From 9b7a583e4672301290515d15e0a77897b0c42ed0 Mon Sep 17 00:00:00 2001 From: Mike Nolan Date: Mon, 18 Aug 2025 13:39:48 +0100 Subject: [PATCH 1/6] Create initial files from repo-scaffolder --- .github/CODEOWNERS.md | 35 ++++ .github/ISSUE_TEMPLATE/add_team_request.md | 20 +++ .../outside_collaborator_request.md | 22 +++ .github/codejson/cookiecutter.json | 67 ++++++++ .github/workflows/auto-changelog.yml | 15 ++ .github/workflows/contributors.yml | 78 +++++++++ .github/workflows/gitleaks.yml | 15 ++ .github/workflows/repoHygieneCheck.yml | 80 +++++++++ COMMUNITY.md | 113 ++++++++++++ SECURITY.md | 6 + repolinter.json | 162 ++++++++++++++++++ 11 files changed, 613 insertions(+) create mode 100644 .github/CODEOWNERS.md create mode 100644 .github/ISSUE_TEMPLATE/add_team_request.md create mode 100644 .github/ISSUE_TEMPLATE/outside_collaborator_request.md create mode 100644 .github/codejson/cookiecutter.json create mode 100644 .github/workflows/auto-changelog.yml create mode 100644 .github/workflows/contributors.yml create mode 100644 .github/workflows/gitleaks.yml create mode 100644 .github/workflows/repoHygieneCheck.yml create mode 100644 COMMUNITY.md create mode 100644 SECURITY.md create mode 100644 repolinter.json diff --git a/.github/CODEOWNERS.md b/.github/CODEOWNERS.md new file mode 100644 index 000000000..2b9c6a417 --- /dev/null +++ b/.github/CODEOWNERS.md @@ -0,0 +1,35 @@ +# Code Owners + + + + +- nolski +- zungundp + + +## Repo Domains + + + +/docs/ {Git usernames of documentation owners} +/frontend/ {Git usernames of frontend owners} diff --git a/.github/ISSUE_TEMPLATE/add_team_request.md b/.github/ISSUE_TEMPLATE/add_team_request.md new file mode 100644 index 000000000..873d69e2f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/add_team_request.md @@ -0,0 +1,20 @@ +--- +name: Add Team to Repository Request Ticket +about: Ticket for requesting team to be added to repository +title: "[REQUEST]: " +labels: # TODO: Add labels for categorization of requests +assignees: # TODO: Add organization owner or help desk team +--- + +## Request a New Team to be Added to a Repository + +Please fill out the form below to request a new team to be added to a repository. + +### Information Required + +Team Name: +Reason for Access: + +### Additional Notes (Optional) + + diff --git a/.github/ISSUE_TEMPLATE/outside_collaborator_request.md b/.github/ISSUE_TEMPLATE/outside_collaborator_request.md new file mode 100644 index 000000000..597306722 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/outside_collaborator_request.md @@ -0,0 +1,22 @@ +--- +name: Outside Collaborator Repository Access Request Ticket +about: Ticket for requesting outside collaborator to be added to repository +title: "[REQUEST]: " +labels: # TODO: Add labels for categorization of requests +assignees: # TODO: Add organization owner or help desk team +--- + +## Request an outside collaborator to be added to repository + +For individuals that are not members of the UNDP GitHub organization, these outside collaborators can request access to a repository. Fill out this issue to file the request or make a pull request to the `COMMUNITY.md` file, then a repository admin will grant access. + +### Information Required + +Name of individual: +GitHub username: +Role in project: +Role in repository according to COMMUNITY.md (Maintainer, Approver, Reviewer): + +### Additional Notes (Optional) + + diff --git a/.github/codejson/cookiecutter.json b/.github/codejson/cookiecutter.json new file mode 100644 index 000000000..fb4079fea --- /dev/null +++ b/.github/codejson/cookiecutter.json @@ -0,0 +1,67 @@ +{ + "project_name": "UNDP National Carbon Credit Registry", + "project_repo_name": "undp-national-carbon-registry", + "project_org": "UNDP", + "description": "A short description of the project.", + "long_description": "A longer description of the project.", + "status": ["ideation", "development", "alpha", "beta", "release candidate", "production", "archival"], + "license": ["CC0-1.0", "Apache-2.0", "MIT", "MPL-2.0", "GPL-2.0-only", "GPL-3.0-only", "GPL-3.0-or-later", "LGPL-2.1-only", "LGPL-3.0-only", "BSD-2-Clause", "BSD-3-Clause", "EPL-2.0", "Other"], + "usage_type" : ["openSource", "governmentWideReuse", "exemptByLaw", "exemptByNationalSecurity", "exemptByAgencySystem", "exemptByAgencyMission", "exemptByCIO", "exemptByPolicyDate"], + "repository_host": ["github.com/CMSgov", "github.com/CMS-Enterprise", "github.com/DSACMS", "github.cms.gov", "CCSQ GitHub"], + "repository_visibility": ["public", "private"], + "vcs": ["git", "hg", "svn", "rcs", "bzr"], + "forks": 0, + "platforms": "web, windows, mac, linux, ios, android, other", + "categories": "healthcare", + "software_type":["standalone/mobile", "standalone/iot", "standalone/desktop", "standalone/web", "standalone/backend", "standalone/other", "addon", "library", "configurationFiles"], + "languages": "", + "maintenance": ["internal", "contract", "community", "none"], + "contract_number": 