Skip to content

Commit

Permalink
v2.0 Release
Browse files Browse the repository at this point in the history
  • Loading branch information
jeffmendoza committed Mar 25, 2022
1 parent db0d40d commit 221073f
Show file tree
Hide file tree
Showing 3 changed files with 103 additions and 13 deletions.
27 changes: 27 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
on:
push:
tags:
- '*'
permissions:
id-token: write # Undocumented OIDC support.
packages: write # To publish container images to GHCR
contents: write # To create a release
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: 1.17
- uses: sigstore/cosign-installer@main
- run: go install github.com/google/ko@v0.10.0
- run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.workflow }} --password-stdin
- run: KO_DOCKER_REPO=ghcr.io/${{ github.repository_owner }} ko publish -B ./cmd/allstar > container
- run: docker pull $(cat container)
- run: docker tag $(cat container) ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}
- run: docker push ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}
- run: COSIGN_EXPERIMENTAL=1 cosign sign -a git_sha=$GITHUB_SHA ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}
- run: gh release create ${{ github.ref_name }} --notes "ghcr.io/${{ github.repository_owner }}/allstar:${{ github.ref_name }}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
36 changes: 23 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,26 @@

# **Allstar**

## Overview
## Overview

- [What Is Allstar?](#what-is-allstar)

## What's new with Allstar

- [whats-new.md](whats-new.md)

## Disabling Unwanted Issues

- [Help! I'm getting issues created by Allstar and I don't want them!](#disabling-unwanted-issues-1)

## Getting Started
## Getting Started

- [Background](#background)
- [Org-Level Options](#org-level-options)
- [Background](#background)
- [Org-Level Options](#org-level-options)
- [Installation Options](#installation-options)
- [Quickstart Installation](#quickstart-installation)
- [Manual Installation](#manual-installation)

## Policies and Actions
- [Actions](#actions)
- [Policies](#policies)
Expand All @@ -32,21 +36,27 @@
________
________

## Overview
## Overview

### What is Allstar?

Allstar is a GitHub App that continuously monitors GitHub organizations or repositories for adherence to security best practices.
If Allstar detects a security policy violation, it creates an issue to alert the repository or organization owner.
For some security policies, Allstar can also automatically change the project setting that caused the violation, reverting it to the expected state.
Allstar is a GitHub App that continuously monitors GitHub organizations or
repositories for adherence to security best practices. If Allstar detects a
security policy violation, it creates an issue to alert the repository or
organization owner. For some security policies, Allstar can also automatically
change the project setting that caused the violation, reverting it to the
expected state.

Allstar’s goal is to give you finely tuned control over the files and settings that affect the security of your projects.
You can choose which security policies to monitor at both the organization and repository level, and how to handle policy violations.
You can also develop or contribute new policies.
Allstar’s goal is to give you finely tuned control over the files and settings
that affect the security of your projects. You can choose which security
policies to monitor at both the organization and repository level, and how to
handle policy violations. You can also develop or contribute new policies.

Allstar is developed under the [OpenSSF](https://openssf.org/) organization, as
a part of the [Securing Critical Projects Working
Group](https://github.com/ossf/wg-securing-critical-projects).
Group](https://github.com/ossf/wg-securing-critical-projects).

## [What's new with Allstar](whats-new.md)

## Disabling Unwanted Issues
If you're getting unwanted issues created by Allstar, follow [these directions](opt-out.md) to opt out.
Expand Down
53 changes: 53 additions & 0 deletions whats-new.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# What's new with Allstar

Major features and changes added to Allstar.

## Added since last release

-

## Release v2.0

- Branch Protection added the `requireStatusChecks` setting to ensure listed
status checks are set in protection settings. Also enforces the
`requireUpToDateBranch` option, if `requireStatusChecks` is set.

- You may now opt-out of repos marked as "archived" in GitHub with the
`optOutArchivedRepos` option.

- Binary Artifacts policy issue text improved.

- A custom footer can be added to all issues created in an organization with
the `issueFooter` option.

- Branch Protection now supports the "fix" action.

## Proposed functionality changes in v2.0

- Option `testingOwnerlessAllowed` in Outside Collaborator policy. Currently
defaults true, proposal to default to false in next release.

- Note: this was temporarily enabled in Jan, but then turned off due to a bug.

## Pre v2.0

Regular releases were not made before v2.0, so all previous notes are here.

- All issues for an org can be routed to a single repo using the `issueRepo`
setting.

- Org config can now be located in `.github/allstar` as a secondary location
after the `.allstar` repo.

- Issues can be created with a custom label using the `issueLabel` option.

- Private or Public repositories can be opt-out as a group with the
`optOutPrivateRepos` or `optOutPublicRepos` options.

- We will retroactively call this Allstar v1.0: Allstar announced
https://openssf.org/blog/2021/08/11/introducing-the-allstar-github-app/

- Initial policies and features built

- Allstar was proposed to the OpenSSF Securing Critical Projects WG and
accepted https://youtu.be/o3SiBDUTCrw?t=300

0 comments on commit 221073f

Please sign in to comment.