repository set up

Author: Katarina Blagojevic

.github/workflows/create_staging_branch.yaml

@@ -0,0 +1,26 @@
+name: Create PR staging branch
+
+on:
+  pull_request_target:
+    branches: [main]
+    types: [opened, synchronize, reopened, edited]
+    paths:
+      - "advisories/**"
+  workflow_dispatch:
+
+jobs:
+  ensure-base-is-staging:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: actions/checkout@v2
+     - name: ensure base is staging
+       env:
+         PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+         PR_NUMBER: ${{ github.event.pull_request.number }}
+         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+       run: |
+         set -xeo pipefail
+         BRANCH_NAME="$PR_AUTHOR"/advisory-improvement-"$PR_NUMBER"
+         git checkout -b "$BRANCH_NAME"
+         git push origin "$BRANCH_NAME"
+         gh pr edit --repo ${{ github.repository }} $PR_NUMBER --base "$BRANCH_NAME"

.github/workflows/delete_staging_branch.yaml

@@ -0,0 +1,22 @@
+name: Delete PR staging branch
+
+on:
+  pull_request_target:
+    branches: ["*/advisory-improvement-*"]
+    types: [closed]
+    paths:
+      - "advisories/**"
+  workflow_dispatch:
+
+jobs:
+  delete-staging-branch:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: actions/checkout@v2
+     - name: delete staging branch
+       env:
+         STAGING_BRANCH: ${{ github.event.pull_request.base.ref }}
+         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+       run: |
+         set -xeo pipefail
+         git push origin --delete $STAGING_BRANCH

CODE_OF_CONDUCT.md

@@ -0,0 +1,81 @@
++++
+version = "1.4"
+aliases = ["/version/1/4"]
++++
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to make participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at opensource@github.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

CONTRIBUTING.md

@@ -0,0 +1,31 @@
+## Contributing
+
+[fork]: https://github.com/github/advisory-database/fork
+[pr]: https://github.com/github/advisory-database/compare
+[schema]: https://ossf.github.io/osv-schema/
+[code-of-conduct]: CODE_OF_CONDUCT.md
+
+Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
+
+Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.md).
+
+Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
+
+## Submitting an advisory improvement
+
+0. [Fork][fork] and clone the repository
+0. Create a new branch: `git checkout -b my-name-GHSA-ID`
+0. Make your change to the advisory file
+0. Push to your fork and [submit a pull request][pr]
+0. Pat your self on the back and wait for your pull request to be reviewed and merged.
+
+Here are a few things you can do that will increase the likelihood of your pull request being accepted:
+
+- Follow the OSSF [OSV schema][schema].
+- Change one advisory per PR. If there are multiple advisories you would like to improve, submit them as separate pull requests.
+
+## Resources
+
+- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
+- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
+- [GitHub Help](https://help.github.com)