diff --git a/.github/ISSUE_TEMPLATE/01_BUG_REPORT.md b/.github/ISSUE_TEMPLATE/01_BUG_REPORT.md index 7d12504..8bd87e5 100644 --- a/.github/ISSUE_TEMPLATE/01_BUG_REPORT.md +++ b/.github/ISSUE_TEMPLATE/01_BUG_REPORT.md @@ -20,11 +20,11 @@ latest **Expected behavior:** - + **Steps to reproduce:** - + **Related code:** diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ca0f5c4..5d0b0b3 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,16 +1,16 @@ -## Pull request type +## Pull Request type - + Please check the type of change your PR introduces: - [ ] Bugfix - [ ] Feature - [ ] Code style update (formatting, renaming) -- [ ] Refactoring (no functional changes, no api changes) -- [ ] Build related changes +- [ ] Refactoring (no functional changes, no API changes) +- [ ] Build-related changes - [ ] Documentation content changes - [ ] Other (please describe): @@ -33,8 +33,8 @@ Issue Number: N/A - [ ] Yes - [ ] No - + ## Other information - + diff --git a/.github/labels.yml b/.github/labels.yml index 092e3ab..6fc63e1 100755 --- a/.github/labels.yml +++ b/.github/labels.yml @@ -1,8 +1,8 @@ --- - name: "breaking-change" color: ee0701 - description: "A breaking change for existing users." -- name: "bug" + description: "A change that changes the API or breaks backward compatibility for users." +- name: "bugfix" color: ee0701 description: "Inconsistencies or issues which will cause a problem for users or implementors." - name: "documentation" @@ -13,10 +13,10 @@ description: "Enhancement of the code, not introducing new features." - name: "refactor" color: 1d76db - description: "Improvement of existing code, not introducing new features." + description: "Updating the code with simpler, easier to understand or more efficient syntax or methods, but not introducing new features." - name: "performance" color: 1d76db - description: "Improving performance, not introducing new features." + description: "Improving performance of the project, not introducing new features." - name: "new-feature" color: 0e8a16 description: "New features or options." @@ -25,41 +25,41 @@ description: "Generic maintenance tasks." - name: "ci" color: 1d76db - description: "Work that improves the continue integration." + description: "Work that improves the continuous integration." - name: "dependencies" color: 1d76db - description: "Upgrade or downgrade of project dependencies." + description: "Change in project dependencies." - name: "in-progress" color: fbca04 - description: "Issue is currently being resolved by a developer." + description: "Issue is currently being worked on by a developer." - name: "stale" color: fef2c0 - description: "There has not been activity on this issue or PR for quite some time." + description: "No activity for quite some time." - name: "no-stale" color: fef2c0 - description: "This issue or PR is exempted from the stable bot." + description: "This is exempt from the stale bot." - name: "security" color: ee0701 - description: "Marks a security issue that needs to be resolved ASAP." + description: "Addressing a vulnerability or security risk in this project." - name: "incomplete" color: fef2c0 - description: "Marks a PR or issue that is missing information." + description: "Missing information." - name: "invalid" color: fef2c0 - description: "Marks a PR or issue that is missing information." + description: "This is off-topic, spam, or otherwise doesn't apply to this project." - name: "beginner-friendly" color: 0e8a16 - description: "Good first issue for people wanting to contribute to the project." + description: "Good first issue for people wanting to contribute to this project." - name: "help-wanted" color: 0e8a16 - description: "We need some extra helping hands or expertise in order to resolve this." + description: "We need some extra helping hands or expertise in order to resolve this!" - name: "priority-critical" color: ee0701 - description: "This should be dealt with ASAP. Not fixing this issue would be a serious error." + description: "Must be addressed as soon as possible." - name: "priority-high" color: b60205 description: "After critical issues are fixed, these should be dealt with before any further issues." @@ -72,7 +72,7 @@ - name: "major" color: b60205 - description: "This PR causes a major version bump in the version number." + description: "This PR causes a major bump in the version number." - name: "minor" color: 0e8a16 - description: "This PR causes a minor version bump in the version number." + description: "This PR causes a minor bump in the version number." diff --git a/README.md b/README.md index 5bf4d3f..061e48f 100755 --- a/README.md +++ b/README.md @@ -145,14 +145,14 @@ Advanced manual setups are also supported. Check the following environment varia | Name | Default value | Description | | ---------------------- | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | | NODE_ENV | unset | You could learn more [here](https://nodejs.dev/learn/nodejs-the-difference-between-development-and-production) | -| LISTEN_ADDRESS | 0.0.0.0 | Express server listen address | -| ZU_SERVE_FRONTEND | true | You could disable frontend serving and use ZeroUI instance as REST API for your ZeroTier controller | -| ZU_SECURE_HEADERS | true | Enables [helmet](https://helmetjs.github.io) | -| ZU_CONTROLLER_ENDPOINT | http://localhost:9993/ | ZeroTier controller API endpoint | -| ZU_CONTROLLER_TOKEN | from /var/lib/zerotier-one/authtoken.secret | ZeroTier controller API token | -| ZU_DEFAULT_USERNAME | unset (docker-compose.yml: admin) | Default username that will be set on the first run | -| ZU_DEFAULT_PASSWORD | unset (docker-compose.yml: zero-ui) | Default password that will be set on the first run | -| ZU_DATAPATH | data/db.json | ZeroUI data storage path | +| LISTEN_ADDRESS | `0.0.0.0` | Express server listen address | +| ZU_SERVE_FRONTEND | `true` | You could disable frontend serving and use ZeroUI instance as REST API for your ZeroTier controller | +| ZU_SECURE_HEADERS | `true` | Enables [helmet](https://helmetjs.github.io) | +| ZU_CONTROLLER_ENDPOINT | `http://localhost:9993/` | ZeroTier controller API endpoint | +| ZU_CONTROLLER_TOKEN | from `/var/lib/zerotier-one/authtoken.secret` | ZeroTier controller API token | +| ZU_DEFAULT_USERNAME | unset (`docker-compose.yml`: admin) | Default username that will be set on the first run | +| ZU_DEFAULT_PASSWORD | unset (`docker-compose.yml`: zero-ui) | Default password that will be set on the first run | +| ZU_DATAPATH | `data/db.json` | ZeroUI data storage path | ZeroUI could be deployed as a regular nodejs web application, but it requires ZeroTier controller that is installed with `zerotier-one` package. More info about the network controller you could read [here](https://github.com/zerotier/ZeroTierOne/tree/master/controller/#readme). @@ -234,7 +234,7 @@ First off, thanks for taking the time to contribute! Contributions are what make 2. Create your feature branch (`git checkout -b feat/amazing_feature`) 3. Commit your changes (`git commit -m 'feat: add amazing_feature'`) 4. Push to the branch (`git push origin feat/amazing_feature`) -5. Open a pull request +5. [Open a Pull Request](https://github.com/dec0dOS/zero-ui/compare?expand=1) ZeroUI uses [conventional commits](https://www.conventionalcommits.org), so please follow the guidelines. Run `yarn commit` to open [TUI](https://en.wikipedia.org/wiki/Text-based_user_interface) that follows conventional commits guidelines. @@ -271,16 +271,16 @@ _For other platforms, please refer to [ZeroTier manual](https://www.zerotier.com Reach out to me at one of the following places: -- [GitHub discussions](https://github.com/dec0dOS/zero-ui/discussions) +- [GitHub Discussions](https://github.com/dec0dOS/zero-ui/discussions) - Email in [GitHub profile](https://github.com/dec0dOS) ## Security -ZeroUI follows good practices of security, but 100% security can't be granted in software. ZeroUI is provided "as is" without any warranty. Use at your own risk. +ZeroUI follows good practices of security, but 100% security cannot be assured. ZeroUI is provided "as is" without any warranty. Use at your own risk. For enterprise support, a more reliable and scalable solution, please use ZeroTier Central. -_For more info, please refer to the [security](docs/SECURITY.md)._ +_For more information and to report security issues, please refer to our [security documentation](docs/SECURITY.md)._ ## Copyright notice diff --git a/docs/SECURITY.md b/docs/SECURITY.md index e6df6f1..180450f 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -2,16 +2,15 @@ ## Reporting a Vulnerability -If there are any vulnerability in **ZeroUI** project, don't hesitate to _report them_. +If there are any vulnerabilities in **{{cookiecutter.project_name}}**, don't hesitate to _report them_. -1. Use any of the [contact addresses](https://github.com/dec0dOS/zero-ui#support). +1. Use any of the [private contact addresses](https://github.com/dec0dOS/zero-ui#support). 2. Describe the vulnerability. -- If you have a fix, explain or attach it. -- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes. +- If you have a fix, that is most welcome -- please attach or summarize it in your message! -##### You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. +3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report. -##### If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. +- Please **do not disclose the vulnerability publicly** until a fix is released! -##### After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days. +4. Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.