iredelmeier · pull · Feb 1, 2024 · Feb 5, 2024 · Feb 5, 2024 · Feb 5, 2024
diff --git a/.envrc b/.envrc
@@ -0,0 +1,6 @@
+if ! has nix_direnv_version || ! nix_direnv_version 1.5.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/1.5.0/direnvrc" "sha256-carKk9aUFHMuHt+IWh74hFj58nY4K3uywpZbwXX0BTI="
+fi
+use flake
+
+dotenv_if_exists
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -0,0 +1,102 @@
+name: 🐛 Bug report
+description: Report a bug to help us improve Dex
+body:
+- type: markdown
+  attributes:
+    value: |
+      Thank you for submitting a bug report!
+
+      Please fill out the template below to make it easier to debug your problem.
+
+      If you are not sure if it is a bug or not, you can contact us via the available [support channels](https://github.com/dexidp/dex/issues/new/choose).
+- type: checkboxes
+  attributes:
+    label: Preflight Checklist
+    description: Please ensure you've completed all of the following.
+    options:
+      - label: I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
+        required: true
+      - label: I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
+        required: true
+      - label: I am not looking for support or already pursued the available [support channels](https://github.com/dexidp/dex/issues/new/choose) without success.
+        required: true
+- type: input
+  attributes:
+    label: Version
+    description: What version of Dex are you running?
+    placeholder: 2.29.0
+  validations:
+    required: true
+- type: dropdown
+  attributes:
+    label: Storage Type
+    description: Which persistent storage type are you using?
+    options:
+      - etcd
+      - Kubernetes
+      - In-memory
+      - Postgres
+      - MySQL
+      - SQLite
+  validations:
+    required: true
+- type: dropdown
+  attributes:
+    label: Installation Type
+    description: How did you install Dex?
+    options:
+      - Binary
+      - Official container image
+      - Official Helm chart
+      - Custom container image
+      - Custom Helm chart
+      - Other (specify below)
+    multiple: true
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Expected Behavior
+    description: A clear and concise description of what you expected to happen.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Actual Behavior
+    description: A clear description of what actually happens.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Steps To Reproduce
+    description: Steps to reproduce the behavior if it is not self-explanatory.
+    placeholder: |
+      1. In this environment...
+      2. With this config...
+      3. Run '...'
+      4. See error...
+- type: textarea
+  attributes:
+    label: Additional Information
+    description: Links? References? Anything that will give us more context about the issue that you are encountering!
+- type: textarea
+  attributes:
+    label: Configuration
+    description: Contents of your configuration file (if relevant).
+    render: yaml
+    placeholder: |
+      issuer: http://127.0.0.1:5556/dex
+
+      storage:
+        # ...
+
+      connectors:
+        # ...
+
+      staticClients:
+        # ...
+- type: textarea
+  attributes:
+    label: Logs
+    description: Dex application logs (if relevant).
+    render: shell
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +1,12 @@
 blank_issues_enabled: false
 contact_links:
+  - name: 📖 Documentation enhancement
+    url: https://github.com/dexidp/website/issues
+    about: Suggest an improvement to the documentation
+
   - name: ❓ Ask a question
     url: https://github.com/dexidp/dex/discussions/new?category=q-a
-    about:  Ask and discuss questions with other Dex community members
+    about: Ask and discuss questions with other Dex community members
 
