diff --git a/policies/advancedsecurity.yml b/policies/advancedsecurity.yml new file mode 100644 index 0000000..8060e0d --- /dev/null +++ b/policies/advancedsecurity.yml @@ -0,0 +1,19 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: Advanced Security Settings +description: SDL Requirements + +resource: repository +configuration: + advancedSecurity: + # Enable code and secret scanning on all repositories + secretScanning: true + # Prevent push of secrets, requires secretScanning: true + secretScanningPushProtection: true + # If a dependency has been added or modified, check for vulnerabilities. + enablePrCheck: true + # PR check will fail if the severity of the code, secret, or dependency scan is Moderate, High, or Critical + failOnSeverity: Moderate + # Specify exceptions to TEMPORARILY allow a specific vulnerability. + allowGhasVulnerability: [] \ No newline at end of file diff --git a/policies/branch-protection-apps-services.yml b/policies/branch-protection-apps-services.yml new file mode 100644 index 0000000..f462cff --- /dev/null +++ b/policies/branch-protection-apps-services.yml @@ -0,0 +1,63 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: branch_protection_apps_services +description: Organization branch protection policy for Microsoft Graph applications, services, and tools. +resource: repository +where: + - | + repository.name.contains("agora", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("kibali", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("csdl-diagrams", StringComparison.InvariantCultureIgnoreCase) + || repository.name.startsWith("microsoft-graph-devx", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-explorer-v4", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-developer-proxy", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-github-content-utility", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-metadata", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-permissions-scraper", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-ps-compatibility-azuread", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-samples-dashboard", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("MSGraph-SDK-Code-Generator", StringComparison.InvariantCultureIgnoreCase) +configuration: + branchProtectionRules: + - branchNamePattern: main + requiredApprovingReviewsCount: + min: 1 + # Must have a CODEOWNER approve for the PR to be merged. + requireCodeOwnersReview: true + # Require status checks to pass before merging. TODO: this value should be true, we should work to support this. + # Used with the requiredStatusChecks setting to specify which checks must pass for the PR to be merged. + requiresStrictStatusChecks: false + # TODO: all commits should be signed. We need to get everyone signing their commits. + requiresCommitSignatures: false + # Dismiss stale pull request approvals when new commits are pushed + dismissStaleReviews: true + # Require conversation resolution before merging. Address all concerns, and resolve in the GitHub PR UI. + requiresConversationResolution: true + - branchNamePattern: "master" + requiredApprovingReviewsCount: + min: 1 + requireCodeOwnersReview: true + requiresStrictStatusChecks: false + requiresCommitSignatures: false + dismissStaleReviews: true + requiresConversationResolution: true + dismissStaleReviews: true + - branchNamePattern: "dev" + requiredApprovingReviewsCount: + min: 1 + requireCodeOwnersReview: true + requiresStrictStatusChecks: false + requiresCommitSignatures: false + dismissStaleReviews: true + requiresConversationResolution: true + dismissStaleReviews: true + - branchNamePattern: "[Rr]elease/*" + requiredApprovingReviewsCount: + min: 1 + requireCodeOwnersReview: true + requiresStrictStatusChecks: false + requiresCommitSignatures: false + dismissStaleReviews: true + requiresConversationResolution: true + dismissStaleReviews: true \ No newline at end of file diff --git a/policies/branch-protection-sdks.yml b/policies/branch-protection-sdks.yml new file mode 100644 index 0000000..058aad5 --- /dev/null +++ b/policies/branch-protection-sdks.yml @@ -0,0 +1,59 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: branch_protection_sdks +description: Organization branch protection policy for Microsoft Graph SDKs +resource: repository +where: + - | + repository.name.startsWith("msgraph-sdk-", StringComparison.InvariantCultureIgnoreCase) + || repository.name.startsWith("msgraph-beta-sdk-", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-cli", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-cli-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-cli", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-typescript-typings", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-typescript-typings", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-toolkit", StringComparison.InvariantCultureIgnoreCase) +configuration: + branchProtectionRules: + - branchNamePattern: main + requiredApprovingReviewsCount: + min: 1 + # Must have a CODEOWNER approve for the PR to be merged. + requireCodeOwnersReview: true + # Require status checks to pass before merging. TODO: this value should be true, we should work to support this. + # Used with the requiredStatusChecks setting to specify which checks must pass for the PR to be merged. + requiresStrictStatusChecks: false + # TODO: all commits should be signed. We need to get everyone signing their commits. + requiresCommitSignatures: false + # Dismiss stale pull request approvals when new commits are pushed + dismissStaleReviews: true + # Require conversation resolution before merging. Address all concerns, and resolve in the GitHub PR UI. + requiresConversationResolution: true + - branchNamePattern: "master" + requiredApprovingReviewsCount: + min: 1 + requireCodeOwnersReview: true + requiresStrictStatusChecks: false + requiresCommitSignatures: false + dismissStaleReviews: true + requiresConversationResolution: true + dismissStaleReviews: true + - branchNamePattern: "dev" + requiredApprovingReviewsCount: + min: 1 + requireCodeOwnersReview: true + requiresStrictStatusChecks: false + requiresCommitSignatures: false + dismissStaleReviews: true + requiresConversationResolution: true + dismissStaleReviews: true + - branchNamePattern: "[Rr]elease/*" + requiredApprovingReviewsCount: + min: 1 + requireCodeOwnersReview: true + requiresStrictStatusChecks: false + requiresCommitSignatures: false + dismissStaleReviews: true + requiresConversationResolution: true + dismissStaleReviews: true \ No newline at end of file diff --git a/policies/cla.yml b/policies/cla.yml index f22d79b..cda89c7 100644 --- a/policies/cla.yml +++ b/policies/cla.yml @@ -1,112 +1,123 @@ -name: Contributor License Agreement Policy +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: Contributor License Agreement Policy description: CLA policy file resource: repository -configuration: +configuration: cla: content: https://raw.githubusercontent.com/microsoft/.github/main/CLA/microsoft.yml - minimalChangeRequired: + minimalChangeRequired: files: 2 codeLines: 16 bypassOrgs: - bloomberg bypassUsers: - - dependabot[bot] - - greenkeeper[bot] - - dotnet-maestro[bot] - - dependabot-preview[bot] - - openapi-sdkautomation[bot] - - github-actions[bot] - - content-assistant[bot] - - reunion-maestro[bot] - - renovate[bot] - - microsoft-github-policy-service[bot] - - msftbot[bot] - - azure-pipelines[bot] - - CBL-Mariner-Bot - - pbicvbot - acomghbot + - acomghbot + - ActivityWatchBot + - agentoffline-bot + - akri-bot + - ALGitHubBot + - ansibleazurebot + - anton-bot + - ascforiotbot + - audevbot + - azclibot + - azure-pipelines[bot] + - azure-pipelines-bot + - azure-powershell-bot - azuresdkciprbot - - dotnet-corert-bot - - iotgwbot - - LordBobbot - - qa-bot - - winobjc-bot - - mukaibot - - edtbot - - tecbot - - nzspambot - - SoundBot - - dn-helix-agents-bot - - wslbot - - dotnet-bot - benrobot - - typescript-bot - - ansibleazurebot - - wdkbot - - deanbot - - OutlookBot - - ALGitHubBot - blackrobot - - azure-pipelines-bot - - uefibot - - flinchbot - - MicrosoftIssueBot - - agentoffline-bot - - officedocsbot - - vswdbot - - thisisnotarobot + - CBL-Mariner-Bot + - content-assistant[bot] - coreosbot - - McCoyBot - - audevbot - csd-automationbot - - ascforiotbot - - rnbot - - MixedRealitySpectatorViewBot - - UI-Fabric-RN-Bot - - dotnet-maestro-bot - - anton-bot - - WorkingRobot - - azclibot + - deanbot + - dependabot[bot] + - dependabot-preview[bot] + - dn-helix-agents-bot + - dokku-bot + - dotnet-bot + - dotnet-corert-bot - dotnet-docker-bot - - rnsdkbot + - dotnet-maestro[bot] + - dotnet-maestro-bot + - dotnet-winget-bot + - edtbot + - engelbot + - flinchbot + - github-actions[bot] + - goodboyrobot + - greenkeeper[bot] + - inclusive-coding-bot + - iotgwbot - jenfoxbot - - MSLearnBot - - wingetbot - - azure-powershell-bot - - ninjarobot - - leha-bot - - sasabot - - akri-bot - - dokku-bot - - testplatform-bot - - microsoft-golang-bot - - RunTheBot - julien-lebot - - zangobot + - learn-build-service-ppe[bot] + - learn-build-service-prod[bot] + - learn-build-service-test[bot] + - leha-bot + - liurunliang-bot + - LizardByte-bot + - LordBobbot + - McCoyBot - meo-autobot - - acomghbot - - upgradvisor-bot - - oberonbot - - PylanceBot + - microsoft-github-policy-service[bot] + - microsoft-golang-bot + - MicrosoftIssueBot + - MixedRealitySpectatorViewBot + - msftbot[bot] + - MSLearnBot + - mukaibot - nfbot - - pulumi-bot - - engelbot - - inclusive-coding-bot - - dotnet-winget-bot - - trustedroots-bot - - polymcbot - - LizardByte-bot - - goodboyrobot - - ActivityWatchBot + - ninjarobot + - nzspambot + - oberonbot + - officedocsbot - OhMyGuus-Bot + - opbld15 + - opbld16 + - opbld17 + - opbld27 + - openapi-sdkautomation[bot] + - openpublishbuild + - OutlookBot + - pbicvbot + - playwrightmachine - podman-desktop-bot - - liurunliang-bot + - polymcbot - prmerger-test[bot] - - learn-build-service-test[bot] - - learn-build-service-ppe[bot] - - learn-build-service-prod[bot] + - pulumi-bot + - PylanceBot + - qa-bot + - renovate[bot] + - reunion-maestro[bot] + - rnbot + - rnsdkbot + - RunTheBot + - sasabot + - SoundBot + - tecbot + - testplatform-bot + - thisisnotarobot + - trustedroots-bot + - typescript-bot + - uefibot + - UI-Fabric-RN-Bot + - upgradvisor-bot + - VSC-Service-Account + - vswdbot + - wdkbot + - wingetbot + - winobjc-bot + - WorkingRobot + - wslbot + - zangobot + prohibitedCompanies: - msft - microsoft diff --git a/policies/mandatory-files-public.yml b/policies/mandatory-files-public.yml new file mode 100644 index 0000000..5e8a43e --- /dev/null +++ b/policies/mandatory-files-public.yml @@ -0,0 +1,185 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# metadata +name: mandatory files policy +description: This policy will ensure the presence of important files in public Microsoft Graph repositories. + +# filters +resource: repository +where: +- | + repository.name.equals("aspnet-snippets-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("aspnetcore-search-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("aspnetcore-webhooks-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("assign-to-author", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("botframework-csharp-approvalbot-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("changelog-link-check", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("csdl-diagrams", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("dataconnect-solutions", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("dotnet-aad-query-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("dotnetcore-console-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("eol-blocker", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("g-raph", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("get-app-token", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("group-membership-management", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("group-membership-management-tenant", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("java-spring-webhooks-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("kibali", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("meeting-moderator-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("mgt-react-codetour", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("mgtLap-TryItOut", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-comms-samples", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-devx-api", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-devx-content", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-docs", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-docs.pt-BR", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-docs.ru-RU", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-docs.zh-CN", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-explorer-v4", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-toolkit", