Add required files for Kubernetes project donation

Signed-off-by: Stephen Augustus <saugustus@vmware.com>
kubernetes-sigs · Sep 3, 2020 · c457d40 · c457d40
1 parent adbd34f
commit c457d40
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 16 deletions.
diff --git a/OWNERS b/OWNERS
@@ -0,0 +1,11 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - sig-release-leads
+  - zeitgeist-approvers
+reviewers:
+  - zeitgeist-approvers
+  - zeitgeist-reviewers
+labels:
+  - sig/release
+  - area/release-eng
diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
@@ -0,0 +1,18 @@
+# See the OWNERS docs at https://go.k8s.io/owners#owners_aliases
+
+aliases:
+  sig-release-leads:
+    - alejandrox1
+    - justaugustus
+    - saschagrunert
+    - tpepper
+  zeitgeist-approvers:
+    - alejandrox1 # subproject owner
+    - justaugustus # subproject owner / Release Manager
+    - Pluies # subproject owner
+    - saschagrunert # subproject owner / Release Manager
+    - tpepper # subproject owner / Release Manager
+  zeitgeist-reviewers:
+    - cpanato # Release Manager
+    - hasheddan # Release Manager
+    - saschagrunert # Release Manager
diff --git a/README.md b/README.md
@@ -1,26 +1,36 @@
-**Zeitgeist** ([/ˈzaɪtɡaɪst/](https://en.wikipedia.org/wiki/Help:IPA/English)) is a language-agnostic dependency checker that keeps track of external dependencies across your project and ensure they're up-to-date.
+# Zeitgeist
+
+([/ˈzaɪtɡaɪst/](https://en.wikipedia.org/wiki/Help:IPA/English)) is a language-agnostic dependency checker that keeps track of external dependencies across your project and ensure they're up-to-date.
 
 [![CircleCI](https://circleci.com/gh/Pluies/zeitgeist.svg?style=shield)](https://circleci.com/gh/Pluies/zeitgeist)
 [![Go Report Card](https://goreportcard.com/badge/github.com/Pluies/zeitgeist)](https://goreportcard.com/report/github.com/Pluies/zeitgeist)
 [![GoDoc](https://godoc.org/github.com/Pluies/zeitgeist?status.svg)](https://godoc.org/github.com/Pluies/zeitgeist)
 
-Rationale
-=========
+- [Rationale](#rationale)
+- [What is Zeitgeist](#what-is-zeitgeist)
+- [When is Zeitgeist _not_ suggested](#when-is-zeitgeist-not-suggested)
+- [Naming](#naming)
+- [Releasing](#releasing)
+- [Credit](#credit)
+- [To do](#to-do)
+- [Community, discussion, contribution, and support](#community-discussion-contribution-and-support)
+  - [Code of conduct](#code-of-conduct)
+
+## Rationale
 
 More and more projects nowadays have external dependencies, and the best way to ensure stability and reproducibility is to pin these dependencies to a specific version.
 
 However, this leads to a new problem: the world changes around us, and new versions of these dependencies are released _all the time_.
 
 For a simple project with a couple of dependencies, a team can usually keep up to speed by following mailing lists or Slack channels, but for larger projects this becomes a daunting task.
 
-This problem is pretty much solved by package managers in specific programming languages (see _When is Zeitgeist _not_ suggested_ below), but it remains a big issue when:
+This problem is pretty much solved by package managers in specific programming languages (see [_When is Zeitgeist _not_ suggested_](#when-is-zeitgeist-not-suggested) below), but it remains a big issue when:
 
 - Your project relies on packages outside your programming language of choice
 - You declare infrastructure-as-code, where the "build step" is usually bespoke and dependencies are managed manually
 - Dependencies do not belong in a classical "package manager" (e.g. AMI images)
 
-What is Zeitgeist
-=================
+## What is Zeitgeist
 
 Zeitgeist is a tool that takes a configuration file with a list of dependencies, and ensures that:
 
@@ -82,20 +92,17 @@ Use `zeitgeist validate` to also check with defined `upstreams` whether a new ve
 
 See the [full documentation](https://godoc.org/github.com/Pluies/zeitgeist/dependencies#Dependency) to see configuration options.
 
-When is Zeitgeist _not_ suggested
-=================================
+## When is Zeitgeist _not_ suggested
 
 While Zeitgeist aims to be a great cross-language solution for tracking external dependencies, it won't be as well integrated as native package managers.
 
 If your project is mainly written in one single language with a well-known and supported package manager (e.g. [`npm`](https://www.npmjs.com/), [`maven`](https://maven.apache.org/), [`rubygems`](https://rubygems.org/), [`pip`](https://pypi.org/project/pip/), [`cargo`](https://crates.io/)...), you definitely should use your package manager rather than Zeitgeist.
 
-Naming
-======
+## Naming
 
 [Zeitgeist](https://en.wikipedia.org/wiki/Zeitgeist), a German compound word, can be translated as "spirit of the times" and refers to _a schema of fashions or fads which prescribes what is considered to be acceptable or tasteful for an era_.
 
-Releasing
-=========
+## Releasing
 
 Releases are generated with [goreleaser](https://goreleaser.com/).
 
@@ -106,13 +113,11 @@ export GPG_TTY=$(tty)
 goreleaser release --rm-dist
 ```
 
-Credit
-======
+## Credit
 
 Zeitgeist is inspired by [Kubernetes' script to manage external dependencies](https://groups.google.com/forum/?pli=1#!topic/kubernetes-dev/cTaYyb1a18I) and extended to include checking with upstream sources to ensure dependencies are up-to-date.
 
-To do
-=====
+## To do
 
 - [x] Find a good name for the project
 - [x] Support `helm` upstream
@@ -126,3 +131,16 @@ To do
 - [x] Externalise the project into its own repo
 - [x] Generate releases
 - [x] Automate release generation from a tag
+
+## Community, discussion, contribution, and support
+
+Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/).
+
+You can reach the maintainers of this project at:
+
+- [`#release-management`](https://kubernetes.slack.com/archives/CJH2GBF7Y) channel on [Kubernetes Slack](http://slack.k8s.io/)
+- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-release)
+
+### Code of conduct
+
+Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md).
diff --git a/SECURITY_CONTACTS b/SECURITY_CONTACTS
@@ -0,0 +1,17 @@
+# Defined below are the security contacts for this repo.
+#
+# They are the contact point for the Product Security Committee to reach out
+# to for triaging and handling of incoming issues.
+#
+# The below names agree to abide by the
+# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy)
+# and will be removed and replaced if they violate that agreement.
+#
+# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
+# INSTRUCTIONS AT https://kubernetes.io/security/
+
+alejandrox1
+justaugustus
+Pluies
+saschagrunert
+tpepper
diff --git a/code-of-conduct.md b/code-of-conduct.md
@@ -0,0 +1,3 @@
+# Kubernetes Community Code of Conduct
+
+Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md)