thing should be updated + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml new file mode 100644 index 0000000..e51081f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -0,0 +1,36 @@ +name: 🚀🆕 Feature Request +description: Suggest an idea or possible new feature for this project +title: "[Feature Request] <title>" +labels: [feature, needs-triage] +body: +- type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched the existing issues + required: true +- type: textarea + attributes: + label: Is your feature request related to a problem? Please describe + description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + validations: + required: true +- type: textarea + attributes: + label: Describe the feature you'd like to see implemented + description: A clear and concise description of what you want to happen + validations: + required: true +- type: textarea + attributes: + label: Describe alternatives you've considered + description: A clear and concise description of any alternative solutions or features you've considered + validations: + required: false +- type: textarea + attributes: + label: Additional context + description: Add any other context or additional information about the problem here + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/question-support.yml b/.github/ISSUE_TEMPLATE/question-support.yml new file mode 100644 index 0000000..c37ec1d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question-support.yml @@ -0,0 +1,18 @@ +name: ❓ Question or Support Request +description: Questions and requests for support +title: "[Question/Support] <title>" +labels: [question, support, needs-triage] +body: +- type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched the existing issues + required: true +- type: textarea + attributes: + label: Describe your question or ask for support + description: A concise description of what you would like support with + validations: + required: true diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..f8c9e83 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,15 @@ +Checklist: + +* [ ] I have updated the necessary documentation +* [ ] I have signed off all my commits as required by [DCO](https://github.com/procore-oss/blueprinter/blob/main/CONTRIBUTING.md) +* [ ] My build is green + +<!-- +Note on DCO: + +If the DCO check fails, one or more of your commits are not signed off. Please click on the *Details* link next to the DCO action for instructions on how to resolve this. + +Note on Versioning: + +Maintainers will bump the version and do a release when they are ready to release (possibly multiple merged PRs). Please do not bump the version in your PRs. +--> diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..a69deb7 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,20 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: / + schedule: + interval: "weekly" + timezone: "America/Los_Angeles" + labels: + - "dependabot" + - "dependencies" + - "github-actions" + - package-ecosystem: "bundler" + directory: / + schedule: + interval: "weekly" + timezone: "America/Los_Angeles" + labels: + - "dependabot" + - "dependencies" + - "bundler" diff --git a/.github/workflows/auto-assign-author.yaml b/.github/workflows/auto-assign-author.yaml new file mode 100644 index 0000000..9cb6711 --- /dev/null +++ b/.github/workflows/auto-assign-author.yaml @@ -0,0 +1,13 @@ +name: 'Auto Author Assign' + +on: + pull_request_target: + types: [opened, reopened] + +jobs: + assign-author: + runs-on: ubuntu-latest + steps: + - uses: toshimaru/auto-author-assign@v2.1.0 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 0000000..0b9343e --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,43 @@ +name: "Custom CodeQL" + +on: + workflow_dispatch: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: Ubuntu-latest + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'ruby' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..88cfd67 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,40 @@ +name: Release +on: + workflow_run: + workflows: [Test] + types: [completed] + branches: [master, main] + workflow_dispatch: # allow manual deployment through GitHub Action UI +jobs: + release: + runs-on: ubuntu-latest + if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} + steps: + - uses: actions/checkout@v4 + - name: Version file changed + id: version-file-changed + uses: tj-actions/changed-files@v42 + with: + files: lib/procore/version.rb + - name: Set up Ruby + if: ${{ github.event_name == 'workflow_dispatch' || steps.version-file-changed.outputs.any_changed == 'true' }} + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.2 + bundler-cache: true + - name: Installing dependencies + if: ${{ github.event_name == 'workflow_dispatch' || steps.version-file-changed.outputs.any_changed == 'true' }} + run: bundle install + - name: Build gem file + if: ${{ github.event_name == 'workflow_dispatch' || steps.version-file-changed.outputs.any_changed == 'true' }} + run: bundle exec rake build + - uses: fac/ruby-gem-setup-credentials-action@v2 + if: ${{ github.event_name == 'workflow_dispatch' || steps.version-file-changed.outputs.any_changed == 'true' }} + with: + user: "" + key: rubygems + token: ${{secrets.RUBY_GEMS_API_KEY}} + - uses: fac/ruby-gem-push-action@v2 + if: ${{ github.event_name == 'workflow_dispatch' || steps.version-file-changed.outputs.any_changed == 'true' }} + with: + key: rubygems diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml new file mode 100644 index 0000000..8b15e9c --- /dev/null +++ b/.github/workflows/stale.yaml @@ -0,0 +1,38 @@ +## Reference: https://github.com/actions/stale +name: Mark stale issues and pull requests +on: + schedule: + - cron: "30 1 * * *" + +permissions: + contents: read + +jobs: + stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # Number of days of inactivity before an issue becomes stale + days-before-stale: 60 + # Number of days of inactivity before a stale issue is closed + days-before-close: 7 + # Issues with these labels will never be considered stale + exempt-issue-labels: "on-hold,pinned,security" + exempt-pr-labels: "on-hold,pinned,security" + # Comment to post when marking an issue as stale. + stale-issue-message: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. + stale-pr-message: > + This pull request has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. + # Label to use when marking an issue as stale + stale-issue-label: 'no-issue-activity' + stale-pr-label: 'no-pr-activity' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..f706b06 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,38 @@ +name: Test +on: + push: + branches: [master, main] + pull_request: + branches: [master, main] +permissions: + contents: read +jobs: + test: + strategy: + matrix: + os: [ubuntu-latest] + ruby: ['3.0', '3.1', '3.2'] + include: + - os: ubuntu-20.04 + ruby: '2.7' + runs-on: ${{ matrix.os }} + services: + redis: + image: redis:6.2.6 + ports: + - 6379:6379 + memcached: + image: memcached:1.6.18 + ports: + - 11211:11211 + steps: + - uses: actions/checkout@v4 + - name: Set up Ruby ${{ matrix.ruby }} + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - name: Installing dependencies + run: bundle install + - name: Run tests + run: COVERAGE=true bundle exec rake diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..c786297 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,130 @@ +# Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Spam or other deceptive practices that take advantage of the community +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +<opensource@procore.com>. +All complaints will be reviewed and investigated promptly and fairly by +the Procore Open Source Program Office (OSPO) + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +<https://www.contributor-covenant.org/version/2/0/code_of_conduct.html>. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +<https://www.contributor-covenant.org/faq>. Translations are available at +<https://www.contributor-covenant.org/translations>. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..d5b8ff2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,37 @@ +# Contributing to Procore Projects + +This document explains the common procedures expected by contributors while submitting code to Procore open source projects. + +## Code of Conduct + +Please read and abide by the [Code of Conduct](CODE_OF_CONDUCT.md) + +## General workflow + +Once a GitHub issue is accepted and assigned to you, please follow general workflow in order to submit your contribution: + +1. Fork the target repository under your GitHub username. +2. Create a branch in your forked repository for the changes you are about to make. +3. Commit your changes in the branch you created in step 2. All commits need to be signed-off. Check the [legal](#legal) section bellow for more details. +4. Push your commits to your remote fork. +5. Create a Pull Request from your remote fork pointing to the HEAD branch (usually `main` branch) of the target repository. +6. Check the GitHub build and ensure that all checks are green. + +## Legal + +Procore projects use Developer Certificate of Origin ([DCO](https://GitHub.com/apps/dco/)). + +Please sign-off your contributions by doing ONE of the following: + +* Use `git commit -s ...