Merge pull request #52 from leanix/feature/CID-1624/validate-contribu…

…tion-process

[CID-1624] Validate contribution process

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Run the following command '...'
+2. Go to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Setup (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.
+
+TIPS: 
+- If you open a PR, please make sure to link it to this issue.
+- You can always edit your issue if it isn't formatted correctly.
+     See https://guides.github.com/features/mastering-markdown

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
+
+TIPS: 
+- If you open a PR, please make sure to link it to this issue.
+- You can always edit your issue if it isn't formatted correctly.
+     See https://guides.github.com/features/mastering-markdown

.github/workflows/gradle-build.yml

@@ -6,14 +6,24 @@ concurrency:
 
 on:
   push:
-    branches:
-      - main
-      - feature/**
   workflow_dispatch:
 
 jobs:
+  validation:
+    name: Branch name validation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch name
+        run: |
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]] || [[ "${{ github.ref }}" =~ ^refs/heads/feature/.*$ ]] || [[ "${{ github.ref }}" =~ ^refs/heads/bug/.*$ ]] ; then
+            echo "Branch naming is correct!"
+          else
+            echo "Invalid branch name! Correct format: 'feature/<branch-name>' or 'bug/<branch-name>'"
+            exit 1
+          fi
   gradle-ci:
     name: Build and test
+    needs: validation
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

CONTRIBUTING.md

@@ -0,0 +1,57 @@
+# Contributing to VSM-GITLAB-BROKER
+
+First off, thanks for taking the time to contribute! 🙌🎉
+
+The following is a set of guidelines for contributing to this project.
+
+## How Can I Contribute?
+
+## Using Issues
+
+We use GitHub issues to track public bugs and feature requests. If you have a general question, please reach out via other means.
+
+### Submitting an Issue
+
+If your issue appears to be a bug and hasn't been reported or you would like to request a new feature or improvement, open a new issue.
+
+### Reporting Bugs
+
+This section guides you through submitting a bug report for this project. Following these guidelines helps maintainers and the community understand your report, reproduce the behavior, and find related reports.
+
+- **Use a clear and descriptive title** for the issue to identify the problem.
+- **Describe the exact steps which reproduce the problem** in as much detail as possible. When listing steps, don't just say what you did, but explain how you did it.
+- **Describe the behavior you observed after following the steps** and point out what exactly is the problem with that behavior.
+- **Explain which behavior you expected to see instead and why.**
+- **Include screenshots and animated GIFs** which show you following the described steps and clearly demonstrate the problem. If you use the keyboard while following the steps, record the GIF with the Keybinding Resolver shown. You can use this tool to record GIFs on macOS and Windows, and this tool or this tool on Linux.
+
+### Suggesting Enhancements
+
+This section guides you through submitting an enhancement suggestion for this project, including completely new features and minor improvements to existing functionality.
+
+- **Use a clear and descriptive title** for the issue to identify the suggestion.
+- **Provide a step-by-step description of the suggested enhancement** in as many details as possible.
+- **Describe the current behavior** and **explain which behavior you expected to see instead** and why.
+
+### Submitting a Pull Request
+
+- Open a new issue in the `Issues` tab and describe what you plan to change.
+- Fill in the required template
+- Do not include issue numbers in the PR title
+- Include screenshots and animated GIFs in your pull request whenever possible.
+- Make sure your code follows the existing style (e.g. End all files with a newline,.)
+- Include relevant unit tests.
+- Create a pull request.
+
+### Git Commit Messages
+
+- Use the present tense ("Add feature" not "Added feature")
+
+## Additional Notes
+
+### Issue and Pull Request Labels
+
+This section lists the labels we use to help us track and manage issues and pull requests.
+
+- `bug` - Issues related to bugs.
+- `enhancement` - Issues related to enhancements.
+- `documentation` - Issues related to documentation.

README.md

@@ -17,6 +17,7 @@ on premise deployments that are not publicly accessible from the internet.
    2. [Using with M1 chips](#using-amd64-images-on-apple-m1)
 3. [Release Process](#release-process)
 4. [Broker Architecture](#broker-architecture)
+5. [Contributing](#contributing)
 
 ---
 
@@ -156,4 +157,16 @@ Should there be any open questions feel free to open an [issue](https://github.c
 4. At runtime:
    - as stated under 3) the service will listen to webhook events after the initial setup
 
-   - to account for any intermittent interruptions (e.g. network issues, docker container failure etc.) between the agent and the GitLab instance, the service will do a full scan every week to ensure eventual consistency in VSM
+   - to account for any intermittent interruptions (e.g. network issues, docker container failure etc.) between the agent and the GitLab instance, the service will do a full scan every week to ensure eventual consistency in VSM
+
+## Contributing
+
+We welcome contributions to the VSM GitLab Broker project. If you're looking to contribute:
+
+1. **Issues**: Feel free to open an [issue](https://github.com/leanix/vsm-gitlab-broker/issues) if you find a bug or want to suggest an enhancement. Please provide as much context as possible.
+
+2. **Pull requests**: If you'd like to contribute code, make sure to read our [Contribution Guidelines](./CONTRIBUTING.md) before submitting a pull request.
+
+3. **Security**: If you find a vulnerability, please review our [Security Policy](./SECURITY.md) on how to report it.
+
+Thank you for your interest in contributing to our project!

SECURITY.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+The following table details the versions of the vsm-gitlab-broker that are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.3.0   | :white_check_mark: |
+| < 1.3   | :x:                |
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability, please DO NOT disclose it publicly until we’ve had a chance to fix it.
+Please don’t report security vulnerabilities using GitHub issues, instead email us with the details.