defenseunicorns · mjnagel · Feb 14, 2024 · Feb 5, 2024 · Feb 5, 2024 · Feb 5, 2024
@@ -0,0 +1 @@
+adr
@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: 'possible-bug 🐛'
+assignees: ''
+---
+
+### Environment
+Device and OS:
+App/package versions:
+Kubernetes distro being used:
+Other:
+
+### Steps to reproduce
+1.
+
+### Expected result
+
+### Actual Result
+
+### Visual Proof (screenshots, videos, text, etc)
+
+### Severity/Priority
+
+### Additional Context
+Add any other context or screenshots about the technical debt here.
@@ -0,0 +1,22 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: 'enhancement ✨'
+assignees: ''
+---
+
+### Is your feature request related to a problem? Please describe.
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+### Describe the solution you'd like
+
+- **Given** a state
+- **When** an action is taken
+- **Then** something happens
+
+### Describe alternatives you've considered
+(optional) A clear and concise description of any alternative solutions or features you've considered.
+
+### Additional context
+Add any other context or screenshots about the feature request here.
@@ -0,0 +1,16 @@
+---
+name: Tech debt
+about: Record something that should be investigated or refactored in the future.
+title: ''
+labels: 'tech-debt 💳'
+assignees: ''
+---
+
+### Describe what should be investigated or refactored
+A clear and concise description of what should be changed/researched. Ex. This piece of the code is not DRY enough [...]
+
+### Links to any relevant code
+(optional) i.e. - https://github.com/defenseunicorns/uds-package-mattermost/blob/main/README.md?plain=1#L1
+
+### Additional context
+Add any other context or screenshots about the technical debt here.
@@ -0,0 +1,20 @@
+## Description
+
+...
+
+## Related Issue
+
+Fixes #
+<!-- or -->
+Relates to #
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Other (security config, docs update, etc)
+
+## Checklist before merging
+
+- [ ] Test, docs, adr added or updated as needed
+- [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-mattermost/blob/main/CONTRIBUTING.md#developer-workflow) followed
@@ -0,0 +1,50 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '30 1 * * 6'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge.
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        with:
+          sarif_file: results.sarif
@@ -1,8 +1,8 @@
-# Welcome to the Matter Operator UDS Capability
+# Welcome to the Mattermost UDS Package
 
-Thank you for your interest in this Defense Unicorns UDS Capability!
+Thank you for your interest in this Defense Unicorns UDS Package!
 
-This document describes the process and requirements for contributing to this UDS Capability.
+This document describes the process and requirements for contributing to this UDS Package.
 
 ## Developer Experience
 
@@ -16,12 +16,42 @@ Specifically:
 * Continuous integration (CI) pipeline tests are definitive
 * We create immutable release artifacts
 
-## Definition of Done
+### Developer Workflow
 
-We apply these general principles to all User Stories and activities contributing to the UDS SWF.
+:key: == Required by automation
 
-* Automated continuous integration (CI) pipeline tests pass
-* CI pipeline tests have been updated to meet system changes
-* Changes are peer reviewed
-* Acceptance criteria is met
-* Documentation is updated to reflect what changed
+1. Drop a comment in any issue to let everyone know you're working on it and submit a Draft PR (step 4) as soon as you are able.
+2. :key: Set up your Git config to GPG sign all commits. [Here's some documentation on how to set it up](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). You won't be able to merge your PR if you have any unverified commits.
+3. Create a Draft Pull Request as soon as you can, even if it is just 5 minutes after you started working on it. We lean towards working in the open as much as we can.
+   > ⚠️ **NOTE:** _:key: We use [Conventional Commit messages](https://www.conventionalcommits.org/) in PR titles so, if you can, use one of `fix:`, `feat:`, `chore:`, `docs:` or similar.  If you need help, just use with `wip:` and we'll help with the rest_
+4. :key: Automated tests will begin based on the paths you have edited in your Pull Request.
+   > ⚠️ **NOTE:** _If you are an external third-party contributor, the pipelines won't run until a [CODEOWNER](./CODEOWNERS) approves the pipeline run._
+5. :key: Be sure to heed the `needs-adr`,`needs-docs`,`needs-tests` labels as appropriate for the PR. Once you have addressed all of the needs, remove the label or request a maintainer to remove it.
+6. Once the review is complete and approved, a core member of the project will merge your PR. If you are an external third-party contributor, two core members of the project will be required to approve the PR.
+7. Close the issue if it is fully resolved by your PR. _Hint: You can add "Fixes #XX" to the PR description to automatically close an issue when the PR is merged._
+
+### Architecture Decision Records (ADR)
+
+We've chosen to use ADRs to document architecturally significant decisions. We primarily use the guidance found in [this article by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions) with a couple of tweaks:
+
+- The criteria for when an ADR is needed is undefined. The team will decide when the team needs an ADR.
+- We will use the tool [adr-tools](https://github.com/npryce/adr-tools) to make it easier on us to create and maintain ADRs.
+- We will keep ADRs specific to this package in the repository under `adr/NNNN-name-of-adr.md`.
+  > `adr-tools` is configured with a dotfile to automatically use this directory and format.
+- We will keep ADRs relating to Software Factory as a whole in the [UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory) repository under `adr/NNNN-name-of-adr.md`.
+
+### How to use `adr-tools`
+
+```bash
+# Create a new ADR titled "Use Bisquick for all waffle making"
+adr new Use Bisquick for all waffle making
+
+# Create a new ADR that supersedes a previous one. Let's say, for example, that the previous ADR about Bisquick was ADR number 9.
+adr new -s 9 Use scratch ingredients for all waffle making
+
+# Create a new ADR that amends a previous one. Let's say the previous one was ADR number 15
+adr new -l "15:Amends:Amended by" Use store-bought butter for all waffle making
+
+# Get full help docs. There are all sorts of other helpful commands that help manage the decision log.
+adr help
+```
@@ -1,14 +1,12 @@
 # UDS Mattermost Package
 
