diff --git a/.cargo/audit.toml b/.cargo/audit.toml new file mode 100644 index 0000000..5c06b1b --- /dev/null +++ b/.cargo/audit.toml @@ -0,0 +1,9 @@ +# https://github.com/RustSec/cargo-audit/blob/main/audit.toml.example + +[advisories] +ignore = [] +informational_warnings = ["unmaintained", "unsound"] + +[output] +quiet = false +deny = ["warnings"] diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 0000000..a3b4449 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,3 @@ +[alias] +# $> cargo fixit +fixit = "clippy --fix --allow-dirty --allow-no-vcs" diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..87205a9 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,72 @@ +# How to contribute to this project + +* Have a problem? [File a bug report][bug] +* Want to improve it? [File a feature request][feature] +* Something is not clear? [Ask a question][question] + +## Contributing + +Contributions include code, documentation, answering user questions, running the +project's infrastructure, and advocating for all types of users. + +The project welcomes all contributions from anyone willing to work in good faith +with other contributors and the community. No contribution is too small and all +contributions are valued. + +This guide explains the process for contributing to the project's GitHub +Repository. + +* [How to contribute to this project](#how-to-contribute-to-this-project) + * [Contributing](#contributing) + * [Code of Conduct](#code-of-conduct) + * [Bad Actors](#bad-actors) + +### Code of Conduct + +The project has a [Code of Conduct][coc] that *all* +contributors are expected to follow. This code describes the *minimum* behavior +expectations for all contributors. + +As a contributor, how you choose to act and interact towards your +fellow contributors, as well as to the community, will reflect back not only +on yourself but on the project as a whole. The Code of Conduct is designed and +intended, above all else, to help establish a culture within the project that +allows anyone and everyone who wants to contribute to feel safe doing so. + +Should any individual act in any way that is considered in violation of the +[Code of Conduct][coc], corrective actions will be taken. It is +possible, however, for any individual to *act* in such a manner that is not in +violation of the strict letter of the Code of Conduct guidelines while still +going completely against the spirit of what that Code is intended to accomplish. + +Open, diverse, and inclusive communities live and die on the basis of trust. +Contributors can disagree with one another so long as they trust that those +disagreements are in good faith and everyone is working towards a common +goal. + +### Bad Actors + +All contributors to tacitly agree to abide by both the letter and +spirit of the [Code of Conduct][coc]. Failure, or +unwillingness, to do so will result in contributions being respectfully +declined. + +A *bad actor* is someone who repeatedly violates the *spirit* of the Code of +Conduct through consistent failure to self-regulate the way in which they +interact with other contributors in the project. In doing so, bad actors +alienate other contributors, discourage collaboration, and generally reflect +poorly on the project as a whole. + +Being a bad actor may be intentional or unintentional. Typically, unintentional +bad behavior can be easily corrected by being quick to apologize and correct +course *even if you are not entirely convinced you need to*. Giving other +contributors the benefit of the doubt and having a sincere willingness to admit +that you *might* be wrong is critical for any successful open collaboration. + +Don't be a bad actor. + + +[bug]: https://github.com/asaaki/bevy_vach_assets/issues/new?template=bug_report.md +[feature]: https://github.com/asaaki/bevy_vach_assets/issues/new?template=feature_request.md +[question]: https://github.com/asaaki/bevy_vach_assets/issues/new?template=question.md +[coc]: ./CODE_OF_CONDUCT.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..1b9949a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Something is broken or misbehaving? Documentation missing or unclear? +title: '' +labels: '' +assignees: '' + +--- + + +## Bug Report + +### Current Behavior + + + +### Code/Gist + + + +### Expected behavior/code + + + +### Environment + +- Rust toolchain version(s): +- OS: [e.g. OSX 10.13.4, Windows 10] + +### Possible Solution + + +### Additional context/screenshots + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..7d563d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,21 @@ +--- +name: Feature request +about: Have a great idea for something new or a change? I'm all ears. +title: '' +labels: '' +assignees: '' + +--- + + +## Feature Request + +## Detailed Description + + +## Context + + + +## Possible Implementation + diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md new file mode 100644 index 0000000..f655232 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.md @@ -0,0 +1,16 @@ +--- +name: Question +about: Something unclear? Let me know! +title: '' +labels: '' +assignees: '' + +--- + + +## Question/Suggestion + + + +## Additional context + diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6d8291c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +# https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 + +updates: + - package-ecosystem: cargo + directory: / + schedule: + interval: daily + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml new file mode 100644 index 0000000..c24e138 --- /dev/null +++ b/.github/workflows/audit.yaml @@ -0,0 +1,22 @@ +name: Security Audit + +on: + pull_request: + paths: ['**/Cargo.toml', '**/Cargo.lock'] + push: + branches: [main] + paths: ['**/Cargo.toml', '**/Cargo.lock'] + schedule: + - cron: '23 5 * * *' + +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.1 + - uses: Swatinem/rust-cache@v2.7.1 + - uses: dtolnay/rust-toolchain@stable + - name: Install cargo audit + run: cargo install cargo-audit + - name: Run cargo audit + run: cargo audit diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..51b818f --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,52 @@ +name: Continuous Integration + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +env: + RUSTFLAGS: -Dwarnings + +jobs: + build_and_test: + name: Build and test + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + rust: [stable, beta, nightly] + + steps: + - uses: actions/checkout@v4.1.1 + + - uses: dtolnay/rust-toolchain@stable + with: + toolchain: ${{ matrix.rust }} + + - uses: Swatinem/rust-cache@v2.7.1 + + - run: cargo fetch + - run: cargo check --all + - run: cargo build --all + - run: cargo test --all + + check_fmt_and_docs: + name: Checking fmt, clippy, and docs + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4.1.1 + + - uses: dtolnay/rust-toolchain@stable + with: + toolchain: stable + components: rustfmt, clippy + + - uses: Swatinem/rust-cache@v2.7.1 + + - run: cargo check --all + - run: cargo clippy --tests -- -D warnings + - run: cargo fmt --all -- --check + - run: cargo doc --no-deps diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..57f8b43 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,27 @@ +# https://github.com/ahmadnassri/action-dependabot-auto-merge +name: Dependabot Auto Merge + +on: + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests + # could and should work, at least for public repos; + # tracking issue for this action's issue: + # https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60 + pull_request_target: + # allows to re-run just by relabeling the issue + types: [ labeled ] + +jobs: + auto-merge: + runs-on: ubuntu-latest + # if: github.actor == 'dependabot[bot]' + # allows to re-run just by relabeling the issue + if: contains(github.event.pull_request.labels.*.name, 'dependencies') + steps: + - uses: actions/checkout@v4.1.1 + - uses: ahmadnassri/action-dependabot-auto-merge@v2 + with: + target: patch + # Note: This needs to be a PAT with (public) repo rights, + # PAT-owning user needs to have write access to this repo + # (dependabot needs to recognize the comment as coming from an allowed reviewer) + github-token: ${{ secrets.BOT_TOKEN }} diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..d687ef9 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at + or via DM to . +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +. Translations are available at +.