0, + "tags": "dsacms-tier2", + "contact_email": "opensource@cms.hhs.gov", + "contact_name": "CMS Open Source Program Office", + "feedback_mechanisms": "https://github.com/UNDP/undp-national-carbon-registry/issues", + "localisation": ["true", "false"], + "repository_type" : ["Package", "Website", "Standards", "Libraries", "Data", "Apps", "Tools", "APIs", "Docs"], + "user_input": ["Yes", "No"], + "fisma_level": ["Low", "Moderate", "High"], + "group": "CMS/OA/DSAC", + "projects": "", + "systems": "", + "upstream": "", + "subset_in_healthcare": "Policy, Operational, Medicare, Medicaid", + "user_type": "Providers, Patients, Government", + "__prompts__": { + "project_name": "What is the name of the project or software?", + "project_repo_name": "What is the name of the repository?", + "project_org": "What CMS GitHub organization is it under?", + "description": "Provide a short description of the software. It should be a single line containing a single sentence. Maximum 150 characters are allowed.", + "long_description": "Provide longer description of the software, between 150 and 10000 chars. It is meant to provide an overview of the capabilities of the software for a potential user.", + "status": "What is the status of the project?", + "license": "What license is the project under?", + "usage_type": "What is the usage type for this project? For more information on each option, visit github.com/DSACMS/gov-codejson", + "repository_host": "Where is the repository hosted?", + "vcs": "What version control system is used?", + "forks": "How many forks does the repository have?", + "platforms": "What platform does the software runs on? Separate items by commas.", + "categories": "What categories best describes the project? Separate items by commas. List of categories here: https://yml.publiccode.tools/categories-list.html?highlight=categories", + "software_type": "What type of software is the project?", + "languages": "What programming language(s) is the software written in? Separate items by commas.", + "maintenance": "How is the software maintained?", + "contract_number": "What is the contractor number of the project?", + "tags": "Provide a list of tags to describe the software for search. Separate items by commas.", + "contact_name": "A point of contact is needed for the project. What is the name of the point of contact?", + "contact_email": "What is email address of the point of contact?", + "feedback_mechanisms": "What are methods a repository receives feedback from the community (e.g. URL to GitHub repository issues page, website, email)", + "localisation": "Does the software support multiple spoken languages?", + "repository_type": "What type of repository is this project?", + "user_input": "Does the project accept user input? (e.g. allows user to query a database, allows login by users, upload files, etc.)", + "fisma_level": "What FISMA level is this project classified as? Learn more: https://security.cms.gov/learn/federal-information-security-modernization-act-fisma#perform-system-risk-categorization", + "group": "Which group at CMS is the project part of?", + "projects": "What project is the repository associated with? Separate items by commas.", + "systems": "What systems does the repository use or interface with? Separate items by commas.", + "upstream": "What upstream dependencies does the repository use? Separate items by commas.", + "subset_in_healthcare": "Which subset of healthcare does the project belong to?", + "user_type": "Who are the intended users?" + } +} \ No newline at end of file diff --git a/.github/workflows/auto-changelog.yml b/.github/workflows/auto-changelog.yml new file mode 100644 index 000000000..b406d8441 --- /dev/null +++ b/.github/workflows/auto-changelog.yml @@ -0,0 +1,15 @@ +name: Changelog +on: + release: + types: + - created +jobs: + changelog: + runs-on: ubuntu-latest + steps: + - name: "Auto Generate changelog" + uses: heinrichreimer/action-github-changelog-generator@v2.3 + with: + + token: ${{ secrets.GITHUB_TOKEN }} + \ No newline at end of file diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml new file mode 100644 index 000000000..fb5b07273 --- /dev/null +++ b/.github/workflows/contributors.yml @@ -0,0 +1,78 @@ +name: Update Contributors Information + +on: + workflow_dispatch: {} + schedule: + # Weekly on Saturdays. + - cron: "30 1 * * 6" + push: + branches: [main] + +jobs: + update-contributors: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Update contributor list + id: contrib_list + uses: akhilmhdh/contributors-readme-action@v2.3.10 + env: + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + with: + readme_path: COMMUNITY.md + use_username: false + commit_message: "update contributors information" + + - name: Get contributors count + id: get_contributors + env: + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + + run: | + OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) + REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) + QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }' + + CONTRIBUTORS=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "/repos/$OWNER/$REPO/contributors?per_page=100" | \ + jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length') + + echo "Total contributors: $CONTRIBUTORS" + echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT + + + - name: Update COMMUNITY.md + run: | + + CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" + + + perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md + + git config user.name 'github-actions[bot]' + git config user.email 'github-actions[bot]@users.noreply.github.com' + git add COMMUNITY.md + git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 + + - name: Push protected + uses: CasperWA/push-protected@v2 + with: + + token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} + + + branch: main \ No newline at end of file diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 000000000..94ae3f024 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,15 @@ +name: Check for Secrets +on: + pull_request: + push: + +jobs: + scan-for-secrets: + name: Run gitleaks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: {fetch-depth: 0} + + - name: Check for GitLeaks + uses: gacts/gitleaks@v1 \ No newline at end of file diff --git a/.github/workflows/repoHygieneCheck.yml b/.github/workflows/repoHygieneCheck.yml new file mode 100644 index 000000000..24df84125 --- /dev/null +++ b/.github/workflows/repoHygieneCheck.yml @@ -0,0 +1,80 @@ +name: "Repository Hygiene Check" +on: + push: + branches: + - 'main' + workflow_dispatch: + +jobs: + check-first-run: + name: Check For First Run + runs-on: ubuntu-latest + outputs: + + should_run: ${{ steps.check.outputs.should_run }} + + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v4 + - id: check + run: | + # If manually triggered, always run + + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + + echo "should_run=true" >> $GITHUB_OUTPUT + exit 0 + fi + + # Check if initialization label exists + has_label=$(gh label list --json name | jq '.[] | select(.name=="repolinter-initialized")') + + if [[ -z "$has_label" ]]; then + # First time - create label and allow run + gh label create repolinter-initialized --description "Marks repo as having run initial repolinter check" + echo "should_run=true" >> $GITHUB_OUTPUT + else + echo "should_run=false" >> $GITHUB_OUTPUT + fi + env: + + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + + resolve-repolinter-json: + name: Get Repolinter Config + needs: check-first-run + + if: needs.check-first-run.outputs.should_run == 'true' + + uses: DSACMS/repo-scaffolder/.github/workflows/extendJSONFile.yml@main + with: + url_to_json: 'https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier2/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json' + + repolinter-checks: + name: Tier 2 Checks + needs: [check-first-run, resolve-repolinter-json] + + if: needs.check-first-run.outputs.should_run == 'true' + + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + env: + + RAW_JSON: ${{ needs.resolve-repolinter-json.outputs.raw-json }} + + steps: + - uses: actions/checkout@v4 + - run: echo $RAW_JSON > repolinter.json + - uses: DSACMS/repolinter-action@main + with: + config_file: 'repolinter.json' + output_type: 'pull-request' + pull_request_labels: 'repolinter-initialized, cms-oss, cms-gov' + + token: ${{ secrets.REPOLINTER_AUTO_TOKEN }} + \ No newline at end of file diff --git a/COMMUNITY.md b/COMMUNITY.md new file mode 100644 index 000000000..1d60f6141 --- /dev/null +++ b/COMMUNITY.md @@ -0,0 +1,113 @@ +# COMMUNITY.md + +undp-national-carbon-registry is supported by a dedicated team of individuals fulfilling various roles to ensure its success, security, and alignment with government standards and agency goals. + +## Project Members + + + +| Role | Name | Affiliation | +| :----- | :------ | :------------- | +| Technical Lead | Mike Nolan | UNDP | +| Product Lead | Vu Hanh Dung Nguyen | UNDP | +| | | | + + + + + + + + + + + + + + + + + + + + +## UNDP National Carbon Credit Registry Open Source Community Guidelines + +This document contains principles and guidelines for participating in the UNDP National Carbon Credit Registry open source community. + +### Principles + +These principles guide our data, product, and process decisions, architecture, and approach. + +- Open means transparent and participatory. +- We take a modular and modern approach to software development. +- We build open-source software and open-source process. +- We value ease of implementation. +- Fostering community includes building capacity and making our software and processes accessible to participants with diverse backgrounds and skillsets. +- Data (and data science) is as important as software and process. We build open data sets where possible. +- We strive for transparency