-This repo contains a UDS Package for [Mattermost](https://mattermost.com/), along with an example bundle and UDS tasks for development.
+[![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-mattermost)](https://github.com/defenseunicorns/uds-package-mattermost/releases)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-mattermost/tag-and-release.yaml)](https://github.com/defenseunicorns/uds-package-mattermost/actions/workflows/tag-and-release.yaml)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-mattermost/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-mattermost)
 
-## Flavors
-
-Two flavors of this package are produced at this time:
-- `upstream`: This flavor uses the upstream images (same ones deployed by the chart by default) and is intended for a quick and seamless development experience
-- `registry1` (amd64 architecture only): This flavor uses hardened images from [Ironbank](https://p1.dso.mil/services/iron-bank) and is intended for production environments
+This package is designed for use as part of a [UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory) bundle deployed on [UDS Core](https://github.com/defenseunicorns/uds-core).
 
-## Dependencies
+## Pre-requisites
 
 Mattermost requires two dependencies, postgres and s3 compatible object storage. Wiring Mattermost to your dependencies is done primarily via helm values, which will require the use of a bundle created with uds-cli.
 
@@ -50,6 +48,39 @@ To use IRSA make sure to NOT set the two key variables and add the appropriate r
               value: "arn:aws:iam::123456789:role/mattermost-role"
 ```
 
-## Additional Config
+## Flavors
+
+| Flavor | Description | Example Creation |
+| ------ | ----------- | ---------------- |
+| upstream-ce | Uses upstream images within the package. | `zarf package create . -f upstream` |
+| registry1 | Uses images from registry1.dso.mil within the package. | `zarf package create . -f registry1` |
+
+## Releases
+
+The released packages can be found in [ghcr](https://github.com/defenseunicorns/uds-package-mattermost/pkgs/container/packages%2Fuds%2Fmattermost).
+
+## UDS Tasks (for local dev and CI)
+
+*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
+
+| Task | Description | Example |
+| ---- | ----------- | ------- |
+| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` |
+| create-package | Creates just the Mattermost package | `uds run create-package --set FLAVOR=<flavor>` |
+| create-test-bundle | Creates Mattermost and Mattermost dependency packages and then bundles them | `uds run create-test-bundle` |
+| deploy-package | Deploy Mattermost package only | `uds run deploy-package` |
+| deploy-test-bundle | Deploy Mattermost and Mattermost dependency bundle | `uds run deploy-test-bundle` |
+| test-package | Run checks against a deployed package or bundle | `uds run test-package` |
+| cleanup | Teardown the cluster | `uds run cleanup` |
+
+## Values
+
+See: 
+1. [/values/config-values.yaml](/values/config-values.yaml)
+1. [/values/registry1-values.yaml](/values/registry1-values.yaml)
+1. [/values/upstream-values.yaml](/values/upstream-values.yaml)
+2. [/values/values.yaml](/values/values.yaml)
+
+## Contributing
 
-Additional configuration can be done via overrides to configure a number of Mattermost properties like SSO. Check the full list of values in the config chart [here](./chart/values.yaml). If you find that you need something else exposed please open an issue!
+Please see the [CONTRIBUTING.md](./CONTRIBUTING.md)
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+As UDS Software Factory has not yet reached v1.0.0, only the current latest minor release is supported.
+
+## Reporting a Vulnerability
+
+Please email `security-notice [at] defenseunicorns.com` to report a vulnerability. If you are unable to disclose details via email, please let us know and we can coordinate alternate communications.
@@ -0,0 +1,23 @@
+# 1. Record architecture decisions
+
+Date: 2024-02-04
+
+## Status
+
+Accepted
+
+## Context
+
+> NOTE:
+>
+> This file was automatically created when we used [adr-tools](https://github.com/npryce/adr-tools) to initialize the document log in the repo. ADRs on ADRs are a little silly, but it does give a lightweight way to direct the reader over to our contributor guide that has a lot more information.
+
+We need to record the architectural decisions made on this project.
+
+## Decision
+
+We will use Architecture Decision Records, as [described by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions), with a couple of small tweaks. See the [Documentation section in the Contributor guide](../CONTRIBUTING.md#documentation) for full details.
+
+## Consequences
+
+See Michael Nygard's article, linked above. For a lightweight ADR toolset, see Nat Pryce's [adr-tools](https://github.com/npryce/adr-tools).
@@ -0,0 +1,19 @@
+# NUMBER. TITLE
+
+Date: DATE
+
+## Status
+
+STATUS
+
+## Context
+
+The issue motivating this decision, and any context that influences or constrains the decision.
+
+## Decision
+
+The change that we're proposing or have agreed to implement.
+
+## Consequences
+
+What becomes easier or more difficult to do and any risks introduced by the change that will need to be mitigated.