From f500f09b55372b9ff12707f073b15de3277a540b Mon Sep 17 00:00:00 2001 From: David Walter Date: Thu, 28 May 2026 09:05:38 +0200 Subject: [PATCH] =?UTF-8?q?docs(ospo):=20community=20health=20rollout=20v2?= =?UTF-8?q?=20=E2=80=94=20README,=20agents.md,=20health=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduced by the Kiteworks Open Source Program Office (OSPO) on May 5, 2026. Changes: - README.md: rewritten with OSPO v2 template — license-specific migration guidance, Community & Support section, Contributing workflow, Security section pointing to security.owncloud.com + YesWeHack bug bounty - agents.md: AI agent context file with architecture, build commands, and OSPO Policy Constraints (GitHub Actions, Dependabot, Git Workflow) - CODE_OF_CONDUCT.md: redirect to https://owncloud.com/contribute/code-of-conduct/ - CONTRIBUTING.md: redirect to https://owncloud.com/contribute/ - SECURITY.md: redirect to https://security.owncloud.com + YesWeHack - SUPPORT.md: redirect to https://owncloud.com/contact-us/ + channels OSPO: https://kiteworks.com/opensource Signed-off-by: David Walter --- CODE_OF_CONDUCT.md | 8 ++++ CONTRIBUTING.md | 9 ++++ README.md | 106 +++++++++++++++++++++++++++++++++++---------- SECURITY.md | 11 +++++ SUPPORT.md | 10 +++++ agents.md | 68 +++++++++++++++++++++++++++++ 6 files changed, 189 insertions(+), 23 deletions(-) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 SUPPORT.md create mode 100644 agents.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..ce144bf --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,8 @@ +# Code of Conduct + +This project follows the ownCloud Code of Conduct. + +Please read the full Code of Conduct at: +**** + +By participating in this project, you agree to abide by its terms. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..65c9915 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,9 @@ +# Contributing + +Thank you for your interest in contributing to this project! + +Please read the full contributing guidelines at: +**** + +For development setup, coding standards, and pull request process, +see the README in this repository. diff --git a/README.md b/README.md index d1912e7..0579066 100644 --- a/README.md +++ b/README.md @@ -1,40 +1,100 @@ -# ownCloud Main Page +# ownCloud Docs Main Page -**IMPORTANT** + -Since April 2026, this repository requires [Commit Signing](https://docs.github.com/articles/about-gpg) and uses [Conventional Commits](https://www.conventionalcommits.org) for commits and the Pull Request title. +[![License](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](LICENSE) [![ownCloud OSPO](https://img.shields.io/badge/OSPO-ownCloud-blue)](https://kiteworks.com/opensource) -**Table of Contents** +Antora-based documentation component for the ownCloud documentation landing page. This repository provides the top-level navigation and main page content that serves as the entry point for the published documentation site at [doc.owncloud.com](https://doc.owncloud.com). -* [Building the Main Page Docs](#building-the-main-page-docs) -* [General Notes](#general-notes) -* [Generating the Documentation](#generating-the-documentation) -* [Target Branch and Backporting](#target-branch-and-backporting) -* [Branching Workflow](#branching-workflow) -* [Create a New Version Branch for the docs Main Page](#create-a-new-version-branch-for-the-docs-main-page) +## Getting Started -## Building the Main Page Docs +To preview changes locally: -The ownCloud Main Page documentation is not built independently. Instead, it is built together with the [documentation](https://github.com/owncloud/docs/). However, you can build a local copy of the ownCloud Server documentation to preview changes you are making. +```bash +npm install +npm run antora-local +npm run serve +``` -Whenever a Pull Request of this repo gets merged, it automatically triggers a full docs build. +This generates a standalone preview at `http://localhost:8080`. For the full site build, merge your changes and the [docs](https://github.com/owncloud/docs) repository will automatically rebuild. -## General Notes +## Documentation -To make life easier, most of the content written in [docs](https://github.com/owncloud/docs#readme) applies also