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("microsoft-graph-training", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-access-files-data", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-access-group-data", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-access-user-data", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-cli", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-sdk-dotnet", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-sdk-go", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-sdk-java", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-sdk-php", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-sdk-python", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-sdk-ruby", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-beta-typescript-typings", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-cli", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-cli-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-community-samples", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-connectors-sdk", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-developer-proxy", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-dotnet-interactive-extension", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-github-content-utility", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-ifttt-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-metadata", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-permissions-scraper", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-android", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-angularspa", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-aspnet-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-azurefunction-csharp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-blazor-clientside", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-botframework", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-deltaquery", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-ios-objectivec", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-ios-swift", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-javascriptspa", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-maui", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-nodeexpressapp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-office-addin", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-phpapp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-pythondjangoapp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-reactspa", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-rubyrailsapp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-spfx", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-teamsapp-dotnet", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sample-uwp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-samples-dashboard", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("MSGraph-SDK-Code-Generator", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-design", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-dotnet", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-dotnet-contrib", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-dotnet-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-go", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-go-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-java", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-java-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-javascript", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-php", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-php-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-powershell", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-python", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-python-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-ruby", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-ruby-core", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-serviceissues", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-sdk-typescript", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-search-connector-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-tools-migration", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-aspnetmvcapp", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-changenotifications", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-dataconnect", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-dotnet", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-go", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-java", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-javascript", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-optimize-data-usage", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-optimize-network-traffic", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-php", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-powerautomate", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-powershell", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-python", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-react-native", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-training-typescript", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("msgraph-typescript-typings", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("nodejs-webhooks-sample", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("powershell-aad-samples", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("powershell-intune-samples", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("universalprint-samples", StringComparison.InvariantCultureIgnoreCase) + || repository.name.equals("windowsupdates-webapplication-sample", StringComparison.InvariantCultureIgnoreCase) + +# Configuration for PUBLIC repositories in the Microsoft Graph organization. +configuration: + mandatoryFiles: + autoMergeDays: 10 + issueTitle: This public repo is missing important files + issueBody: | + There are important files that public Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically. + + If your repository is no longer public, please open a PR on github.com/microsoftgraph/.github/policies/mandatory-files-public.yml and remove your repository from the list. + + Microsoft teams can [learn more about this effort and share feedback](https://docs.opensource.microsoft.com/releasing/maintain/templates/) within the open source guidance