for algorithms and places we might be introducing bias. + +### Community Guidelines + +All community members are expected to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md). + +Information on contributing to this repository is available in our [Contributing file](CONTRIBUTING.md). + +When participating in UNDP National Carbon Credit Registry open source community conversations and spaces, we ask individuals to follow the following guidelines: + +- When joining a conversation for the first time, please introduce yourself by providing a brief intro that includes: + - your related organization (if applicable) + - your pronouns + - your superpower, and how you hope to use it for UNDP National Carbon Credit Registry +- Embrace a culture of learning, and educate each other. We are all entering this conversation from different starting points and with different backgrounds. There are no dumb questions. +- Take space and give space. We strive to create an equitable environment in which all are welcome and able to participate. We hope individuals feel comfortable voicing their opinions and providing contributions and will do our best to recognize and make space for individuals who may be struggling to find space here. Likewise, we expect individuals to recognize when they are taking up significant space and take a step back to allow room for others. + +- Be respectful. +- Default to positive. Assume others' contributions are legitimate and valuable and that they are made with good intention. + +### Acknowledgements + +The Community Guidelines sections were originally forked from the [United States Digital Service](https://usds.gov) [Justice40](https://thejustice40.com) open source [repository](https://github.com/usds/justice40-tool), and we would like to acknowledge and thank the community for their contributions. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..f2d3d6ef0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,6 @@ +# Security and Responsible Disclosure Policy + +The Centers for Medicare & Medicaid Services is committed to ensuring the security of the American public by protecting their information from unwarranted disclosure. We want security researchers to feel comfortable reporting vulnerabilities they have discovered so we can fix them and keep our users safe. We developed our disclosure policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith. + +*Submit a vulnerability:* Vulnerability reports can be submitted via email. + diff --git a/repolinter.json b/repolinter.json new file mode 100644 index 000000000..5db43b506 --- /dev/null +++ b/repolinter.json @@ -0,0 +1,162 @@ +{ + "extends": "https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier1/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json", + "$schema": "https://raw.githubusercontent.com/todogroup/repolinter/master/rulesets/schema.json", + "version": 2, + "axioms": { + "linguist": "language", + "licensee": "license", + "packagers": "packager" + }, + "rules": { + "contributing-file-exists": { + "level": "error" + }, + "code-of-conduct-file-exists": { + "level": "error" + }, + "community-guidelines-file-exists": { + "level": "error" + }, + "readme-contains-project-vision": { + "level": "error" + }, + "readme-contains-project-mission": { + "level": "error" + }, + "readme-contains-agency-mission": { + "level": "error" + }, + "readme-contains-team-mission": { + "level": "error" + }, + "readme-contains-core-team": { + "level": "error" + }, + "readme-contains-documentation-index": { + "level": "warning" + }, + "readme-contains-repository-structure": { + "level": "warning" + }, + "readme-contains-development-and-software-delivery-lifecycle": { + "level": "warning" + }, + "readme-contains-local-development": { + "level": "error" + }, + "readme-contains-coding-style-and-linters": { + "level": "error" + }, + "readme-contains-branching-model": { + "level": "warning" + }, + "readme-contains-contributing": { + "level": "error" + }, + "readme-contains-codeowners": { + "level": "error" + }, + "readme-contains-community": { + "level": "error" + }, + "readme-contains-community-guidelines": { + "level": "error" + }, + "readme-contains-governance": { + "level": "warning" + }, + "readme-contains-feedback": { + "level": "warning" + }, + "readme-contains-glossary": { + "level": "warning" + }, + "contributing-contains-how-to-contribute": { + "level": "error" + }, + "contributing-contains-getting-started": { + "level": "error" + }, + "contributing-contains-team-specific-guidelines": { + "level": "warning" + }, + "contributing-contains-building-dependencies": { + "level": "error" + }, + "contributing-contains-building-the-project": { + "level": "error" + }, + "contributing-contains-workflow-and-branching": { + "level": "error" + }, + "contributing-contains-testing-conventions": { + "level": "warning" + }, + "contributing-contains-coding-style-and-linters": { + "level": "error" + }, + "contributing-contains-writing-issues": { + "level": "error" + }, + "contributing-contains-writing-pull-requests": { + "level": "warning" + }, + "contributing-contains-reviewing-pull-requests": { + "level": "warning" + }, + "contributing-contains-shipping-releases": { + "level": "warning" + }, + "contributing-contains-documentation": { + "level": "warning" + }, + "contributing-contains-policies": { + "level": "error" + }, + "contributing-contains-open-source-policy": { + "level": "error" + }, + "contributing-contains-security-and-responsible-disclosure-policy": { + "level": "error" + }, + "contributing-contains-public-domain": { + "level": "error" + }, + "community-contains-table-of-project-members": { + "level": "error" + }, + "community-contains-roles-and-responsibilities": { + "level": "warning" + }, + "community-contains-maintainers-list": { + "level": "warning" + }, + "community-contains-approvers-list": { + "level": "warning" + }, + "community-contains-reviewers-list": { + "level": "warning" + }, + "community-contains-contributors": { + "level": "warning" + }, + "community-contains-alumni": { + "level": "warning" + }, + "community-contains-principles": { + "level": "error" + }, + "community-contains-community-guidelines": { + "level": "error" + }, + "community-contains-acknowledgements": { + "level": "error" + }, + "code-of-conduct-contains-contributor-code-of-conduct": { + "level": "error" + }, + "code-of-conduct-contains-acknowledgements": { + "level": "error" + } + } +} \ No newline at end of file From deb3d2431ddaf31a733b67b7331386aa3bdfcfc3 Mon Sep 17 00:00:00 2001 From: Mike Nolan Date: Tue, 26 Aug 2025 11:56:38 +0100 Subject: [PATCH 2/6] Update templates from repo-scaffolder --- .github/ISSUE_TEMPLATE/bug_report.md | 38 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 ++++++++++++ SECURITY.md | 5 ++- 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..dd84ea782 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..bbcbbe7d6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/SECURITY.md b/SECURITY.md index f2d3d6ef0..4b6665d9c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,5 @@ # Security and Responsible Disclosure Policy -The Centers for Medicare & Medicaid Services is committed to ensuring the security of the American public by protecting their information from unwarranted disclosure. We want security researchers to feel comfortable reporting vulnerabilities they have discovered so we can fix them and keep our users safe. We developed our disclosure policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith. - -*Submit a vulnerability:* Vulnerability reports can be submitted via email. +UNDP is committed to ensuring the security of the DPG users by protecting their information from unwarranted disclosure. We want security researchers to feel comfortable reporting vulnerabilities they have discovered so we can fix them and keep our users safe. We developed our disclosure policy to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith. +*Submit a vulnerability:* Vulnerability reports can be submitted via email by reaching out to one of the maintainers of this repository. Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days. From 332fd6da3867780221bfbe3e230194ed6f2dcc56 Mon Sep 17 00:00:00 2001 From: Mike Nolan Date: Wed, 3 Sep 2025 12:51:36 +0100 Subject: [PATCH 3/6] Update repolinter to remove irrelevant errors --- repolinter.json | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/repolinter.json b/repolinter.json index 5db43b506..f9e14565b 100644 --- a/repolinter.json +++ b/repolinter.json @@ -17,18 +17,6 @@ "community-guidelines-file-exists": { "level": "error" }, - "readme-contains-project-vision": { - "level": "error" - }, - "readme-contains-project-mission": { - "level": "error" - }, - "readme-contains-agency-mission": { - "level": "error" - }, - "readme-contains-team-mission": { - "level": "error" - }, "readme-contains-core-team": { "level": "error" }, @@ -45,7 +33,7 @@ "level": "error" }, "readme-contains-coding-style-and-linters": { - "level": "error" + "level": "warning" }, "readme-contains-branching-model": { "level": "warning" @@ -53,24 +41,12 @@ "readme-contains-contributing": { "level": "error" }, - "readme-contains-codeowners": { - "level": "error" - }, - "readme-contains-community": { - "level": "error" - }, "readme-contains-community-guidelines": { "level": "error" }, "readme-contains-governance": { "level": "warning" }, - "readme-contains-feedback": { - "level": "warning" - }, - "readme-contains-glossary": { - "level": "warning" - }, "contributing-contains-how-to-contribute": { "level": "error" }, @@ -159,4 +135,4 @@ "level": "error" } } -} \ No newline at end of file +} From 5ead3e09d9e49f58c48d43930f82de81392d395f Mon Sep 17 00:00:00 2001 From: Mike Nolan Date: Wed, 3 Sep 2025 13:58:10 +0100 Subject: [PATCH 4/6] Update readme to work with repolinter configs --- README.md | 65 +++++++++++++++++++++++++++++-------------------- repolinter.json | 14 +++-------- 2 files changed, 42 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index a2832542b..24939c624 100644 --- a/README.md +++ b/README.md @@ -7,26 +7,26 @@ -# National Carbon Credit Registry (NEW RELEASE) +# National Carbon Credit Registry (NEW RELEASE) # About -The National Carbon Credit Registry (v2.0) is an open-source toolkit developed by UNDP to help countries develop a national registry to fulfil the requirements of Article 6 (Paris Agreement). +The National Carbon Credit Registry (v2.0) is an open-source toolkit developed by UNDP to help countries develop a national registry to fulfil the requirements of Article 6 (Paris Agreement). -It allows countries to track, record, issue, monitor, and trade credits from various mitigation activities, all while ensuring data integrity through a secure ledger. The system tracks the entire process of carbon credits, from issuance to retirement, and makes the data publicly available to enhance transparency. +It allows countries to track, record, issue, monitor, and trade credits from various mitigation activities, all while ensuring data integrity through a secure ledger. The system tracks the entire process of carbon credits, from issuance to retirement, and makes the data publicly available to enhance transparency. -The UNDP hosts and maintains a free standard code base on this Github, with basic feature functionality. Countries can customize and deploy their version of the registry, so that it meets national requirements, linking it to other national and international systems. Using open-source code helps reduce costs, avoid duplication, and ensure compatibility with existing systems, simplifying the creation of domestic carbon markets. +The UNDP hosts and maintains a free standard code base on this Github, with basic feature functionality. Countries can customize and deploy their version of the registry, so that it meets national requirements, linking it to other national and international systems. Using open-source code helps reduce costs, avoid duplication, and ensure compatibility with existing systems, simplifying the creation of domestic carbon markets. The National Carbon Registry enables carbon credit tracking transactions from mitigation activities, as the digital implementation of the Paris Agreement. Any country can customize and deploy a local version of the registry then connect it to other national & international registries, MRV systems, and more. -More information about the project’s background, vision, policy context, support provided can be found in the demo site https://www.demo.carbreg.org/. For national governments wishing to access the demo site to adapt the system, please contact the UNDP DPG team digital4planet@undp.org through your UNDP country office to request a walkthrough demonstration and to discuss further support and collaboration. +More information about the project’s background, vision, policy context, support provided can be found in the demo site https://www.demo.carbreg.org/. For national governments wishing to access the demo site to adapt the system, please contact the UNDP DPG team digital4planet@undp.org through your UNDP country office to request a walkthrough demonstration and to discuss further support and collaboration. The system continues to offer the below key features: - **User and Organization Management:** The system supports roles like Designated National Authority (DNA), Project Developers (PD), and Independant Certifiers (IC), each with Admin, Manager, or Viewer access. Users can register, log in, and reset passwords. Organizations are created and approved by DNA admins or the root user, with status management. - **Project Lifecycle:** Projects go through phases: Initial Notification form submission, Project Design Document submission, Validation Report submission, and final Authorization. Each step requires approvals from DNA or IC, with clear statuses and automated notifications. With the Monitoring and Verification reports submissions and approvals, the carbon credits are issued for the project for the amount that was approved when the project was authorized. - **Credit Transfers and Retirements:** Issued credits can be transferred to other approved organizations or retired voluntarily or through cross-border processes. Transfers and retirements require approval from the DNA. All actions are tracked in detailed tables with status updates. -- **Dashboard and Reporting:** - The dashboard displays overall system statistics, including all relevant projects and credit details. Users can also access comprehensive project information on the project detail overview page. This includes an activity timeline, which provides a clear audit trail of all actions performed by stakeholders, ensuring transparency and traceability throughout the project lifecycle. +- **Dashboard and Reporting:** + The