here. For ease of reading, the most important steps are documented here too. For more information see the link provided. Only a few topics of this repo are unique like the branching. +- [Branching Workflow](./docs/the-branching-workflow.md) +- [Version Branch Creation](./docs/new-version-branch.md) +- [Main Documentation Build](https://github.com/owncloud/docs) -## Generating the Documentation +## Part of ownCloud Documentation -See the [Generating the Documentation](https://github.com/owncloud/docs#generating-the-documentation) in the docs repo for more details as it applies to all documentation repositories. +This is a content component for the [ownCloud docs](https://github.com/owncloud/docs) Antora build. It provides the main landing page and cross-product navigation. Published documentation is available at [doc.owncloud.com](https://doc.owncloud.com). -## Target Branch and Backporting +## Community & Support -See the [following section](https://github.com/owncloud/docs#target-branch-and-backporting) as the same rules and notes apply. +**[Star](https://github.com/owncloud/docs-main)** this repo and **Watch** for release notifications! -## Branching Workflow +- [ownCloud Website](https://owncloud.com) +- [Community Discussions](https://github.com/orgs/owncloud/discussions) +- [Matrix Chat](https://app.element.io/#/room/#owncloud:matrix.org) +- [Documentation](https://doc.owncloud.com) +- [Enterprise Support](https://owncloud.com/contact-us/) +- [OSPO Home](https://kiteworks.com/opensource) -Please refer to the [Branching Workflow for the docs main page](./docs/the-branching-workflow.md) for more information. +## Contributing -## Create a New Version Branch for the Docs Main Page +We welcome contributions! Please read the [Contributing Guidelines](CONTRIBUTING.md) +and our [Code of Conduct](CODE_OF_CONDUCT.md) before getting started. -Please refer to [Create a New Version Branch for the docs main page](./docs/new-version-branch.md) for more information. +### Workflow + +- **Rebase Early, Rebase Often!** We use a rebase workflow. Always rebase on the target branch before submitting a PR. +- **Dependabot**: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly. +- **Signed Commits**: All commits **must** be PGP/GPG signed. See [GitHub's signing guide](https://docs.github.com/en/authentication/managing-commit-signature-verification). +- **DCO Sign-off**: Every commit must carry a `Signed-off-by` line: + ``` + git commit -s -S -m "your commit message" + ``` +- **GitHub Actions Policy**: Workflows may only use actions that are (a) owned by `owncloud`, (b) created by GitHub (`actions/*`), or (c) verified in the GitHub Marketplace. + +## Security + +**Do not open a public GitHub issue for security vulnerabilities.** + +Report vulnerabilities at **** -- see [SECURITY.md](SECURITY.md). + +Bug bounty: [YesWeHack ownCloud Program](https://yeswehack.com/programs/owncloud-bug-bounty-program) + +## License + +This project is licensed under the [AGPL-3.0](LICENSE). + +## About the ownCloud OSPO + +The [Kiteworks Open Source Program Office](https://kiteworks.com/opensource), operating under +the [ownCloud](https://owncloud.com) brand, launched on May 5, 2026, to steward the open source +ecosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance, +community health, and sustainable collaboration between the open source community and +[Kiteworks](https://www.kiteworks.com), which acquired ownCloud in 2023. + +- **OSPO Home**: +- **GitHub**: +- **ownCloud**: + +For questions about the OSPO or licensing, contact ospo@kiteworks.com. + +### License Migration to Apache 2.0 + +The OSPO is driving a strategic relicensing of ownCloud repositories toward the +[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0), following +the [Apache Software Foundation's third-party license policy](https://www.apache.org/legal/resolved.html). + +Individual repositories will migrate as their audit is completed. The LICENSE file +in each repo reflects its **current** license status (not the target). + +**Current license: AGPL-3.0** (Category X per Apache policy -- cannot be included in Apache-2.0 works). + +Migration prerequisites for this repository: + +- **CLA/DCO coverage**: All past contributors must have signed agreements permitting relicensing +- **Copyleft dependency audit**: All AGPL/GPL dependencies must be replaced or isolated +- **KDE heritage review**: Any code with KDE-era copyrights requires legal analysis +- **Complete relicensing**: AGPL-3.0 is a strong copyleft license; migration requires full relicensing of all files, not just a header change diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..78094ae --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +## Reporting a Vulnerability + +**Do NOT open a public GitHub issue for security vulnerabilities.