available internally. + prTitle: Adding standard Microsoft template files + prBody: | + Please accept this contribution adding one or more of the following files + - SECURITY.MD :lock: file to help the community understand the security policy and how to safely report security issues. GitHub uses the presence of this file to light-up security reminders and a link to the file. This pull request commits the latest official SECURITY.MD file from https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md. + - LICENSE file to specify the license under which the project is made available. GitHub uses the presence of this file to light-up license information in the UI. This pull request commits the latest official LICENSE file from https://github.com/microsoft/repo-templates/blob/main/shared/LICENSE. + - CODE_OF_CONDUCT.md file to specify the code of conduct for the project. GitHub uses the presence of this file to light-up code of conduct information in the UI. This pull request commits the latest official CODE_OF_CONDUCT.md file from https://github.com/microsoft/repo-templates/blob/main/shared/CODE_OF_CONDUCT.md. + + Microsoft teams can [learn more about this effort and share feedback](https://docs.opensource.microsoft.com/releasing/maintain/templates/) within the open source guidance available internally. + file: + - path: SECURITY.md + prContentLink: https://raw.githubusercontent.com/microsoft/repo-templates/main/shared/SECURITY.md + ignoreCase: true + prFilePath: SECURITY.md + otherPaths: + - docs/SECURITY.md + - .github/SECURITY.md + - docs/SECURITY + - .github/SECURITY + - path: LICENSE + prContentLink: https://raw.githubusercontent.com/microsoft/repo-templates/main/shared/LICENSE + ignoreCase: true + prFilePath: LICENSE + otherPaths: + - docs/LICENSE.md + - docs/LICENSE + - .github/LICENSE.md + - .github/LICENSE + - path: CODE_OF_CONDUCT.md + prContentLink: https://raw.githubusercontent.com/microsoft/repo-templates/main/shared/CODE_OF_CONDUCT.md + ignoreCase: true + prFilePath: CODE_OF_CONDUCT.md + otherPaths: + - docs/CODE_OF_CONDUCT.md + - docs/CODE_OF_CONDUCT + - .github/CODE_OF_CONDUCT.md + - .github/CODE_OF_CONDUCT + - path: CONTRIBUTING.md + prContentLink: https://raw.githubusercontent.com/microsoft/repo-templates/main/projections/azure-samples/CONTRIBUTING.md + ignoreCase: true + prFilePath: CONTRIBUTING.md + otherPaths: + - docs/CONTRIBUTING.md + - docs/CONTRIBUTING + - .github/CONTRIBUTING.md + - .github/CONTRIBUTING + issueReminder: + firstReminderGapDays: 7 + followUpReminderGapDays: 2 diff --git a/policies/mandatory-files.yml b/policies/mandatory-files.yml deleted file mode 100644 index b1fc156..0000000 --- a/policies/mandatory-files.yml +++ /dev/null @@ -1,155 +0,0 @@ -# metadata -name: mandatory files policy -description: this policy will ensure the presence of important files in Microsoft project repositories. - -# filters -resource: repository -where: -- | - repository.name.equals("powershell-intune-samples", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("python-security-rest-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-php", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-phpapp", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("security-api-solutions", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-typescript-typings", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-docs", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-java", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-powershell", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-python-core", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("mgt-react-codetour", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-go", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("aspnetcore-webhooks-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-pythondjangoapp", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-openapi-introspection", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-php", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("group-membership-management-tenant", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("MSGraph-SDK-Code-Generator", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("aspnetcore-connect-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-connectors-sdk", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-objc-models", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-objc-auth", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-objc", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("group-membership-management", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-python", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-react-native", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-changenotifications", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-aspnetmvcapp", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-design", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-xamarin", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-uwp", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-powerautomate", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-office-addin", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-ios-objectivec", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-botframework", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-android", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-php-core", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("nodejs-security-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sample-aspnet-core", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("get-app-token", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascript", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-typescript", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("assign-to-author", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-typescript", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-beta-sdk-php", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-go", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-training", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("meeting-moderator-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-sdk-go-core", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-beta-sdk-go", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-cli-core", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("mgtLap-TryItOut", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-spfx", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("universalprint-samples", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-cli", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("aspnet-security-api-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-powershell", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-beta-sdk-typescript", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("aspnet-snippets-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("cadl-msgraph", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-access-user-data", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("dotnet-aad-query-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-agora-api", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("build2022-sdk-demo", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.vi-VN", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.uk-UA", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.sl-SI", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.sr-Latn-RS", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.ro-RO", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.lt-LT", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.lv-LV", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.id-ID", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.et-EE", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.hr-HR", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.bg-BG", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.th-TH", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.sk-SK", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.hu-HU", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.he-IL", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.el-GR", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.cs-CZ", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.ar-SA", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.tr-TR", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.sv-SE", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.pt-PT", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.pl-PL", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.nb-NO", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.ko-KR", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.fi-FI", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.da-DK", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.zh-TW", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.it-IT", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-javascriptspa.nl-NL", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-access-group-data", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("preview-iot-sdk", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("Intune-PowerShell-SDK-Code-Generator", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("csdl-diagrams", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-permissions-scraper", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-agora", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("M365Insights", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("eol-blocker", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-access-files-data", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-docs.es-ES", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-docs.ja-JP", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-docs.de-DE", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-docs.fr-FR", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("microsoft-graph-docs.pt-BR", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("CsdlToDiagram", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-beta-typescript-typings", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-ps-compatibility-azuread", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-beta-cli", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("security-api-providers", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("azure-cli", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("github-task-automate", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("botframework-csharp-approvalbot-sample", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("windowsupdates-powershell-samples", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("msgraph-training-dataconnect", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("agora-plantuml-server", StringComparison.InvariantCultureIgnoreCase) - || repository.name.equals("botframework-csharp-graph-explorer", StringComparison.InvariantCultureIgnoreCase) - - -# primitive configuration -configuration: - mandatoryFiles: - autoMergeDays: 10 - issueTitle: This repo is missing important files - issueBody: | - There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically. - - Microsoft teams can [learn more about this effort and share feedback](https://docs.opensource.microsoft.com/releasing/maintain/templates/) within the open source guidance available internally. - prTitle: Adding Microsoft SECURITY.MD - prBody: | - Please accept this contribution adding the standard Microsoft SECURITY.MD :lock: file to help the community understand the security policy and how to safely report security issues. GitHub uses the presence of this file to light-up security reminders and a link to the file. This pull request commits the latest official SECURITY.MD file from https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md. - - Microsoft teams can [learn more about this effort and share feedback](https://docs.opensource.microsoft.com/releasing/maintain/templates/) within the open source guidance available internally. - file: - - path: SECURITY.md - prContentLink: https://raw.githubusercontent.com/microsoft/repo-templates/main/shared/SECURITY.md - ignoreCase: true - prFilePath: SECURITY.md - otherPaths: - - docs/SECURITY.md - - .github/SECURITY.md - issueReminder: - firstReminderGapDays: 7 - followUpReminderGapDays: 2 diff --git a/policies/platformcontext.yml b/policies/platformcontext.yml index 9cfb01c..507c8aa 100644 --- a/policies/platformcontext.yml +++ b/policies/platformcontext.yml @@ -1,10 +1,13 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + name: platform_context description: The context for GitOps platform, this will drive GitOps specific policies -owner: +owner: resource: repository -where: +where: configuration: platformContext: active: true -onFailure: +onFailure: onSuccess: