forked from oppia/oppia
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* apply prettier * fix compilation warnings, skip test with reduced coverage * add prettier github action
- Loading branch information
Showing
2,989 changed files
with
367,582 additions
and
286,956 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,12 +6,12 @@ In addition to developing the Oppia platform, the team is also developing and pi | |
|
|
||
| Oppia is written using Python and AngularJS, and is built on top of Google App Engine. See also: | ||
|
|
||
| * [Oppia.org community site](https://www.oppia.org) | ||
| * [User Documentation](https://oppia.github.io/) | ||
| * [Contributors' wiki](https://github.com/oppia/oppia/wiki) | ||
| * [GitHub Discussions](https://github.com/oppia/oppia/discussions) | ||
| * [Developer announcements](http://groups.google.com/group/oppia-dev) | ||
| * [File an issue](https://github.com/oppia/oppia/issues/new/choose) | ||
| - [Oppia.org community site](https://www.oppia.org) | ||
| - [User Documentation](https://oppia.github.io/) | ||
| - [Contributors' wiki](https://github.com/oppia/oppia/wiki) | ||
| - [GitHub Discussions](https://github.com/oppia/oppia/discussions) | ||
| - [Developer announcements](http://groups.google.com/group/oppia-dev) | ||
| - [File an issue](https://github.com/oppia/oppia/issues/new/choose) | ||
|
|
||
| You can also sign up to our [email newsletter](https://shorturl.at/CHPY6) for news and updates about the overall Oppia project. | ||
|
|
||
|
|
@@ -30,30 +30,29 @@ Please refer to the [Installing Oppia page](https://github.com/oppia/oppia/wiki/ | |
| The Oppia project is built by the community for the community. We welcome contributions from everyone, especially new contributors. | ||
|
|
||
| You can help with Oppia's development in many ways, including art, coding, design and documentation. | ||
| * **Developers**: please see [this wiki page](https://github.com/oppia/oppia/wiki/Contributing-code-to-Oppia#setting-things-up) for instructions on how to set things up and commit changes. | ||
| * **All other contributors**: please see our [general contributor guidelines](https://github.com/oppia/oppia/wiki). | ||
|
|
||
| If you'd like to donate to support our work, you can do so [here](https://www.oppia.org/donate). | ||
| - **Developers**: please see [this wiki page](https://github.com/oppia/oppia/wiki/Contributing-code-to-Oppia#setting-things-up) for instructions on how to set things up and commit changes. | ||
| - **All other contributors**: please see our [general contributor guidelines](https://github.com/oppia/oppia/wiki). | ||
|
|
||
| If you'd like to donate to support our work, you can do so [here](https://www.oppia.org/donate). | ||
|
|
||
| ## Support | ||
|
|
||
| If you have any feature requests or bug reports, please log them on our [issue tracker](https://github.com/oppia/oppia/issues/new/choose). | ||
|
|
||
| Please report security issues directly to [email protected]. | ||
|
|
||
|
|
||
| ## License | ||
|
|
||
| The Oppia code is released under the [Apache v2 license](https://github.com/oppia/oppia/blob/develop/LICENSE). | ||
|
|
||
|
|
||
| ## Keeping in touch | ||
|
|
||
| * [Discussion forum](https://github.com/oppia/oppia/discussions) | ||
| * [Announcements mailing list](http://groups.google.com/group/oppia-announce) | ||
| - [Discussion forum](https://github.com/oppia/oppia/discussions) | ||
| - [Announcements mailing list](http://groups.google.com/group/oppia-announce) | ||
|
|
||
| ## Social Media | ||
|
|
||
| [<img height="30" src="https://img.shields.io/badge/twitter-1DA1F2.svg?&style=for-the-badge&logo=twitter&logoColor=white" />][twitter] [<img height="30" src="https://img.shields.io/badge/linkedin-0077B5.svg?&style=for-the-badge&logo=linkedin&logoColor=white" />][LinkedIn] [<img height="30" src = "https://img.shields.io/badge/facebook-1877F2.svg?&style=for-the-badge&logo=facebook&logoColor=white">][Facebook] [<img height="30" src = "https://img.shields.io/badge/medium-12100E.svg?&style=for-the-badge&logo=medium&logoColor=white">][medium] [<img height="30" src = "https://img.shields.io/badge/oppia.org%20youtube-FF0000.svg?&style=for-the-badge&logo=youtube&logoColor=white">][oppia-org-youtube] [<img height="30" src = "https://img.shields.io/badge/oppia%20dev%20youtube-FF0000.svg?&style=for-the-badge&logo=youtube&logoColor=white">][dev-youtube] | ||
|
|
||
| [twitter]: https://twitter.com/oppiaorg | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,10 +6,10 @@ This vulnerability disclosure process describes how we accept and respond to sec | |
|
|
||