dashboard displays overall system statistics, including all relevant projects and credit details. Users can also access comprehensive project information on the project detail overview page. This includes an activity timeline, which provides a clear audit trail of all actions performed by stakeholders, ensuring transparency and traceability throughout the project lifecycle. Additionally, the system supports Agreed Electronic Format (AEF) reports, allowing structured reporting of data such as, authorizations, issuances, transfers, and retirements ensuring international compliance and data standardization. ## Index @@ -38,7 +38,7 @@ The system continues to offer the below key features: * [Architecture](#architecture) * [Project Structure](#structure) * [Run as Containers](#container) -* [Run Services Locally](#local) +* [Run Services Locally](#local-development) * [Run Services on Cloud](#cloud) * [User Onboarding](#user) * [Web Frontend](#frontend) @@ -46,16 +46,18 @@ The system continues to offer the below key features: * [API](#api) * [Status Page](#status) * [Governance & Support](#support) +* [Contributing](#contributing) +* [Community Guidelines](#community) ## Standards and License -This codebase follows the digital public goods standard: https://digitalpublicgoods.net/standard/ It is built according to the Principles for Digital Development: https://digitalprinciples.org/ +This codebase follows the digital public goods standard: https://digitalpublicgoods.net/standard/ It is built according to the Principles for Digital Development: https://digitalprinciples.org/ -The tool is developed and maintained by UNDP and is licensed under the GNU Affero General Public License (AGPL-3.0), which permits free use, modification, and sharing of the software. +The tool is developed and maintained by UNDP and is licensed under the GNU Affero General Public License (AGPL-3.0), which permits free use, modification, and sharing of the software. -We kindly ask users to inform us of your usage by contacting digital4planet@undp.org, as this helps us track the tool’s impact and guide future improvements. +We kindly ask users to inform us of your usage by contacting digital4planet@undp.org, as this helps us track the tool’s impact and guide future improvements. -Under AGPL-3.0, any modifications to the code must be made publicly available by creating a new branch on GitHub. The software cannot be relicensed under more restrictive terms without adhering to the AGPL-3.0 guidelines. Developers may anonymyse or remove any sensitive or identifiable data (customisations) before resubmitting code. +Under AGPL-3.0, any modifications to the code must be made publicly available by creating a new branch on GitHub. The software cannot be relicensed under more restrictive terms without adhering to the AGPL-3.0 guidelines. Developers may anonymyse or remove any sensitive or identifiable data (customisations) before resubmitting code. @@ -63,8 +65,8 @@ Under AGPL-3.0, any modifications to the code must be made publicly available by [Learn about the latest improvements.](./CHANGES.md) -## Features and User Flow -Every country has distinct carbon market policies, processes, and governance structures and will need to customize the Carbon Registry to accommodate local needs. +## Features and User Flow +Every country has distinct carbon market policies, processes, and governance structures and will need to customize the Carbon Registry to accommodate local needs. The open-source code (demo version) includes the following common set of steps (features) that will be needed in most countries. @@ -76,7 +78,7 @@ The open-source code (demo version) includes the following common set of steps ( - **Credit Transfer/Retirement:** Issued credits can be traded domestically or internationally. Credits can be tracked, retired, or cancelled within the Registry, ensuring proper ownership transfer and preventing double counting. -Key features of the software include: +Key features of the software include: - **Updated default Serial Numbers**: Each Carbon Credit Document has a Serial Number (ID). The Demo Carbon Registry is aligned to UNFCCC's Article 6.4 Guidance Decision 5/CMA.4 This can be adapted to other types of Carbon Credits. - **Reporting module**: The Registry automatically generates reports in the Agreed Electronic Format (AEF) for Article 6.2 of the Paris Agreement. @@ -88,8 +90,8 @@ Key features of the software include: - **Interoperable & Exportable Data**: The Data Model is aligned with the CAD Trust data standard and the ITMO Registry Standard Connection Platform. An Open RESTful API Allows for Additional Integrations and Innovation. -## Demo Site -A demo site at https://www.demo.carbreg.org/login illustrates the basic functionality of the carbon registry for your country. Please contact the UNDP DPG team to request a walkthrough of the demo and to be added to the user list for the