diff --git a/create-commit-security-md.py b/create-commit-security-md.py new file mode 100644 index 00000000..7af31d25 --- /dev/null +++ b/create-commit-security-md.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 +""" +Module Docstring +""" + +__author__ = "David Morris (gm3dmo@gmail.com)" +__version__ = "0.1.0" +__license__ = "MIT" + +import os +import json +import string +import base64 +import argparse +import logging +import thepower +from pathlib import Path +from datetime import datetime + + +def main(args): + + power_config = thepower.read_dotcom_config(args.power_config) + args.extension = power_config.get('dummy_section','file_extension').strip('"') + args.default_committer = power_config.get('dummy_section','default_committer',).strip('"') + + p = Path('test-data/security.md_') + json_file = f"""tmp/create-commit-security-md.json""" + filename_in_repo = f"""/SECURITY.md""" + with open(p, 'rb') as ct: + t = {} + chapter_content = ct.read() + chapter_base64 = base64.encodebytes(chapter_content) + t["message"] = f"""A SECURITY.md file.""" + t["committer"] = {} + t["committer"]["name"] = args.default_committer + t["committer"]["email"] = f"noreply+{args.default_committer}@example.com" + t["content"] = chapter_base64.decode('UTF-8') + with open(json_file, 'w') as out_file: + out_file.write(json.dumps(t)) + +if __name__ == "__main__": + """ This is executed when run from the command line """ + parser = argparse.ArgumentParser() + parser.add_argument("-c", "--power-config", action="store", dest="power_config", default=".gh-api-examples.conf", help="This is the config file to use to access variables for the power.") + parser.add_argument("-e", "--extension", action="store", dest="extension", default="c") + args = parser.parse_args() + + main(args) diff --git a/create-commit-security-md.sh b/create-commit-security-md.sh new file mode 100755 index 00000000..ab388989 --- /dev/null +++ b/create-commit-security-md.sh @@ -0,0 +1,13 @@ +. ./.gh-api-examples.conf + +# https://docs.github.com/en/rest/reference/repos#create-or-update-file-contents +# PUT /repos/:owner/:repo/contents/:path +# + +python3 create-commit-security-md.py + +curl ${curl_custom_flags} \ + -X PUT \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: Bearer ${GITHUB_TOKEN}" \ + ${GITHUB_API_BASE_URL}/repos/${org}/${repo}/contents/SECURITY.md --data @tmp/create-commit-security-md.json diff --git a/test-data/security.md_ b/test-data/security.md_ new file mode 100644 index 00000000..f519ab76 --- /dev/null +++ b/test-data/security.md_ @@ -0,0 +1,42 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the `standard` +project. + + * [Reporting a Bug](#reporting-a-bug) + * [Disclosure Policy](#disclosure-policy) + * [Comments on this Policy](#comments-on-this-policy) + +## Reporting a Bug + +The `standard` team and community take all security bugs in `standard` seriously. +Thank you for improving the security of `standard`. We appreciate your efforts and +responsible disclosure and will make every effort to acknowledge your +contributions. + +Report security bugs by emailing the lead maintainer at feross@feross.org. + +The lead maintainer will acknowledge your email within 48 hours, and will send a +more detailed response within 48 hours indicating the next steps in handling +your report. After the initial reply to your report, the security team will +endeavor to keep you informed of the progress towards a fix and full +announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining +the module. + +## Disclosure Policy + +When the security team receives a security bug report, they will assign it to a +primary handler. This person will coordinate the fix and release process, +involving the following steps: + + * Confirm the problem and determine the affected versions. + * Audit code to find any potential similar problems. + * Prepare fixes for all releases still under maintenance. These fixes will be + released as fast as possible to npm. + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request.