| Reporters should email [[email protected]](mailto:[email protected]) or open a [GitHub Security Vulnerability Report](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) with: | ||
|
|
||
| * A description of the problem. | ||
| * Steps we can follow to reproduce the problem. | ||
| * Affected versions. | ||
| * If known, mitigations for the problem. | ||
| - A description of the problem. | ||
| - Steps we can follow to reproduce the problem. | ||
| - Affected versions. | ||
| - If known, mitigations for the problem. | ||
|
|
||
| We will respond within 3 days of the reporter's submission to acknowledge receipt of their report. Here is a template acknowledgement message: | ||
|
|
||
|
|
@@ -27,27 +27,27 @@ $OPPIA_SECURITY_TEAM_MEMBER | |
|
|
||
| Immediately upon receiving a report of a security problem, a member of Oppia’s security team (the tech leads for now) will assemble a vulnerability response team (VRT). This team should: | ||
|
|
||
| * Include an Oppia tech lead. | ||
| * Include developers (most likely 1-2) with expertise in the part of the app affected by the problem. | ||
| * Include as few developers as possible to avoid premature publication of the problem. | ||
| - Include an Oppia tech lead. | ||
| - Include developers (most likely 1-2) with expertise in the part of the app affected by the problem. | ||
| - Include as few developers as possible to avoid premature publication of the problem. | ||
|
|
||
| The tech lead will designate one VRT member as the VRT lead responsible for driving our response. The VRT lead will immediately (ideally within 24 hours) investigate the report and classify it as: | ||
|
|
||
| * **Won’t fix**: The app is working as intended, the bug is not important enough for us to spend resources fixing, or the requested feature is not something we plan to implement. | ||
| - **Won’t fix**: The app is working as intended, the bug is not important enough for us to spend resources fixing, or the requested feature is not something we plan to implement. | ||
|
|
||
| * **Bug**: The problem identified is legitimate, but it is not a security issue. It will be resolved through our normal bug-fixing process. | ||
| - **Bug**: The problem identified is legitimate, but it is not a security issue. It will be resolved through our normal bug-fixing process. | ||
|
|
||
| * **Feature request**: The report identifies a new feature that should be implemented. It will be handled through our normal feature-development process. | ||
| - **Feature request**: The report identifies a new feature that should be implemented. It will be handled through our normal feature-development process. | ||
|
|
||
| * **Low-severity vulnerability**: The report identifies a security vulnerability that does not meet the high-severity criteria. It will be resolved through our normal bug-fixing process. A "security vulnerability" is unintended behavior with security implications. This is distinct from a feature request, which refers to cases where the code behaves as intended, but the reporter disagrees with that intention. | ||
| - **Low-severity vulnerability**: The report identifies a security vulnerability that does not meet the high-severity criteria. It will be resolved through our normal bug-fixing process. A "security vulnerability" is unintended behavior with security implications. This is distinct from a feature request, which refers to cases where the code behaves as intended, but the reporter disagrees with that intention. | ||
|
|
||
| For example, suppose we improperly sanitized user-provided data at the models layer such that user-provided code could be executed, but validation checks at the controller layer prevented an attacker from actually exploiting the vulnerability. This would be a security vulnerability because we do not intend for the models layer to allow user-provided code to execute, but it would be low-severity because the controllers layer would prevent exploitation. | ||
|
|
||
| * **High-severity vulnerability**: The report identifies an exploitable security vulnerability that, if exploited, could result in any of the following: | ||
| - **High-severity vulnerability**: The report identifies an exploitable security vulnerability that, if exploited, could result in any of the following: | ||
|
|
||
| * (Confidentiality) Unauthorized access to any sensitive data that shouldn't be made public. Here, "sensitive data" generally refers to both private user data, as well as information that could be used to gain access to private user data; if in doubt, consult the data owners. | ||
| * (Integrity) Unauthorized edits to any data. | ||
