gt-sse-center · davidbrownell · Jun 10, 2024 · Jun 10, 2024
diff --git a/src/PythonProjectBootstrapper/package/cookiecutter.json b/src/PythonProjectBootstrapper/package/cookiecutter.json
@@ -21,8 +21,8 @@
     "gist_username": "{{ cookiecutter.github_username }}",
 
     "minisign_public_key": "<your minisign_public_key or none>",
+    "openssf_best_practices_badge_id": "<your OpenSSF Best Practices Badge ID or none>",
 
-    "openssf_best_practices_badge_id": "__openssf_badge_id__",
     "create_docker_image": false,
 
     "__empty_dir": "",
@@ -41,7 +41,7 @@
         "gist_id": "\n\nPlease enter the GitHub gist id for use with this project.\n\nGitHub defines a gist as \"a simple way to share snippets and pastes with others.\" The generated python project will use a gist to store information dynamically generated during the build (for example code coverage information) that can be retrieved at a later time (for example, to display a code coverage badge in the project's README.md file). To create a gist:\n    1. Go to https://gist.github.com/\n    2. Enter the following values in their respective fields:\n\n        Gist description...:                Gist used by GitHub Action workflows to store and retrieve dynamic information (oftentimes used to create and display badges).\n        Filename including extension...:    README.md\n        File contents:                      Gist used by GitHub Action workflows to store and retrieve dynamic information (oftentimes used to create and display badges).\n\n    3. Click the \"Create secret gist\" button\n    4. Copy the gist id (this will be the hex string at the end of the url associated with the gist\n       that was just created). It will look something like:\n\n          https://gist.github.com/<github username>/4c10281ff1abc26cafcb9a5f9a8a443e\n                                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n                                                           This is the gist id\n\n",
         "gist_username": "\n\nPlease enter the username associated with your gist_id. In most cases, this will be the same as your GitHub username.\n\n",
         "minisign_public_key": "\n\nPlease enter your Minisign public key for use with this project or \"none\" if you do not want to sign binaries (this is not recommended).\n\nMinisign is a dead simple tool to sign files and verify signatures. It is a secure tool that uses the Ed25519 public-key signature system. More information is available at https://jedisct1.github.io/minisign/.\n\nNote that these steps rely on docker (docker.com), so please make sure that docker is installed and working properly on your machine.\nAdditional information is available at https://docs.docker.com/engine/install/.\n\nTo create a Minisign key pair for use with this project:\n    1. Run 'docker run -i --rm -v \".:/host\" jedisct1/minisign -G -p /host/key.pub -s /host/key.pri -W'\n    2. Ensure that the file 'key.pri' exists (this file will be used later).\n    3. Open the file 'key.pub' and copy the key from the file; the key will be the last line of the file.\n    4. Paste the copied key here.\n\n",
-        "openssf_best_practices_badge_id": "\n\nEnter the OpenSSF Best Practices Badge ID to display in your README.md file. Keep this default value if you do not have an OpenSSF Best Practices Badge ID but would like to create one (this is highly recommended). Enter the value 'none' if you do not want to display this badge in your README.md file.\n\nThe Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Additional information is available at https://www.bestpractices.dev/.\n\nThis script will automatically generate scaffolding to achieve a 63% score. Completing your project's documentation and following development best practices will raise your score to 100%. Participation in the OpenSSF Best Practices Badge program is highly recommended.\n\n",
+        "openssf_best_practices_badge_id": "\n\nPlease enter your OpenSSF Best Practices Badge id for use with this project or \"none\" if you do not want to display this badge. Visit https://www.bestpractices.dev/ for additional information about this badge.\n\nTo create a OpenSSF Best Practices Badge id for use with this project:\n    1. Visit https://www.bestpractices.dev/\n    2. Click the \"Get Your Badge Now!\" button.\n    3. In the top form, select the corresponding repository.\n    4. Click the \"Submit GitHub Repository\" button.\n    5. Copy the badge id from the URL of the page that is displayed. It will look something like:\n\n        https://www.bestpractices.dev/en/projects/12345\n                                                  ^^^^^\n                                                    This is the badge id\n\n",
         "create_docker_image": "\n\nWould you like the GitHub Action workflows to create docker images of the development environment? These images can be used to produce exact results across different commits made to the repository over time (which is especially valuable when writing scientific software).\n\n"
     },
 

diff --git a/src/PythonProjectBootstrapper/package/cookiecutter_prompts.yaml b/src/PythonProjectBootstrapper/package/cookiecutter_prompts.yaml
@@ -93,11 +93,18 @@ minisign_public_key: |-
       4. Paste the copied key here.
 
