diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 0653980de..000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "" -labels: "" -assignees: "" ---- -> [!CAUTION] -> Remember to redact any sensitive information such as authentication credentials or license keys. - -### Describe the bug - -A clear and concise description of what the bug is: <...> - -### To reproduce - -Steps to reproduce the bug: - -1. I have deployed/run the Ansible NGINX role using the following `playbook.yml`: <...> -2. I have seen the following error(s) on my terminal output/logs: <...> - -### Expected behavior - -A clear and concise description of what you expected to happen: <...> - -### Your environment - -- Version of the Ansible NGINX role (or specific commit): <...> -- Version of Ansible: <...> -- Version of Jinja2 (if you are using any templating capability): <...> -- How is Ansible being managed (CLI/pipeline/Automation Hub/etc...): <...> -- Target deployment platform(s): <...> - -### Additional context (optional) - -Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 000000000..1a710c691 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,71 @@ +--- +name: ๐Ÿ› Bug report +description: Create a report to help us improve +labels: bug +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Before you continue filling out this report, please take a moment to check that your bug has not been [already reported on GitHub][issue search] ๐Ÿ™Œ + + Remember to redact any sensitive information such as authentication credentials and/or license keys! + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: https://github.com/nginxinc/ansible-role-nginx/issues + [discussions]: https://github.com/nginxinc/ansible-role-nginx/discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Bug Overview + description: A clear and concise overview of the bug. + placeholder: When I do "X" with the NGINX Ansible role, "Y" happens instead of "Z". + validations: + required: true + + - type: textarea + id: behavior + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected to happen. + placeholder: When I do "X" with the NGINX Ansible role, I expect "Z" to happen. + validations: + required: true + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce the Bug + description: Detail the series of steps required to reproduce the bug. + value: | + 1. I have deployed/run the NGINX Ansible role using the following `playbook.yml`... + 2. I have seen the following error(s) on my terminal/logs... + validations: + required: true + + - type: textarea + id: environment + attributes: + label: Environment Details + description: Please provide details about your environment. + value: | + - Target deployment platforms: [e.g. AWS/GCP/local cluster/etc...] + - Target OSs: [e.g. RHEL 9/Ubuntu 24.04/etc...] + - Host OS (where you are running Ansible from): [e.g. RHEL 9/Ubuntu 24.04/etc...] + - Version of the NGINX Ansible role (or specific commit): [e.g. 0.25.0/commit hash] + - Version of Ansible: [e.g. 2.16.5] + - How is Ansible being managed: [e.g. CLI/pipeline/Automation Hub/etc...] + - Version of Jinja2 (if you are using any templating capability): [e.g. 3.1.1] + validations: + required: true + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this issue in here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..3f7850f70 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,12 @@ +--- +blank_issues_enabled: false +contact_links: + - name: ๐Ÿ’ฌ Talk to the NGINX community! + url: https://community.nginx.org + about: A community forum for NGINX users, developers, and contributors + - name: ๐Ÿ“ Code of Conduct + url: https://www.contributor-covenant.org/version/2/1/code_of_conduct + about: NGINX follows the Contributor Covenant Code of Conduct to ensure a safe and inclusive community + - name: ๐Ÿ’ผ For commercial & enterprise users + url: https://www.f5.com/products/nginx + about: F5 offers a wide range of NGINX products for commercial & enterprise users diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index f8def591f..000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: "" -labels: "" -assignees: "" ---- -### Is your feature request related to a problem? Please describe - -A clear and concise description of what the problem is (e.g. I'm always frustrated when ...): <...