` with each commit to add the sign-off or +* Manually add a `Signed-off-by: Your Name <your.email@example.com>` to each commit message. + +The email address must match your primary GitHub email. You do NOT need cryptographic (e.g. gpg) signing. + +* Use `git commit -s --amend ...` to add a sign-off to the latest commit, if you forgot. + +*Note*: Some projects will provide specific configuration to ensure all commits are signed-off. Please check the project's documentation for more details. + +## Tests + +Make sure your changes are properly covered by automated tests. We aim to build an efficient test suite that is low cost to maintain and bring value to project. Prefer writing unit-tests over heavy end-to-end (e2e) tests. However, sometimes e2e tests are necessary. If you aren't sure, ask one of the maintainers about the requirements for your pull-request. diff --git a/LICENSE.txt b/LICENSE.md similarity index 95% rename from LICENSE.txt rename to LICENSE.md index a1b4765..ac78084 100644 --- a/LICENSE.txt +++ b/LICENSE.md @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2017 Patrick Koperwas +Copyright (c) 2017 Procore Technologies, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 1fca9aa..c840d98 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # Procore Gem -[![CircleCI](https://circleci.com/gh/procore/ruby-sdk/tree/master.svg?style=svg)](https://app.circleci.com/pipelines/github/procore/ruby-sdk?branch=master) +[![Test](https://github.com/procore-oss/ruby-sdk/actions/workflows/test.yaml/badge.svg?branch=main)](https://github.com/procore-oss/ruby-sdk/actions/workflows/test.yaml) +[![Gem Version](https://badge.fury.io/rb/procore.svg)](https://badge.fury.io/rb/procore) +[![Discord](https://img.shields.io/badge/Chat-EDEDED?logo=discord)](https://discord.gg/PbntEMmWws) #### Table of Contents - [Installation](#installation) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..a16e346 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +## Supported Versions + +Ruby versions that are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| <=2.6 | :x: | +| 2.7 | :white_check_mark: | +| 3.0 | :white_check_mark: | +| 3.1 | :white_check_mark: | +| 3.2 | :white_check_mark: | + +## Reporting a Vulnerability + +Please click the `Report a vulnerability` button [here](https://github.com/procore-oss/ruby-sdk/security) to report a vulnerability. + +A maintainer will respond to you as soon as possible and discuss the process to get the vulnerability fixed. diff --git a/procore.gemspec b/procore.gemspec index 7a8695e..2e9091e 100644 --- a/procore.gemspec +++ b/procore.gemspec @@ -7,12 +7,12 @@ require "procore/version" Gem::Specification.new do |spec| spec.name = "procore" spec.version = Procore::VERSION - spec.authors = ["Procore Engineering"] + spec.authors = ["Procore Technologies, Inc."] spec.email = ["opensource@procore.comm"] spec.summary = "Procore Ruby Gem" spec.description = "Procore Ruby Gem" - spec.homepage = "https://github.com/procore/ruby-sdk" + spec.homepage = "https://github.com/procore-oss/ruby-sdk" spec.license = "MIT" spec.files = `git ls-files -z`.split("\x0").reject do |f| @@ -41,4 +41,7 @@ Gem::Specification.new do |spec| spec.add_dependency "activesupport", "> 2.4" spec.add_dependency "oauth2", "~> 2.0" spec.add_dependency "rest-client", "~> 2.0" + + spec.metadata['allowed_push_host'] = 'https://rubygems.org' + spec.metadata['rubygems_mfa_required'] = 'true' end diff --git a/sonar-project.properties b/sonar-project.properties deleted file mode 100644 index fd76464..0000000 --- a/sonar-project.properties +++ /dev/null @@ -1,24 +0,0 @@ -# This is a sample sonar-project.properties file that can be added to your repo. -# These are the most commonly used properties that are used to send the SonarQube analysis report -# to our server. -# You can find details about additional fields here: https://docs.sonarqube.org/9.3/analysis/analysis-parameters/ -# Feel free to reach out to #sonarqube-support or #team-test-tooling-and-frameworks for assistance. - -# The project name as displayed in SonarQube -sonar.projectKey=ruby-sdk -sonar.projectName=ruby-sdk - -# Path is relative to the sonar-project.properties file. Defaults to . -# Comma-separated paths to directories containing main source files. -sonar.sources=./lib - -# Comma-separated paths to directories containing test source files -sonar.tests=./test - -# Uncomment the respective section below associated to your repo's language -# Update the path as necessary to the coverage report file. -# More details about including coverage report can be found here: https://docs.sonarqube.org/9.3/analysis/coverage/ -# -# Ruby code coverage -# Comma-delimited list of paths to SimpleCov report files generated with the JSON formatter. -sonar.ruby.coverage.reportPaths=./coverage/coverage.json \ No newline at end of file