Set up CI and contribution info

.cargo/audit.toml

@@ -0,0 +1,9 @@
+# https://github.com/RustSec/cargo-audit/blob/main/audit.toml.example
+
+[advisories]
+ignore = []
+informational_warnings = ["unmaintained", "unsound"]
+
+[output]
+quiet = false
+deny = ["warnings"]

.cargo/config.toml

@@ -0,0 +1,3 @@
+[alias]
+# $> cargo fixit
+fixit = "clippy --fix --allow-dirty --allow-no-vcs"

.github/CONTRIBUTING.md

@@ -0,0 +1,72 @@
+# How to contribute to this project
+
+* Have a problem? [File a bug report][bug]
+* Want to improve it? [File a feature request][feature]
+* Something is not clear? [Ask a question][question]
+
+## Contributing
+
+Contributions include code, documentation, answering user questions, running the
+project's infrastructure, and advocating for all types of users.
+
+The project welcomes all contributions from anyone willing to work in good faith
+with other contributors and the community. No contribution is too small and all
+contributions are valued.
+
+This guide explains the process for contributing to the project's GitHub
+Repository.
+
+* [How to contribute to this project](#how-to-contribute-to-this-project)
+ * [Contributing](#contributing)
+ * [Code of Conduct](#code-of-conduct)
+ * [Bad Actors](#bad-actors)
+
+### Code of Conduct
+
+The project has a [Code of Conduct][coc] that *all*
+contributors are expected to follow. This code describes the *minimum* behavior
+expectations for all contributors.
+
+As a contributor, how you choose to act and interact towards your
+fellow contributors, as well as to the community, will reflect back not only
+on yourself but on the project as a whole. The Code of Conduct is designed and
+intended, above all else, to help establish a culture within the project that
+allows anyone and everyone who wants to contribute to feel safe doing so.
+
+Should any individual act in any way that is considered in violation of the
+[Code of Conduct][coc], corrective actions will be taken. It is
+possible, however, for any individual to *act* in such a manner that is not in
+violation of the strict letter of the Code of Conduct guidelines while still
+going completely against the spirit of what that Code is intended to accomplish.
+
+Open, diverse, and inclusive communities live and die on the basis of trust.
+Contributors can disagree with one another so long as they trust that those
+disagreements are in good faith and everyone is working towards a common
+goal.
+
+### Bad Actors
+
+All contributors to tacitly agree to abide by both the letter and
+spirit of the [Code of Conduct][coc]. Failure, or
+unwillingness, to do so will result in contributions being respectfully
+declined.
+
+A *bad actor* is someone who repeatedly violates the *spirit* of the Code of
+Conduct through consistent failure to self-regulate the way in which they
+interact with other contributors in the project. In doing so, bad actors
+alienate other contributors, discourage collaboration, and generally reflect
+poorly on the project as a whole.
+
+Being a bad actor may be intentional or unintentional. Typically, unintentional
+bad behavior can be easily corrected by being quick to apologize and correct
+course *even if you are not entirely convinced you need to*. Giving other
+contributors the benefit of the doubt and having a sincere willingness to admit
+that you *might* be wrong is critical for any successful open collaboration.
+
+Don't be a bad actor.
+
+<!-- links -->
+[bug]: https://github.com/asaaki/bevy_vach_assets/issues/new?template=bug_report.md
+[feature]: https://github.com/asaaki/bevy_vach_assets/issues/new?template=feature_request.md
+[question]: https://github.com/asaaki/bevy_vach_assets/issues/new?template=question.md
+[coc]: ./CODE_OF_CONDUCT.md