> - -### Describe the solution you'd like - -A clear and concise description of what you would like to happen. - -### Describe alternatives you've considered - -A clear and concise description of any alternative solutions you've considered. - -### Additional context (optional) - -Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 000000000..8a592adca --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,40 @@ +--- +name: โœจ Feature request +description: Suggest an idea for this project +labels: enhancement +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this feature request! + + Before you continue filling out this request, please take a moment to check that your feature has not been [already requested on GitHub][issue search] ๐Ÿ™Œ + + **Note:** If you are seeking community support or have a question, please consider starting a new thread via [GitHub discussions][discussions] or the [NGINX Community forum][forum]. + + [issue search]: https://github.com/nginxinc/ansible-role-nginx/issues + [discussions]: https://github.com/nginxinc/ansible-role-nginx/discussions + [forum]: https://community.nginx.org + + - type: textarea + id: overview + attributes: + label: Feature Overview + description: A clear and concise description of what the feature request is. + placeholder: I would like the NGINX Ansible role to be able to do "X". + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: Detail any potential alternative solutions/workarounds you've used or considered. + placeholder: I have done/might be able to do "X" in the NGINX Ansible role by doing "Y". + + - type: textarea + id: context + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Feel free to add any other context/information/screenshots/etc... that you think might be relevant to this feature request here. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 3360663e1..3c1b1f033 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -7,7 +7,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on Before creating a PR, run through this checklist and mark each as complete: - [ ] I have read the [contributing guidelines](/CONTRIBUTING.md). -- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md). +- [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md). - [ ] If applicable, I have added Molecule tests that prove my fix is effective or that my feature works. - [ ] If applicable, I have checked that any relevant Molecule tests pass after adding my changes. - [ ] I have updated any relevant documentation ([`defaults/main/*.yml`](/defaults/main/), [`README.md`](/README.md) and [`CHANGELOG.md`](/CHANGELOG.md)). diff --git a/.github/scorecard.yml b/.github/scorecard.yml new file mode 100644 index 000000000..00d6ade68 --- /dev/null +++ b/.github/scorecard.yml @@ -0,0 +1,10 @@ +--- +annotations: + - checks: + - fuzzing + - packaging + - pinned-dependencies + - sast + - signed-releases + reasons: + - reason: not-applicable diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5_cla.yml similarity index 70% rename from .github/workflows/f5-cla.yml rename to .github/workflows/f5_cla.yml index 553bbdfcd..43e473eab 100644 --- a/.github/workflows/f5-cla.yml +++ b/.github/workflows/f5_cla.yml @@ -19,20 +19,21 @@ jobs: if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 with: - # Any pull request targeting the following branch will trigger a CLA check. - branch: main # Path to the CLA document. - path-to-document: https://github.com/f5/.github/blob/main/CLA/cla-markdown.md + path-to-document: https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md # Custom CLA messages. - custom-notsigned-prcomment: '๐ŸŽ‰ Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md) and reply on a new comment with the following text to agree:' + custom-notsigned-prcomment: '๐ŸŽ‰ Thank you for your contribution! It appears you have not yet signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the [F5 CLA](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md) and reply on a new comment with the following text to agree:' custom-pr-sign-comment: 'I have hereby read the F5 CLA and agree to its terms' custom-allsigned-prcomment: 'โœ… All required contributors have signed the F5 CLA for this PR. Thank you!' # Remote repository storing CLA signatures. remote-organization-name: f5 remote-repository-name: f5-cla-data + # Branch where CLA signatures are stored. + branch: main path-to-signatures: signatures/signatures.json # Comma separated list of usernames for maintainers or any other individuals who should not be prompted for a CLA. - allowlist: alessfg, oxpa, bot* + # NOTE: You will want to edit the usernames to suit your project needs. + allowlist: bot* # Do not lock PRs after a merge. lock-pullrequest-aftermerge: false env: diff --git a/.github/workflows/milestone-pr.yml b/.github/workflows/milestone_pr.yml similarity index 100% rename from .github/workflows/milestone-pr.yml rename to .github/workflows/milestone_pr.yml diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf_scorecard.yml similarity index 67% rename from .github/workflows/ossf-scorecard.yml rename to .github/workflows/ossf_scorecard.yml index 970ae7865..a4f28b3d9 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -4,11 +4,11 @@ name: OSSF Scorecard on: # For Branch-Protection check. Only the default branch is supported. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection. branch_protection_rule: - push: - branches: [main] # To guarantee Maintained check is occasionally updated. See https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained. schedule: - cron: "0 0 * * 1" + push: + branches: [main] workflow_dispatch: # Declare default permissions as read only. permissions: read-all @@ -17,16 +17,10 @@ jobs: name: Scorecard analysis runs-on: ubuntu-24.04 permissions: - # Needed if using Code Scanning alerts + # Needed if using Code Scanning alerts. security-events: write - # Needed for GitHub OIDC token if publish_results is true + # Needed for GitHub OIDC token if publish_results is true. id-token: write - # Uncomment the permissions below if installing on a private repository. - # contents: read - # actions: read - # issues: read # To allow GraphQL ListCommits to work - # pull-requests: read # To allow GraphQL ListCommits to work - # checks: read # To detect SAST tools steps: - name: Check out the codebase uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -38,14 +32,7 @@ jobs: with: results_file: results.sarif results_format: sarif - # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if: - # - You want to enable the Branch-Protection check on a *public* repository. - # - You are installing the OSSF Scorecard on a *private* repository. - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - # Publish the results for public repositories to enable scorecard badges. For more details, see https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless of the value entered here. publish_results: true # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF format to the repository Actions tab. diff --git a/CHANGELOG.md b/CHANGELOG.md index f2935ac88..55f695b7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ BUG FIXES: - Fix Ansible and Jinja versions validation tasks in ansible check mode. - Correctly use the `nginx_version` (if defined) for NGINX module versions. +DOCUMENTATION: + +- Update community docs & required workflows per the latest [NGINX template repository](https://github.com/nginx/template-repository) guidelines. + ## 0.25.0 (Nov 28, 2024) BREAKING CHANGES: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index cba1bc537..260d18347 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -5,21 +5,15 @@ The following is a set of guidelines for contributing to the NGINX Ansible role. #### Table Of Contents [Getting Started](#getting-started) - [Contributing](#contributing) - [Code Guidelines](#code-guidelines) - -- [Git Guidelines](#git-guidelines) -- [Ansible Guidelines](#ansible-guidelines) - [Code of Conduct](/CODE_OF_CONDUCT.md) ## Getting Started -Follow this project's [Installation Guide](/README.md#Installation) to install Ansible, Ansible Lint, and Molecule and get ready to develop and test the NGINX Ansible role. +Follow the role's [installation guide](/README.md#Installation) to install Ansible, Ansible Lint, and Molecule and get ready to develop and test the NGINX Ansible role. -### Project Structure +### Project Overview & Structure - The NGINX Ansible role is written in [`yaml`](https://yaml.org) and supports NGINX Open Source, NGINX Plus, NGINX Agent and NGINX Amplify. - The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html): @@ -34,11 +28,11 @@ Follow this project's [Installation Guide](/README.md#Installation) to install A ### Report a Bug -To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](/SECURITY.md).** +To report a bug, open an issue on GitHub with the label `bug` using the available [bug report issue form](/.github/ISSUE_TEMPLATE/bug_report.yml). Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](/SECURITY.md).** ### Suggest a Feature or Enhancement -To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request template](/.github/feature_request_template.md). Please ensure the feature or enhancement has not already been suggested. +To suggest a feature or enhancement, please create an issue on GitHub with the label `enhancement` using the available [feature request issue form](/.github/ISSUE_TEMPLATE/feature_request.yml). Please ensure the feature or enhancement has not already been suggested. ### Open a Pull Request (PR) @@ -46,11 +40,11 @@ To suggest a feature or enhancement, please create an issue on GitHub with the l - Fill in the [PR template](/.github/pull_request_template.md). > [!NOTE] -> If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/feature_request_template.md) first to start a discussion about the feature. +> If you'd like to implement a new feature, please consider creating a [feature request issue](/.github/ISSUE_TEMPLATE/feature_request.yml) first to start a discussion about the feature. #### F5 Contributor License Agreement (CLA) -F5 requires all external contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md)) before any of their changes can be incorporated into an F5 Open Source repository. +F5 requires all contributors to agree to the terms of the F5 CLA (available [here](https://github.com/f5/f5-cla/blob/main/docs/f5_cla.md)) before any of their changes can be incorporated into an F5 Open Source repository (even