| * (Availability) Degraded system performance of the platform for users. | ||
| - (Confidentiality) Unauthorized access to any sensitive data that shouldn't be made public. Here, "sensitive data" generally refers to both private user data, as well as information that could be used to gain access to private user data; if in doubt, consult the data owners. | ||
| - (Integrity) Unauthorized edits to any data. | ||
| - (Availability) Degraded system performance of the platform for users. | ||
|
|
||
| Note that while the VRT contains multiple individuals, it’s ultimately expected that the VRT lead drives the effort. This should be in collaboration with VRT members, but in cases of urgent vulnerabilities the VRT lead can operate authoritatively to mitigate or remediate the issue (i.e. they do not need VRT consensus or review, but they should leverage VRT team members as a source for information and help). | ||
|
|
||
|
|
@@ -61,8 +61,8 @@ The rest of this document describes how we handle high-severity vulnerabilities. | |
|
|
||
| If the problem is confirmed as a high-severity vulnerability, the VRT will open a [GitHub security advisory](https://docs.github.com/en/code-security/repository-security-advisories/about-github-security-advisories-for-repositories) and, if both the VRT and reporter agree, add the reporter to the advisory so we can collaborate on it. We will coordinate work on the vulnerability via: | ||
|
|
||
| * **The GitHub security advisory.** These advisories will let us collaborate in private, and they are appropriate in cases where disclosing the vulnerability prior to remediating it could put our users or developers at risk. | ||
| * **(Optionally) An additional GitHub issue and pull request.** This will immediately disclose the vulnerability, and we will take this approach when immediate disclosure poses little risk to our users and developers. For example, when the vulnerability is already publicly known. Unlike security advisories, CI checks can run on these PRs. | ||
| - **The GitHub security advisory.** These advisories will let us collaborate in private, and they are appropriate in cases where disclosing the vulnerability prior to remediating it could put our users or developers at risk. | ||
| - **(Optionally) An additional GitHub issue and pull request.** This will immediately disclose the vulnerability, and we will take this approach when immediate disclosure poses little risk to our users and developers. For example, when the vulnerability is already publicly known. Unlike security advisories, CI checks can run on these PRs. | ||
|
|
||
| Note that we will create a GitHub security advisory even if we choose to collaborate on a fix using an open issue or PR because we’ll want to publish the advisory when disclosing the vulnerability. | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| ## Note on splitting of e2e workflows | ||
|
|
||
| The e2e test suites are split into workflows such that each workflow takes | ||
| approximately the same time to run. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| name: Check code is formatted with prettier | ||
| on: | ||
| merge_group: | ||
| types: [checks_requested] | ||
| push: | ||
| branches: | ||
| - develop | ||
| - release-* | ||
| pull_request: | ||
| branches: | ||
| - develop | ||
| - release-* | ||
|
|
||
| jobs: | ||
| run_prettier: | ||
| name: Run prettier on the whole codebase | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-22.04] | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.8.15' | ||
| architecture: 'x64' | ||
| - uses: ./.github/actions/merge | ||
| - name: Cache node modules and third_party/static | ||
| uses: actions/cache@v3 | ||
| env: | ||
| cache-name: cache-node-modules | ||
| with: | ||
| path: | | ||
| /home/runner/work/oppia/yarn_cache | ||
| /home/runner/work/oppia/oppia/third_party/static | ||
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('yarn.lock', 'dependencies.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-build-${{ env.cache-name }}- | ||
| ${{ runner.os }}-build- | ||
| ${{ runner.os }}- | ||
| - uses: ./.github/actions/install-oppia-dependencies | ||
| - name: Prettify code | ||
| run: npx prettier --check . | ||
| - name: Report failure if failed on oppia/oppia develop branch | ||
| if: ${{ failure() && github.event_name == 'push' && github.repository == 'oppia/oppia' && github.ref == 'refs/heads/develop'}} | ||
| uses: ./.github/actions/send-webhook-notification | ||
| with: | ||
| message: "Prettier formatting failed on the upstream develop branch." | ||
| webhook-url: ${{ secrets.BUILD_FAILURE_ROOM_WEBHOOK_URL }} |
Oops, something went wrong.