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,37 @@
+---
+name: Bug report
+about: Something is broken or misbehaving? Documentation missing or unclear?
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--- Provide a general summary of the issue in the Title above -->
+## Bug Report
+
+### Current Behavior
+<!--- A clear and concise description of the behavior -->
+
+
+### Code/Gist
+<!--- Any code, gist links, or repo links you have available that would be helpful for debugging -->
+
+
+### Expected behavior/code
+<!--- A clear and concise description of what you expected to happen (or code). -->
+
+
+### Environment
+<!--
+- Rust toolchain version(s): [e.g. nightly-2018-10-01-x86_64-apple-darwin]
+- OS: [e.g. OSX 10.13.4, Windows 10]
+-->
+- Rust toolchain version(s):
+- OS: [e.g. OSX 10.13.4, Windows 10]
+
+### Possible Solution
+<!--- Only if you have suggestions on a fix for the bug -->
+
+### Additional context/screenshots
+<!--- Add any other context about the problem here. If applicable, add screenshots to help explain. -->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,21 @@
+---
+name: Feature request
+about: Have a great idea for something new or a change? I'm all ears.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--- Provide a general summary of the issue in the Title above -->
+## Feature Request
+
+## Detailed Description
+<!--- Provide a detailed description of the change or addition you are proposing -->
+
+## Context
+<!--- Why is this change important to you? How would you use it? -->
+<!--- How can it benefit other users? -->
+
+## Possible Implementation
+<!--- Not obligatory, but suggest an idea for implementing addition or change -->

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,16 @@
+---
+name: Question
+about: Something unclear? Let me know!
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+<!--- Provide a general summary of the issue in the Title above -->
+## Question/Suggestion
+
+<!--- Provide your detailed question here -->
+
+## Additional context
+<!--- Optionally, supply any additional context of what you are trying to do -->

.github/dependabot.yml

@@ -0,0 +1,13 @@
+# https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+ - package-ecosystem: cargo
+ directory: /
+ schedule:
+ interval: daily
+ - package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: weekly

.github/workflows/audit.yaml

@@ -0,0 +1,22 @@
+name: Security Audit
+
+on:
+ pull_request:
+ paths: ['**/Cargo.toml', '**/Cargo.lock']
+ push:
+ branches: [main]
+ paths: ['**/Cargo.toml', '**/Cargo.lock']
+ schedule:
+ - cron: '23 5 * * *'
+
+jobs:
+ security_audit:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/[email protected]
+ - uses: Swatinem/[email protected]
+ - uses: dtolnay/rust-toolchain@stable
+ - name: Install cargo audit
+ run: cargo install cargo-audit
+ - name: Run cargo audit
+ run: cargo audit

.github/workflows/ci.yaml

@@ -0,0 +1,52 @@
+name: Continuous Integration
+
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ branches: [ main ]
+
+env:
+ RUSTFLAGS: -Dwarnings
+
+jobs:
+ build_and_test:
+ name: Build and test
+ runs-on: ${{ matrix.os }}
+ strategy:
+ matrix:
+ os: [ubuntu-latest]
+ rust: [stable, beta, nightly]
+
+ steps:
+ - uses: actions/[email protected]
+
+ - uses: dtolnay/rust-toolchain@stable
+ with:
+ toolchain: ${{ matrix.rust }}
+
+ - uses: Swatinem/[email protected]
+
+ - run: cargo fetch
+ - run: cargo check --all
+ - run: cargo build --all
+ - run: cargo test --all
+
+ check_fmt_and_docs:
+ name: Checking fmt, clippy, and docs
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/[email protected]
+
+ - uses: dtolnay/rust-toolchain@stable
+ with:
+ toolchain: stable
+ components: rustfmt, clippy
+
+ - uses: Swatinem/[email protected]
+
+ - run: cargo check --all
+ - run: cargo clippy --tests -- -D warnings
+ - run: cargo fmt --all -- --check
+ - run: cargo doc --no-deps

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,27 @@
+# https://github.com/ahmadnassri/action-dependabot-auto-merge
+name: Dependabot Auto Merge
+
+on:
+ # https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+ # could and should work, at least for public repos;
+ # tracking issue for this action's issue:
+ # https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60
+ pull_request_target:
+ # allows to re-run just by relabeling the issue
+ types: [ labeled ]
+
+jobs:
+ auto-merge:
+ runs-on: ubuntu-latest
+ # if: github.actor == 'dependabot[bot]'
+ # allows to re-run just by relabeling the issue
+ if: contains(github.event.pull_request.labels.*.name, 'dependencies')
+ steps:
+ - uses: actions/[email protected]
+ - uses: ahmadnassri/action-dependabot-auto-merge@v2
+ with:
+ target: patch
+ # Note: This needs to be a PAT with (public) repo rights,
+ # PAT-owning user needs to have write access to this repo
+ # (dependabot needs to recognize the comment as coming from an allowed reviewer)
+ github-token: ${{ secrets.BOT_TOKEN }}