contributions to the F5 CLA itself!). If you have not yet agreed to the F5 CLA terms and submit a PR to this repository, a bot will prompt you to view and agree to the F5 CLA. You will have to agree to the F5 CLA terms through a comment in the PR before any of your changes can be merged. Your agreement signature will be safely stored by F5 and no longer be required in future PRs. diff --git a/README.md b/README.md index 36f7bd9c0..3ecc7749b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ [![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx) -[![Molecule CI/CD](https://github.com/nginxinc/ansible-role-nginx/workflows/Molecule%20CI/CD/badge.svg)](https://github.com/nginxinc/ansible-role-nginx/actions/workflows/molecule.yml) +[![Molecule CI/CD](https://github.com/nginxinc/ansible-role-nginx/actions/workflows/molecule.yml/badge.svg)](https://github.com/nginxinc/ansible-role-nginx/actions/workflows/molecule.yml) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/nginxinc/ansible-role-nginx/badge)](https://securityscorecards.dev/viewer/?uri=github.com/nginxinc/ansible-role-nginx) [![Project Status: Active โ€“ The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) [![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](/SUPPORT.md) -[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md) +[![Community Forum](https://img.shields.io/badge/community-forum-009639?logo=discourse&link=https%3A%2F%2Fcommunity.nginx.org)](https://community.nginx.org) [![License](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md) # ๐Ÿ‘พ *Help make the NGINX Ansible role better by participating in our [survey](https://forms.office.com/Pages/ResponsePage.aspx?id=L_093Ttq0UCb4L-DJ9gcUKLQ7uTJaE1PitM_37KR881UM0NCWkY5UlE5MUYyWU1aTUcxV0NRUllJSC4u)!* ๐Ÿ‘พ @@ -361,4 +362,4 @@ You can find the Ansible NGINX App Protect role to install and configure NGINX A [Tom Gamull](https://github.com/magicalyak) -© [F5, Inc.](https://www.f5.com/) 2018 - 2024 +© [F5, Inc.](https://www.f5.com/) 2018 - 2025 diff --git a/SECURITY.md b/SECURITY.md index 4003751b7..4ddf287c0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,9 +18,9 @@ If you find a security vulnerability that directly affects Ansible, we encourage ### Codebase -The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities: +The F5 Security Incident Response Team (F5 SIRT) offers two methods to easily report potential security vulnerabilities: -- If youโ€™re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). -- If you arenโ€™t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at . +- If youโ€™re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/support). +- If you arenโ€™t an F5 customer, please report any potential or current instances of security vulnerabilities in any F5 product to the F5 Security Incident Response Team at . -For more information please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability). +For more information, please read the F5 SIRT vulnerability reporting guidelines available at [https://www.f5.com/support/report-a-vulnerability](https://www.f5.com/support/report-a-vulnerability). diff --git a/SUPPORT.md b/SUPPORT.md index dbdbcbced..94f7a717b 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -2,9 +2,9 @@ ## Ask a Question -We use GitHub for tracking bugs and feature requests related to this project. +We use GitHub for tracking bugs and feature requests related to all NGINX Ansible roles. -Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. +Don't know how something in this project works? Curious if this project can achieve your desired functionality? Please open an issue on GitHub with the label `question`. Alternatively, start a GitHub discussion! ## NGINX Specific Questions and/or Issues @@ -12,11 +12,7 @@ This isn't the right place to get support for NGINX specific questions, but the ### Community Slack -We have a community [Slack](https://nginxcommunity.slack.com/)! - -If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up. (Let us know if the link does not seem to be working at !) - -Once you join, check out the `#beginner-questions` and `nginx-users` channels :) +We have a community [forum](https://community.nginx.org/)! If you have any questions and/or issues, try checking out the [`Troubleshooting`](https://community.nginx.org/c/troubleshooting/8) and [`How do I...?`](https://community.nginx.org/c/how-do-i/9) categories. Both fellow community members and NGINXers might be able to help you! :) ### Documentation @@ -34,4 +30,4 @@ Please see the [contributing guide](/CONTRIBUTING.md) for guidelines on how to b ## Community Support -This project does **not** offer commercial support. Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or via any of our active communities. +This project does **not** offer commercial support. Community support is offered on a best effort basis through either GitHub issues/PRs/discussions or through any of our active communities.