open-telemetry
diff --git a/‎.github/ISSUE_TEMPLATE/gc_member_onboarding.md‎
Lines changed: 16 additions & 1 deletion b/‎.github/ISSUE_TEMPLATE/gc_member_onboarding.md‎
Lines changed: 16 additions & 1 deletion
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/build.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/fossa.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/fossa.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/issue-management-feedback-label.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/issue-management-feedback-label.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/spell-check.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/spell-check.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/table-check.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/table-check.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.lychee.toml‎
Lines changed: 3 additions & 0 deletions b/‎.lychee.toml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 0 deletions b/‎Makefile‎
Lines changed: 1 addition & 0 deletions
@@ -55,7 +55,7 @@ The existing member must:
       via email.
 - [ ] After invite is accepted, add them to the `Owners` group as a `Manager`.
 
-The  current member must:
+The new member must:
 
 - [ ] Accept invitation and create new account on [OpenTelemetry 1Password](https://opentelemetry.1password.com).
 - [ ] Validate they have `Manager` access to `Owners` group, and that the group
@@ -141,6 +141,8 @@ The new member must:
 
 - [ ] Validate they have write access to the documents listed above.
 
+_Note: Confidential documents shared only between GC members are stored under the admin google account and never shared with private accounts. To see/edit them, you must login into the admin google account._
+
 ### Zapier
 Zapier is used to sync meeting recordings from Zoom to a publicly viewable
 Google spreadsheet (see https://github.com/open-telemetry/community/blob/main/docs/how-meeting-recordings-upload-works.md
@@ -149,6 +151,19 @@ for more details).
 The new member must:
 - [ ] Validate they can log in to https://zapier.com with the credentials in 1Password.
 
+### FOSSA
+The CNCF FOSSA Service is a static code checker that codifies and monitors the project's compliance with the [CNCF's 3rd Party License policy](https://github.com/cncf/foundation/blob/main/policies-guidance/allowed-third-party-license-policy.md#cncf-allowlist-license-policy).
+
+The existing member must:
+
+- [ ] Send an email to [email protected] to request invitation of the new member to [FOSSA](https://app.fossa.com/)
+- [ ] After invite is accepted, add them to the [OpenTelemetry Team](https://app.fossa.com/account/settings/organization/teams/78675).
+
+The new member must:
+
+- [ ] Accept invitation and create account.
+- [ ] Validate they are in the [OpenTelemetry Team](https://app.fossa.com/account/settings/organization/teams/78675).
+
 ## Meetings and Ceremonies
 As per GC charter, all members are expected to attend the following meetings:
 
 
@@ -19,7 +19,7 @@ jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Run markdown-link-check
         run: make markdown-link-check
 
@@ -28,14 +28,14 @@ jobs:
           - language: python
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           languages: ${{ matrix.language }}
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           category: "/language:${{matrix.language}}"
@@ -12,7 +12,7 @@ jobs:
   fossa:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
         with:
 
@@ -17,7 +17,7 @@ jobs:
       github.event.comment.user.login == github.event.issue.user.login
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Remove label
         env:
 
@@ -19,7 +19,7 @@ jobs:
       # Needed for GitHub OIDC token if publish_results is true
       id-token: write
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           sarif_file: results.sarif
@@ -11,7 +11,7 @@ jobs:
   spelling-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: streetsidesoftware/cspell-action@76c6f6d52abd57f4bcab5f3fde1bbd4f19a99eb0 # v7.2.1
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: streetsidesoftware/cspell-action@3294df585d3d639e30f3bc019cb11940b9866e95 # v8.0.0
         with:
           config: .cspell.yaml
@@ -11,6 +11,6 @@ jobs:
   table-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: verify SIG tables in README.md
         run: make table-check
@@ -17,6 +17,9 @@ remap = [
 exclude = [
     # workaround for https://github.com/lycheeverse/lychee/issues/1729
     '^https://github.com/.*/(pull|issues|commit|compare)/.*#.*$',
+    # this page got large and is now progressively loaded, so fails the link check
+    # but works in a browser
+    "https://github.com/orgs/community/discussions/63402#discussioncomment-10341167",
     # excluding links to user profiles is done for performance
     # because there are a lot of links to user profiles in this repository
     # and GitHub extra throttles access to user profile pages
 
@@ -18,6 +18,7 @@ table-check:
 markdown-link-check:
 	docker run --rm \
 		--mount 'type=bind,source=$(PWD),target=/home/repo' \
+		-e GITHUB_TOKEN \
 		lycheeverse/lychee:sha-8222559@sha256:6f49010cc46543af3b765f19d5319c0cdd4e8415d7596e1b401d5b4cec29c799 \
 		--config home/repo/.lychee.toml \
 		--root-dir /home/repo \