** + +Please report security issues responsibly via: +**** + +You can also report vulnerabilities through our YesWeHack bug bounty program: +**** diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000..d87c0ca --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,10 @@ +# Support + +For support with this project, please use the following channels: + +- **Enterprise Support**: +- **Community discussions**: https://github.com/orgs/owncloud/discussions +- **Matrix Chat**: +- **Documentation**: + +Please do not use GitHub issues for general support questions. diff --git a/agents.md b/agents.md new file mode 100644 index 0000000..192a79a --- /dev/null +++ b/agents.md @@ -0,0 +1,68 @@ +# AI Agent Guidelines for ownCloud Docs Main Page + +This file provides context for AI coding agents (Claude Code, GitHub Copilot, Cursor, etc.) working in this repository. + +## Repository Overview +- **Product family:** Documentation +- **Primary language(s):** JavaScript +- **Build system:** npm (Antora) +- **Test framework:** broken-link-checker +- **CI system:** GitHub Actions + +## Architecture & Key Paths + +- `antora.yml` -- Antora component descriptor +- `modules/` -- AsciiDoc documentation content modules +- `site.yml` -- Standalone site playbook for local preview +- `package.json` -- npm scripts +- `docs/` -- Documentation about branching and versioning +- `ext-antora/` -- Custom Antora extensions +- `ext-asciidoc/` -- Custom AsciiDoc extensions + +## Development Conventions +- **Branching:** master +- **Commit messages:** DCO sign-off required (`git commit -s`) +- **Code style:** Prettier (for formatting) +- **PR process:** Open a PR against `master`. All CI checks must pass. + +## Build & Test Commands +```bash +# Build +npm run antora + +# Test +npm run linkcheck + +# Lint +Not detected (Prettier config present for formatting) +``` + +## Important Constraints +- All code contributions must be compatible with the **AGPL-3.0** license +- Do not introduce new **copyleft-licensed dependencies** (GPL, AGPL, LGPL, MPL) without explicit discussion in an issue first. This is especially important for repos migrating to Apache 2.0. +- Do not introduce new dependencies without discussion in an issue first + + +## OSPO Policy Constraints + +### GitHub Actions +- **Only** use actions owned by `owncloud`, created by GitHub (`actions/*`), verified on the GitHub Marketplace, or verified by the ownCloud Maintainers. +- Pin all actions to their full commit SHA (not tags): `uses: actions/checkout@ # vX.Y.Z` +- Never introduce actions from unverified third parties. + +### Dependency Management +- Dependabot is configured for automated dependency updates. +- Review and merge Dependabot PRs as part of regular maintenance. +- Do not introduce new dependencies without discussion in an issue first. + +### Git Workflow +- **Rebase policy**: Always rebase; never create merge commits. Use `git pull --rebase` and `git rebase` before pushing. +- **Signed commits**: All commits **must** be PGP/GPG signed (`git commit -S -s`). +- **DCO sign-off**: Every commit needs a `Signed-off-by` line (`git commit -s`). +- **Conventional Commits & Squash Merge**: Use the [Conventional Commits](https://www.conventionalcommits.org/) format where the repository enforces it. Many repos use squash merge, where the PR title becomes the commit message on the default branch — apply Conventional Commits format to PR titles as well. A reusable GitHub Actions workflow enforces this. + +## Context for AI Agents +- Match existing code style +- Do not refactor unrelated code in the same PR +- Write tests for new functionality +- Keep PRs focused and atomic