GH Action workflow enhancements

.github/CONTRIBUTING.md

@@ -0,0 +1,118 @@
+# Contribution Guidelines
+
+First of all, thank you for taking the time to contribute! ✌️ 🎉
+
+We love your input regardless of its size, content or scope - whether it is an issue, feature request, bug-fix or documentation enhancement.
+
+Thanks 🙏 You rock 🤘
+
+## Table of contents
+
+[👶 Getting started](#getting-started)
+
+[📔 Code of Conduct](#code-of-conduct)
+
+[🗃 License](#license)
+
+[🐛 How to report a bug?](#how-to-report-a-bug)
+
+[💡 How to request the change?](#how-to-request-the-change)
+
+[🚩 How to submit a change?](#how-to-submit-a-change)
+
+[👗 Style guide](#style-guide)
+
+[🧐 Recognition model](#recognition-model)
+
+[❓ Any questions](#any-questions)
+
+## Getting started
+
+For an introduction, please read [`README`](README.md) file. You can also find vignettes [here](vignettes/). Usually you will find a "Getting started" article. Please also see the package manual in the form of a `pkgdown` website.
+
+## Code of Conduct
+
+This project is governed by [Code of Conduct](../CODE_OF_CONDUCT.md). By participating, you are expected to follow the rules outlined there.
+
+## License
+
+All of your code changes would be under the same [license](../LICENSE) that covers this project.
+
+## How to report a bug?
+
+We use GitHub to track issues, feature requests as well as bugs. Before opening a new issue please double-check if it's already reported (but don't worry if to be a duplicate - we will manage). If already there - up-vote ⬆️. We will have a look at it faster!
+
+We kindly ask you to write a good issue with a minimal and reproducible example that demonstrates the problem. It would also be great to know your local environment (R session info) as well. You will find our template for issues when opening a bug ticket. This will speed up the fixing process a lot! 📈.
+
+## How to request the change?
+
+If you notice a missing feature or you have an idea how to enhance existing functionalities - please let us know by creating a new issue. Before opening a new issue please double-check if it's already reported (but don't worry if occurs to be a duplicate - we will manage). If already there - up-vote ⬆️. We will have a look at it faster!
+
+Please elaborate on "why?" - what's the context, what's the benefit and for whom. You will find our template when opening a feature request ticket. This will help us prioritize and submit meaningful changes.
+
+## How to submit a change?
+
+### GitHub Flow
+
+We are following [GitHub Flow](https://docs.github.com/en/get-started/quickstart/github-flow) to collaborate in this repository. In order to submit the changes please do the following:
+
+1. Open a branch
+
+   Please see branch naming convention below. If you don't have write access please fork it first.
+
+1. Make changes.
+
+   Make sure your code passes all the checks and is well documented and tested so as not to decrease existing test coverage 💪.
+
+1. Create a PR(s)
+
+   Please link an issue and make a good change description. Include development assumptions when necessary. Give all the details for a reviewer to efficiently check your changes.
+
+1. Address review comments
+
+   Please apply changes where necessary. If you disagree with a reviewer - please explain why.
+
+1. Once approved - merge your PR(s) and delete a branch
+
+### Branching convention
+
+In case you are working on a task inside one specific repository, please name your branch `<issue_id>_<short_description>` all lowercase. Multiple words of the description should be divided by an underscore (`_`). E.g. `15_fix_spelling_error` in case you try to solve a spelling mistake mentioned in the issue number `15`.
+
+In case you are working on a task from one repository that affects multiple repositories, please always name your branches: `<issue_id>_<issue_repo>_<short description>` all lowercase. Multiple words of the description should be divided by an underscore (`_`). E.g. `15_abc_fix_spelling_error` in case you try to solve a spelling mistake inside `xyz` which closes issue `15` inside `abc`.
+
+### `monorepo` and `staged.dependencies`
+
+Sometimes you might need to change upstream dependent package(s) to be able to submit a meaningful change. We are using [`staged.dependencies`](https://github.com/openpharma/staged.dependencies) functionality to simulate a `monorepo` behavior. The configuration is already in the [`staged_dependencies.yaml`](../staged_dependencies.yaml) file. You just need to name the feature branches identically. This is the only exception from branch naming convention described above. Please read the package manual for more details.
+
+### Recommended development environment & tools
+
+#### R & package versions
+
+We continuously test our packages against the newest R version as well as a given package dependencies. We recommend to set-up your working environment in the same way. You can find all the details in a given GitHub Action execution log - there is a step that prints out session info.
+
+If you find out any bugs on the older version of dependencies - please create appropriate bug ticket.
+
+#### `pre-commit`
+
+We highly recommend the [`pre-commit`](https://pre-commit.com/) tool combined with [`R hooks for pre-commit`](https://github.com/lorenzwalthert/precommit) to execute some of the checks prior committing and pushing. The configuration is already there in a repository ([here](../.pre-commit-config.yaml)). Please, follow the installation guide on the official [`pre-commit` page](https://github.com/lorenzwalthert/precommit) and the [`GitHub` `readme` page](https://github.com/lorenzwalthert/precommit#installation) for the R hooks.
+
+## Style guide
+
+This repository follows standard [`tidyverse` style guide](https://style.tidyverse.org/) and it's being checked against it by [`lintr`](https://github.com/r-lib/lintr). There are some slight modifications to its default settings available in the [`.lintr`](../.lintr) file.
+
+Although it allows for some flexibility - we recommend sticking to the style of the existing code.
+
+Please note that there is a style and also `lintr` check in place that will validate your code.
+
+## Recognition model
+
+Any contribution is highly welcomed and appreciated. While all the contribution data is already there in GitHub repository insights feature, we introduced some objective rules to recognize a _significant_ contribution so as to became a package author:
+
+- Minimum 5% of lines of code authored (determined by `git blame` query) OR
+- Being at the top 5 contributors in terms of number of commits OR lines added OR lines removed.
+
+The package maintainer also reserves the rights to manually adjust the criteria to recognize contributions.
+
+## Any questions
+
+If you have any further questions regarding contribution - please reach out to the repository maintainer(s)!

.github/workflows/check.yaml

@@ -3,13 +3,19 @@ name: Check 🛠
 
 on:
   pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
     branches:
       - main
       - pre-release
   push:
     branches:
       - main
       - pre-release
+  workflow_dispatch:
 
 jobs:
   audit:
@@ -48,7 +54,7 @@ jobs:
     uses: insightsengineering/r.pkg.template/.github/workflows/links.yaml@main
   vbump:
     name: Version Bump 🤜🤛
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    if: github.event_name == 'push'
     uses: insightsengineering/r.pkg.template/.github/workflows/version-bump.yaml@main
     secrets:
       REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }}
@@ -62,4 +68,3 @@ jobs:
     if: github.event_name == 'pull_request'
     name: Style Check 👗
     uses: insightsengineering/r.pkg.template/.github/workflows/style.yaml@main
-

.github/workflows/docs.yaml

@@ -14,6 +14,11 @@ on:
       - LICENSE.*
       - NAMESPACE
   pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
     branches:
       - main
       - pre-release
@@ -25,6 +30,7 @@ on:
       - man/**
       - LICENSE.*
       - NAMESPACE
+  workflow_dispatch:
 
 jobs:
   docs:

.github/workflows/release.yaml

@@ -5,6 +5,7 @@ on:
   push:
     tags:
       - "v*"
+  workflow_dispatch:
 
 jobs:
   build:
@@ -13,6 +14,9 @@ jobs:
     uses: insightsengineering/r.pkg.template/.github/workflows/build-check-install.yaml@main
     secrets:
       REPO_GITHUB_TOKEN: ${{ secrets.REPO_GITHUB_TOKEN }}
+    with:
+      skip-r-cmd-check: true
+      skip-r-cmd-install: true
   docs:
     name: Pkgdown Docs 📚
     needs: release

.github/workflows/validate.yaml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - pre-release
+  workflow_dispatch:
 
 jobs:
   validation:

CODE_OF_CONDUCT.md

@@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

DESCRIPTION

@@ -41,4 +41,4 @@ VignetteBuilder:
 Encoding: UTF-8
 LazyData: true
 Roxygen: list(markdown = TRUE)
-RoxygenNote: 7.1.2
+RoxygenNote: 7.2.0

SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Reporting Security Issues
+
+If you believe you have found a security vulnerability in any of the repositories in this organization, please report it to us through coordinated disclosure.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Instead, please send an email to vulnerability.management[@]roche.com.
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Data Security Standards (DSS)
+
+Please make sure that while reporting issues in the form a bug, feature, or pull request, *all* sensitive information such as [PII](https://www.dhs.gov/privacy-training/what-personally-identifiable-information), [PHI](https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html), and [PCI](https://www.pcisecuritystandards.org/pci_security/standards_overview) is completely removed from any text and attachments, including pictures and videos.