Merge pull request #66 from wayofdev/feat/refactor

wayofdev · Apr 22, 2024 · 92fa272 · 92fa272
2 parents 355eae1 + 5954b02
commit 92fa272
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 73 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -11,10 +11,8 @@ trim_trailing_whitespace = true
 [*.md]
 trim_trailing_whitespace = false
 
-[*{.yml,.yaml}]
-indent_style = space
+[*.{yml,yaml}]
 indent_size = 2
 
-[*.json]
-indent_style = space
-indent_size = 4
+[Makefile]
+indent_style = tab
diff --git a/.github/ISSUE_TEMPLATE/5-security-report.yml b/.github/ISSUE_TEMPLATE/5-security-report.yml
@@ -1,7 +1,7 @@
 ---
 
 name: ⚠️ Security Report
-description: Report a security issue to help improve the project's safety.
+description: Please report security issues directly through GitHub Security Advisories to ensure privacy.
 title: '[Security]: '
 labels: ['type: bug', 'priority: high', 'type: security']
 
@@ -11,71 +11,24 @@ assignees:
 body:
   - type: markdown
     attributes:
-      value: ⚠️ **Security Report**
+      value: >
+        ⚠️ **Please DO NOT report security vulnerabilities here.** Instead, use the GitHub Security Advisories feature to report them privately and securely. This helps us address issues responsibly without exposing them publicly.
 
-  - type: textarea
-    id: security-issue-description
-    attributes:
-      label: Describe the security issue
-      description: Provide a clear and concise description of what the security issue is, without including sensitive details.
-      placeholder: Describe the security issue...
-    validations:
-      required: true
-
-  - type: textarea
-    id: steps-to-reproduce
-    attributes:
-      label: To Reproduce
-      description: |
-        Steps to reproduce the security issue:
-        1. Navigate to...
-        2. Perform action...
-        3. Observe outcome...
-      placeholder: |
-        1. Navigate to...
-        2. Perform action...
-        3. Observe outcome...
-    validations:
-      required: true
-
-  - type: textarea
-    id: expected-behaviour
-    attributes:
-      label: Expected behaviour
-      description: Describe what you expected to happen without the security flaw.
-      placeholder: What did you expect to happen?
-    validations:
-      required: true
-
-  - type: textarea
-    id: media-prove
+  - type: markdown
     attributes:
-      label: Media prove
-      description: If applicable, add screenshots or videos that help explain your issue, ensuring no sensitive data is displayed.
-      placeholder: Upload files or paste links here...
-    validations:
-      required: false
+      value: >
+        GitHub Advisories do not automatically notify maintainers, so by using the advisories, you help maintain confidentiality while ensuring the issue is documented and tracked properly.
 
-  - type: textarea
-    id: environment
+  - type: markdown
     attributes:
-      label: Your environment
-      description: |
-        Provide detailed information about your environment to help us replicate the issue:
-        * OS: [e.g. Ubuntu]
-        * PHP version: [e.g. 8.2.2]
-        * Package version: [e.g. 1.0.0]
-        * Any relevant environment details
-      placeholder: List your environment details here...
-    validations:
-      required: false
+      value: 'To create a new advisory, go to: [Create Security Advisory](https://github.com/wayofdev/gh-actions/security/advisories/new)'
 
   - type: textarea
-    id: additional-context
+    id: github-advisory-url
     attributes:
-      label: Additional context
-      description: Add any other context about the problem here, ensuring no sensitive data is included.
-      placeholder: Any additional information...
+      label: Your GitHub Advisory URL
+      description: Optionally, you can paste the URL of the GitHub Security Advisory you have created here for reference.
+      placeholder: Paste the GitHub Security Advisory URL here...
     validations:
       required: false
 

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -3,6 +3,12 @@
 blank_issues_enabled: true
 
 contact_links:
-  - name: Send an e-mail to the developer
-    url: mailto:the@wayof.dev
-    about: Please do NOT use this email to post issues or feature requests (only important business/personal contact).
+  - name: Start a discussion or ask a question.
+    url: https://github.com/wayofdev/.github/discussions
+    about: Please ask and answer questions here.
+
+  - name: Join our Discord Community
+    url: https://discord.gg/CE3TcCC5vr
+    about: Join our Discord community to get help, share your ideas, and chat with other developers.
+
+...
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -6,12 +6,20 @@ Thank you for helping keep project and its users safe. We greatly appreciate you
 
 ## 🚨 Reporting a Vulnerability
 
-We take all security bugs in project seriously. Thank you for improving the security of this project. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+We take all security bugs in our projects seriously. Please follow the instructions below to report security vulnerabilities.
 
 ### → How to Report a Vulnerability
 
-1. **Direct Contact**: For highly sensitive information, please email us directly at `the@wayof.dev` with the subject line "SECURITY - Vulnerability Report". This will be treated with the highest priority.
+1. **GitHub Security Advisories**: Please report security issues directly through our GitHub Security Advisories page: [https://github.com/wayofdev/gh-actions/security/advisories/new](https://github.com/wayofdev/gh-actions/security/advisories/new). This ensures that sensitive information is handled confidentially.
 
-2. **GitHub Issues**: For vulnerabilities that do not immediately affect the security of the application or its users, such as those found in non-critical systems, please report them through our GitHub issues. Make sure to use the `⚠️ Security Report` issue template. Please do not include sensitive information in GitHub issues. Detailed instructions about how to fill this report are included within the issue template itself.
+2. **Empty Security Issue**: After submitting through GitHub Security Advisories, please also create an empty security issue to alert us, as GitHub Advisories do not send automatic notifications. This can be done [here](https://github.com/wayofdev/gh-actions/issues/new?assignees=&labels=type%3A+bug%2Cpriority%3A+high%2Ctype%3A+security&projects=&template=5-security-report.yml&title=%5BSecurity%5D%3A+).
+
+3. **Direct Contact**: For highly sensitive information, in addition to the GitHub Security Advisories, please email us directly at `the@wayof.dev` with the subject line "SECURITY - Vulnerability Report". This will be treated with the highest priority.
+
+Please do not discuss potential security issues in public forums or through our public GitHub issues tracker.
+
+## ❌ Third-Party Bug Bounty Platforms
+
+At this moment, we DO NOT accept reports from third-party bug bounty platforms to minimize risk. All vulnerability reports should come through the specified channels above.
 
 <br>
diff --git a/Makefile b/Makefile
@@ -77,11 +77,11 @@ lint: lint-yaml lint-actions ## Lint all files
 .PHONY: lint
 
 lint-yaml: ## Lint all yaml files
-	@$(YAML_LINT_RUNNER)
+	@$(YAML_LINT_RUNNER) | tee -a $(MAKE_LOGFILE)
 .PHONY: lint-yaml
 
 lint-actions: ## Lint all github actions
-	@$(ACTION_LINT_RUNNER)
+	@$(ACTION_LINT_RUNNER) | tee -a $(MAKE_LOGFILE)
 .PHONY: lint-actions
 
 #

diff --git a/README.md b/README.md
@@ -8,7 +8,6 @@
         </picture>
     </a>
 </div>
-
 <br>
 
 <br>