 openssf_best_practices_badge_id: |-
-  Enter the OpenSSF Best Practices Badge ID to display in your README.md file. Keep this default value if you do not have an OpenSSF Best Practices Badge ID but would like to create one (this is highly recommended). Enter the value 'none' if you do not want to display this badge in your README.md file.
-
-  The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Additional information is available at https://www.bestpractices.dev/.
-
-  This script will automatically generate scaffolding to achieve a 63% score. Completing your project's documentation and following development best practices will raise your score to 100%. Participation in the OpenSSF Best Practices Badge program is highly recommended.
+  Please enter your OpenSSF Best Practices Badge id for use with this project or "none" if you do not want to display this badge. Visit https://www.bestpractices.dev/ for additional information about this badge.
+
+  To create a OpenSSF Best Practices Badge id for use with this project:
+      1. Visit https://www.bestpractices.dev/
+      2. Click the "Get Your Badge Now!" button.
+      3. In the top form, select the corresponding repository.
+      4. Click the "Submit GitHub Repository" button.
+      5. Copy the badge id from the URL of the page that is displayed. It will look something like:
+
+          https://www.bestpractices.dev/en/projects/12345
+                                                    ^^^^^
+                                                      This is the badge id
 
 create_docker_image: |-
   Would you like the GitHub Action workflows to create docker images of the development environment? These images can be used to produce exact results across different commits made to the repository over time (which is especially valuable when writing scientific software).
diff --git a/src/PythonProjectBootstrapper/package/hooks/post_gen_project.py b/src/PythonProjectBootstrapper/package/hooks/post_gen_project.py
@@ -186,106 +186,128 @@ def SavePrompts() -> None:
         """,
     )
 
-    prompts["Update README.md"] = textwrap.dedent(
+{% if cookiecutter.openssf_best_practices_badge_id != "none" %}
+    prompts["Update the OpenSSF Best Practices Badge [Basics]"] = textwrap.dedent(
         """\
-        In this step, we will update the README.md file with information about your project.
+        In this step, we will populate the "Basics" section of the OpenSSF Best Practices Badge.
+
+        1. Visit https://www.bestpractices.dev/en/projects/{{ cookiecutter.openssf_best_practices_badge_id }}/edit#basics
+        2. Search for these options and set them to the following values:
+
+            \[interact]: Met
+            \[contribution]: Met (Non-trivial contribution file in repository: <{{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/CONTRIBUTING.md>.)
+            \[contribution_requirements]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/CONTRIBUTING.md)
+            What license(s) is the project released under?: {{ cookiecutter.license }}
+            \[floss_license]: Met
+            \[floss_license_osi]: Met
+            \[license_location]: Met (Non-trivial license location file in repository: <{{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/LICENSE.txt>.)
+            \[discussion]: Met
+            \[english]: Met
+
+        3. Click on the "Save (and continue)" button.
+        """,
+    )
 
-        1. Edit README.md
-        2. Replace the "TODO" comment in the "Overview" section.
-        3. Replace the "TODO" comment in the "How to use {{ cookiecutter.github_project_name }}" section.
+    prompts["Update the OpenSSF Best Practices Badge [Change Control]"] = textwrap.dedent(
+        """\
+        In this step, we will populate the "Change Control" section of the OpenSSF Best Practices Badge.
+
+        1. Visit https://www.bestpractices.dev/en/projects/{{ cookiecutter.openssf_best_practices_badge_id }}/edit#changecontrol
+        2. Search for these options and set them to the following values:
+
+            \[repo_public]: Met
+            \[repo_track]: Met
+            \[repo_distributed]: Met
+            \[repo_interim]: Met
+            \[version_unique]: Met
+            \[version_semver]: Met
+            \[version_tags]: Met
+            \[release_notes]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/releases/latest)
+
+        3. Click on the "Save (and continue)" button.
         """,
     )
 
