Improve alignment with our project quality standards (#418)

* Add SECURITY.md file * Add CONTRIBUTING.md file * Add status badge in README * Add 'make help' * Add detect-secrets to make lint * Force pull-requests to have labels * Rename Run to Usage * Update versions range in SECURITY.md
mozilla · May 12, 2023 · 9f2f2ca · 9f2f2ca
1 parent 01b98a0
commit 9f2f2ca
Show file tree

Hide file tree

Showing 8 changed files with 427 additions and 20 deletions.
diff --git a/.github/workflows/labels.yaml b/.github/workflows/labels.yaml
@@ -0,0 +1,14 @@
+name: Force pull-requests label(s)
+
+on:
+  pull_request:
+    types: [opened, labeled, unlabeled]
+jobs:
+  pr-has-label:
+    name: Will be skipped if labelled
+    runs-on: ubuntu-latest
+    if: ${{ join(github.event.pull_request.labels.*.name, ', ') == '' }}
+    steps:
+      - run: |
+          echo 'Pull-request must have at least one label'
+          exit 1
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,284 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {
+    ".circleci/config.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": ".circleci/config.yml",
+        "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
+        "is_verified": false,
+        "line_number": 241
+      }
+    ],
+    "config/local.ini": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "config/local.ini",
+        "hashed_secret": "c9d006d69371bbe336be477bc01a1db1418ef39d",
+        "is_verified": false,
+        "line_number": 38
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "config/local.ini",
+        "hashed_secret": "c9d006d69371bbe336be477bc01a1db1418ef39d",
+        "is_verified": false,
+        "line_number": 38
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "config/local.ini",
+        "hashed_secret": "215c95f7ecd7d592f10a7f540c30c4b8abeeadb9",
+        "is_verified": false,
+        "line_number": 112
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "config/local.ini",
+        "hashed_secret": "215c95f7ecd7d592f10a7f540c30c4b8abeeadb9",
+        "is_verified": false,
+        "line_number": 112
+      }
+    ],
+    "docs/tutorial-dev-kinto-admin.rst": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tutorial-dev-kinto-admin.rst",
+        "hashed_secret": "25ab86bed149ca6ca9c1c0d5db7c9a91388ddeab",
+        "is_verified": false,
+        "line_number": 57
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tutorial-dev-kinto-admin.rst",
+        "hashed_secret": "47236e351ed244d885490acec726510223697354",
+        "is_verified": false,
+        "line_number": 82
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tutorial-dev-kinto-admin.rst",
+        "hashed_secret": "bdf7192e23ab9e98651da98fe556e58b71170b82",
+        "is_verified": false,
+        "line_number": 86
+      }
+    ],
+    "docs/tutorial-local-server.rst": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tutorial-local-server.rst",
+        "hashed_secret": "25ab86bed149ca6ca9c1c0d5db7c9a91388ddeab",
+        "is_verified": false,
+        "line_number": 101
+      }
+    ],
+    "docs/tutorial-multi-signoff.rst": [
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tutorial-multi-signoff.rst",
+        "hashed_secret": "47236e351ed244d885490acec726510223697354",
+        "is_verified": false,
+        "line_number": 53
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "docs/tutorial-multi-signoff.rst",
+        "hashed_secret": "bdf7192e23ab9e98651da98fe556e58b71170b82",
+        "is_verified": false,
+        "line_number": 57
+      }
+    ],
+    "kinto-remote-settings/README.rst": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "kinto-remote-settings/README.rst",
+        "hashed_secret": "3650b7f537d2e64041a1e2ae269361c7480737ab",
+        "is_verified": false,
+        "line_number": 392
+      }
+    ],
+    "kinto-remote-settings/tests/changes/config.ini": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kinto-remote-settings/tests/changes/config.ini",
+        "hashed_secret": "2432d624df4739aa766c7ff39c84b5c599e681ea",
+        "is_verified": false,
+        "line_number": 3
+      }
+    ],
+    "kinto-remote-settings/tests/signer/config.ini": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kinto-remote-settings/tests/signer/config.ini",
+        "hashed_secret": "1dd36a56a08a3517e72339117edb26b43d3db2ab",
+        "is_verified": false,
+        "line_number": 22
+      }
+    ],
+    "kinto-remote-settings/tests/signer/ecdsa.private.pem": [
+      {
+        "type": "Private Key",
+        "filename": "kinto-remote-settings/tests/signer/ecdsa.private.pem",
+        "hashed_secret": "f0778f3e140a61d5bbbed5430773e52af2f5fba4",
+        "is_verified": false,
+        "line_number": 4
+      }
+    ],
+    "kinto-remote-settings/tests/signer/test_plugin_setup.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kinto-remote-settings/tests/signer/test_plugin_setup.py",
+        "hashed_secret": "abd55946648cbbd3630550b78067ef1484199bf8",
+        "is_verified": false,
+        "line_number": 229
+      }
+    ],
+    "kinto-remote-settings/tests/signer/test_signer.py": [
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "kinto-remote-settings/tests/signer/test_signer.py",
+        "hashed_secret": "35d7ae4d70815c03954197b32a07b69210bb88f5",
+        "is_verified": false,
+        "line_number": 17
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "kinto-remote-settings/tests/signer/test_signer.py",
+        "hashed_secret": "6dcdad898e412634d9152bc8f7e002a93c666e4a",
+        "is_verified": false,
+        "line_number": 18
+      },
+      {
+        "type": "Base64 High Entropy String",
+        "filename": "kinto-remote-settings/tests/signer/test_signer.py",
+        "hashed_secret": "6e111eaff9dce9d90a16cdb8ff94138863eee362",
+        "is_verified": false,
+        "line_number": 134
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kinto-remote-settings/tests/signer/test_signer.py",
+        "hashed_secret": "6e111eaff9dce9d90a16cdb8ff94138863eee362",
+        "is_verified": false,
+        "line_number": 134
+      }
+    ],
+    "kinto-remote-settings/tests/signer/test_signoff_flow.py": [
+      {
+        "type": "Basic Auth Credentials",
+        "filename": "kinto-remote-settings/tests/signer/test_signoff_flow.py",
+        "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
+        "is_verified": false,
+        "line_number": 48
+      }
+    ]
+  },
+  "generated_at": "2023-05-11T09:58:03Z"
+}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,13 @@
+First off, thanks for taking the time to contribute! ❤️
+
+All types of contributions are encouraged and valued.
+
+Before doing so, here are a few guidelines:
+
+* You agree to license your contributions under the project [license](LICENSE).
+* Use pull-requests early so it's open for discussion, even if your
+  contribution isn't ready yet.
+* All pull requests should include tests, as they help us avoid regressions in
+  our code.
+* A pull-request adding functionality should also update the documentation
+  accordingly.