   - name: 📚 Documentation
     url: https://dexidp.io/docs/
@@ -11,3 +15,7 @@ contact_links:
   - name: 💬 Slack channel
     url: https://cloud-native.slack.com/messages/dexidp
     about: Please ask and answer questions here
+
+  - name: 💡 Dex Enhancement Proposal
+    url: https://github.com/dexidp/dex/tree/master/enhancements/README.md
+    about: Open a proposal for significant architectural change
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml
@@ -0,0 +1,40 @@
+name: 🎉 Feature request
+description: Suggest an idea for Dex
+body:
+- type: markdown
+  attributes:
+    value: |
+      Thank you for submitting a feature request!
+
+      Please describe what you would like to change/add and why in detail by filling out the template below.
+
+      If you are not sure if your request fits into Dex, you can contact us via the available [support channels](https://github.com/dexidp/dex/issues/new/choose).
+- type: checkboxes
+  attributes:
+    label: Preflight Checklist
+    description: Please ensure you've completed all of the following.
+    options:
+      - label: I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
+        required: true
+      - label: I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.
+        required: true
+- type: textarea
+  attributes:
+    label: Problem Description
+    description: A clear and concise description of the problem you are seeking to solve with this feature request.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Proposed Solution
+    description: A clear and concise description of what would you like to happen.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Alternatives Considered
+    description: A clear and concise description of any alternative solutions or features you've considered.
+- type: textarea
+  attributes:
+    label: Additional Information
+    description: Add any other context about the problem here.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,5 +1,5 @@
 <!--
-Thank you for sending a pull request! Here some tips for contributors:
+Thank you for sending a pull request! Here are some tips for contributors:
 
 1. Fill the description template below.
 2. Sign a DCO (if you haven't already signed it).
@@ -21,15 +21,3 @@ Thank you for sending a pull request! Here some tips for contributors:
 -->
 
 #### Special notes for your reviewer
-
-#### Does this PR introduce a user-facing change?
-
-<!--
-If no, just write "NONE" in the release-note block below.
-If yes, a release note is required:
-Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
--->
-
-```release-note
-
-```
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+To report a vulnerability, send an email to [cncf-dex-maintainers@lists.cncf.io](mailto:cncf-dex-maintainers@lists.cncf.io)
+detailing the issue and steps to reproduce. The reporter(s) can expect a
+response within 48 hours acknowledging the issue was received. If a response is
+not received within 48 hours, please reach out to any maintainer directly
+to confirm receipt of the issue.
+
+## Review Process
+
+Once a maintainer has confirmed the relevance of the report, a draft security
+advisory will be created on GitHub. The draft advisory will be used to discuss
+the issue with maintainers, the reporter(s).
+If the reporter(s) wishes to participate in this discussion, then provide
+reporter GitHub username(s) to be invited to the discussion. If the reporter(s)
+does not wish to participate directly in the discussion, then the reporter(s)
+can request to be updated regularly via email.
+
+If the vulnerability is accepted, a timeline for developing a patch, public
+disclosure, and patch release will be determined. The reporter(s) are expected
+to participate in the discussion of the timeline and abide by agreed upon dates
+for public disclosure.
diff --git a/.github/dependabot.yml → .github/dependabot.yaml b/.github/dependabot.yml → .github/dependabot.yaml
@@ -8,6 +8,20 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "gomod"
+    directory: "/api/v2"
+    labels:
+      - "area/dependencies"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "gomod"
+    directory: "/examples"
+    labels:
+      - "area/dependencies"
+    schedule:
+      interval: "daily"
+
   - package-ecosystem: "docker"
     directory: "/"
     labels:

diff --git a/.github/release.yml b/.github/release.yml
@@ -0,0 +1,30 @@
+changelog:
+  exclude:
+    labels:
+      - release-note/ignore
+  categories:
+    - title: Exciting New Features 🎉
+      labels:
+        - kind/feature
+        - release-note/new-feature
+    - title: Enhancements 🚀
+      labels:
+        - kind/enhancement
+        - release-note/enhancement
+    - title: Bug Fixes 🐛
+      labels:
+        - kind/bug
+        - release-note/bug-fix
+    - title: Breaking Changes 🛠
+      labels:
+        - release-note/breaking-change
+    - title: Deprecations ❌
+      labels:
+        - release-note/deprecation
+    - title: Dependency Updates ⬆️
+      labels:
+        - area/dependencies
+        - release-note/dependency-update
+    - title: Other Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/analysis-scorecard.yaml b/.github/workflows/analysis-scorecard.yaml
@@ -0,0 +1,47 @@
+name: OpenSSF Scorecard
+
+on:
+  branch_protection_rule:
+  push:
+    branches: [ main ]
+  schedule:
+    - cron: '30 0 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload results as artifact
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        with:
+          name: OpenSSF Scorecard results
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        with:
+          sarif_file: results.sarif