-{% if cookiecutter.openssf_best_practices_badge_id != "none" %}
-    prompts["Create the OpenSSF Best Practices Badge"] = textwrap.dedent(
+    prompts["Update the OpenSSF Best Practices Badge [Reporting]"] = textwrap.dedent(
+        """\
+        In this step, we will populate the "Reporting" section of the OpenSSF Best Practices Badge.
+
+        1. Visit https://www.bestpractices.dev/en/projects/{{ cookiecutter.openssf_best_practices_badge_id }}/edit#reporting
+        2. Search for these options and set them to the following values:
+
+            \[report_process]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/CONTRIBUTING.md)
+            \[report_tracker]: Met
+            \[report_responses]: Met
+            \[report_archive]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/issues)
+            \[vulnerability_report_process]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/SECURITY.md)
+            \[vulnerability_report_private]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/SECURITY.md)
+
+        3. Click on the "Save (and continue)" button.
+        """,
+    )
+
+    prompts["Update the OpenSSF Best Practices Badge [Quality]"] = textwrap.dedent(
         """\
-        In this step, we will populate information on www.bestpractices.dev that is used to display
-        the badge on our README.md file.
-
-        1. Visit https://www.bestpractices.dev/
-        2. Click the "Get Your Badge Now!" button.
-        3. In the lower form, provide these values:
-                What is the URL for the project home page?
-                    {{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}
-                What is the URL for the version control repository?
-                    {{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}
-        4. Click the "Submit URL" button.
-        5. Search for these options and set them to the following values:
-
-                Basics
-                    \[interact]: Met
-                    \[contribution_requirements]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/CONTRIBUTING.md)
-                    \[english]: Met
-
-                Change Control
-                    \[repo_interim]: Met
-                    \[version_unique]: Met
-                    \[version_semver]: Met
-                    \[version_tags]: Met
-                    \[release_notes]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/releases/latest)
-
-                Reporting
-                    \[report_process]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/CONTRIBUTING.md)
-                    \[report_tracker]: Met
-                    \[report_responses]: Met
-                    \[report_archive]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/issues)
-                    \[vulnerability_report_process]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/SECURITY.md)
-                    \[vulnerability_report_private]: Met ({{ cookiecutter.github_url }}/{{ cookiecutter.github_username }}/{{ cookiecutter.github_project_name }}/blob/main/SECURITY.md)
-
-                Quality
-                    \[build]: Met
-                    \[build_common_tools]: Met
-                    \[build_floss_tools]: Met
-                    \[test]: Met
-                    \[test_invocation]: Met
-                    \[test_most]: Met
-                    \[test_continuous_integration]: Met
-                    \[test_policy]: Met
-                    \[tests_are_added]: Met
-                    \[tests_documented_added]: Met
-                    \[warnings]: Met
-                    \[warnings_fixed]: Met
-                    \[warnings_strict]: Met
-
-                Analysis
-                    \[static_analysis]: Met (pylint, CodeQL)
-                    \[static_analysis_common_vulnerabilities]: Met
-                    \[static_analysis_often]: Met
-                    \[dynamic_analysis]: Met
-                    \[dynamic_analysis_unsafe]: N/A
-
-           These changes will result in a score of 63% (at the time this documentation was written). The remaining fields rely on documentation specific to your project
-           or developer behavior based on your interaction with the package (fix critical vulnerabilities within 60 days, etc.).
-
-        6. Click on the "Submit (and exit)" button.
-        7. Copy the unique id of your project from the bestpractices.dev URL for use in the next step.
-
-            https://www.bestpractices.dev/en/projects/12345
-                                                      ^^^^^
-                                                      This is the unique id of your project
+        In this step, we will populate the "Quality" section of the OpenSSF Best Practices Badge.
+
+        1. Visit https://www.bestpractices.dev/en/projects/{{ cookiecutter.openssf_best_practices_badge_id }}/edit#quality
+        2. Search for these options and set them to the following values:
+
+            \[build]: Met
+            \[build_common_tools]: Met
+            \[build_floss_tools]: Met
+            \[test]: Met
+            \[test_invocation]: Met
+            \[test_most]: Met
+            \[test_continuous_integration]: Met
+            \[test_policy]: Met
+            \[tests_are_added]: Met
+            \[tests_documented_added]: Met
+            \[warnings]: Met
+            \[warnings_fixed]: Met
+            \[warnings_strict]: Met
+
+        3. Click on the "Save (and continue)" button.
         """,
     )
 
-    prompts["Save the OpenSSF Best Practices Badge ID"] = textwrap.dedent(
+    prompts["Update the OpenSSF Best Practices Badge [Security]"] = textwrap.dedent(
         """\
-        In this step, we will update README.md with the OpenSSF Best Practices Badge ID.
+        In this step, we will populate the "Security" section of the OpenSSF Best Practices Badge.
+
+        1. Visit https://www.bestpractices.dev/en/projects/{{ cookiecutter.openssf_best_practices_badge_id }}/edit#security
+        2. Search for these options and set them to the following values:
+
+            \[static_analysis]: Met (pylint, CodeQL)
+            \[static_analysis_common_vulnerabilities]: Met
+            \[static_analysis_often]: Met
+            \[dynamic_analysis]: Met
+            \[dynamic_analysis_unsafe]: N/A
 
-        1. Edit 'README.md'.
-        2. Search for '__openssf_badge_id__' and replace all instances with the badge id copied in the previous step.
-        3. Save 'README.md'.
+        3. Click on the "Save (and continue)" button.
         """,
     )
 
-    prompts["Commit and Push the OpenSSF Best Practices Badge ID Changes"] = textwrap.dedent(
+    prompts["Update the OpenSSF Best Practices Badge [Final]"] = textwrap.dedent(
         """\
-        1. Run 'git add --all'
-        2. Run 'git commit -m "🎉 Updated README.md with OpenSSF Best Practices Badge ID"'
-        3. Run 'git push'
+        With the changes previously described, you should see a score of 63% (the score produced at the time that this documentation was written). Take a look at the unmet criteria to see if there are any additional changes that you can make to improve your score.
+
+        When you are finished, make sure to click on the "Submit (and exit)" button.
         """,
     )
 
 {% endif %}
 
+    prompts["Update README.md"] = textwrap.dedent(
+        """\
+        In this step, we will update the README.md file with information about your project.
+
+        1. Edit README.md
+        2. Replace the "TODO" comment in the "Overview" section.
+        3. Replace the "TODO" comment in the "How to use {{ cookiecutter.github_project_name }}" section.
+        """,
+    )
+
     with open(prompt_filename, "w") as prompt_file:
         # Modify the keys to include an index to ensure that the prompts are displayed in the
         # correct order after being read from the yaml file created here.