newrelic / .github Goto Github PK

There is no indication in this repo of the copyright owner, whether in LICENSE, file headers, or NOTICE.

It is good practice for an open source repository to publish guidelines for new contributors.

Acceptance Criteria

• Use repolinter and automate the update of deprecations yml files to better check and notify app developers and maintainers of future deprecations.

The Repolinter Rulesets check for existence of a SECURITY.md link. We should consider disabling this. There is now a default security policy in the .github repo at https://github.com/newrelic/.github/blob/main/SECURITY.md. There is a link to that global default in the "About" menu on every repository.As a result any other repository that lacks a policy of its own will still have a security policy and a well-known UX path to it.

The global default policy is probably better than most projects will do on their own, so nudging projects to make their own security policy may actually decrease security.

Eliminating a Ruleset check reduces work for maintainers and creates engineering efficiencies.

The repolinter ruleset for community plus has a mismatch. It is throwing an error on the legacy code for the community plus category, which uses markdown rather than HTML. I think this code was written assuming an OR and the actual logic is AND:

      patterns:
         - '<a href="https:\/\/opensource\.newrelic\.com\/oss-category\/#community-plus"><picture><source media="\(prefers-color-scheme: dark\)" srcset="https:\/\/github\.com\/newrelic\/opensource-website\/raw\/main\/src\/images\/categories\/dark\/Community_Plus\.png"><source media="\(prefers-color-scheme: light\)" srcset="https:\/\/github\.com\/newrelic\/opensource-website\/raw\/main\/src\/images\/categories\/Community_Plus\.png"><img alt="New Relic Open Source community plus project banner\." src="https:\/\/github\.com\/newrelic\/opensource-website\/raw\/main\/src\/images\/categories\/Community_Plus\.png"><\/picture><\/a>'
         - https:\/\/opensource\.newrelic\.com\/oss-category\/#community-plus

We seem to be pointing our url patterns to master on the oss site, where the image files are actually the older ones on master. simply changing the pattern to look at main might be a good idea.

readme-starts-with-community-header:
    level: error
    rule:
      type: file-starts-with
      options:
        globsAll:
        - README*
        nocase: true
        lineCount: 5
        patterns:
        - https:\/\/github\.com\/newrelic\/opensource-website\/raw\/master\/src\/images\/categories\/Community_Project\.png
        - https:\/\/opensource\.newrelic\.com\/oss-category\/#community-project
        human-readable-pattern: Open source Community header (see https://opensource.newrelic.com/oss-category)
        flags: i
        succeed-on-non-existent: false
    fix:
      type: file-modify
      options:
        text: "[![Community header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Project.png)](https://opensource.newrelic.com/oss-category/#community-project)"
        write_mode: prepend
        newlines:
          end: 2

I was trying to implement New Relic's OpenAI python observability package, however, I can't install it because it conflicts with my openai version that is set to >=1.3.5. Implementing support for newer OpenAI versions seems important and downgrading my OpenAI version would take a lot of work because there were big changes after the 1.0 release.

DevEn wanted to make a request to improve repo-linter to look for 2 types of OSS readme header images as the one's it checks for is a version that isn't dark mode friendly. We've been using a better version in our repos lately, but noticed repo linter flags it.

Here is where the ruleset files are and here is an example of where we'd like to see an OR statement looking for both images.

You can see how we are using a darkmode friendly header image in this repo. https://github.com/newrelic/instant-observability-website

[![Community Project header](https://opensource.newrelic.com/static/Community_Project-7c4805883d6396086f907f1c716477cd.png)](https://opensource.newrelic.com/oss-category/#community-project)

We suggest supporting both types as if you change the rule set to darkmode only it would flag a lot of repos which may not have active maintainers to fix them.