demo site. +## Demo Site +A demo site at https://www.demo.carbreg.org/login illustrates the basic functionality of the carbon registry for your country. Please contact the UNDP DPG team to request a walkthrough of the demo and to be added to the user list for the demo site. @@ -293,9 +295,9 @@ The below diagram demonstrates the ledger behavior of project create, authorise, - http://localhost:3000/national#/ - http://localhost:3100/stats#/ - + -## Run Services Locally +## Local Development - Setup postgreSQL locally and create a new database. - Update following DB configurations in the .env.local file (If the file does not exist please create a new .env.local) @@ -338,7 +340,7 @@ The below diagram demonstrates the ledger behavior of project create, authorise, ## External Connectivity ### UNDP'S ITMO Platform -The Carbon Registry is designed to be linked to the ITMO Voluntary Bilateral Cooperation Platform, https://carboncooperation.undp.org/, managed by UNDP. This enables countries to automatically sync projects created/authorised and credits issued within its national registry to the international trading platform. The system does this by: +The Carbon Registry is designed to be linked to the ITMO Voluntary Bilateral Cooperation Platform, https://carboncooperation.undp.org/, managed by UNDP. This enables countries to automatically sync projects created/authorised and credits issued within its national registry to the international trading platform. The system does this by: 1. Carbon Registry make a daily to the retrieve ITMO platform projects. 2. Projects create in the Carbon Registry when projects are authorized in the ITMO Platform 3. The Carbon Registry update when the projects are Issued with credits in the ITMO Platform @@ -525,13 +527,6 @@ For integration, reference RESTful Web API Documentation documentation via Swagg Note: Above resource requirement mentioned for a single instance from each microservice. - - -### Status Page - -For transparent uptime monitoring go to status.APP_URL -Open source code available at https://github.com/undp/carbon-registry-status - ### Governance and Support @@ -539,3 +534,19 @@ Open source code available at https://github.com/undp/carbon-registry-status The United Nations Development Program (UNDP) is responsible for managing the application. To ensure alignment with international demand, Digital For Climate (D4C) will act as an advisory body to the Digital Public Good Carbon Registry codebase. D4C is a collaboration between [European Bank for Reconstruction and Development (EBRD)](https://www.ebrd.com), [United Nations Development Program (UNDP)](https://www.undp.org), [United Nations Framework Convention on Climate Change (UNFCCC)](https://www.unfccc.int), [International Emissions Trading Association (IETA)](https://www.ieta.org), [European Space Agency (ESA)](https://www.esa.int), and [World Bank Group](https://www.worldbank.org)  that aims to coordinate respective workflows and create a modular and interoperable end-to-end digital ecosystem for the carbon market. The overarching goal is to support a transparent, high integrity global carbon market that can channel capital for impactful climate action and low-carbon development. This code is managed by [United Nations Development Programme](https://www.undp.org) as custodian, detailed in the press release. For technical questions, please visit the community of practice [‘Keeping Track of the Paris Agreement’]() or submit through the [open forum](https://github.com/undp/carbon-registry/discussions). For any other questions, contact us at digital4planet@undp.org. + + +### Contributing +We welcome issues, discussions, and PRs! Please read **[CONTRIBUTING.md](./CONTRIBUTING.md)** for: +- Getting started, build/test instructions +- Coding style & linting +- Branching, commits, and PR reviews +- Security disclosure and policies + + +### Community Guidelines +See **[COMMUNITY.md](./COMMUNITY.md)** for: +- Project principles and norms +- Roles & responsibilities (maintainers/approvers/reviewers/contributors) +- Member table and acknowledgements +- Code of Conduct → **[CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md)** diff --git a/repolinter.json b/repolinter.json index f9e14565b..62da3f329 100644 --- a/repolinter.json +++ b/repolinter.json @@ -1,5 +1,5 @@ { - "extends": "https://raw.githubusercontent.com/DSACMS/repo-scaffolder/main/tier1/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json", + "extends": "https://raw.githubusercontent.com/Nolski/repo-scaffolder/main/tier1/%7B%7Bcookiecutter.project_slug%7D%7D/repolinter.json", "$schema": "https://raw.githubusercontent.com/todogroup/repolinter/master/rulesets/schema.json", "version": 2, "axioms": { @@ -17,9 +17,6 @@ "community-guidelines-file-exists": { "level": "error" }, - "readme-contains-core-team": { - "level": "error" - }, "readme-contains-documentation-index": { "level": "warning" }, @@ -29,6 +26,9 @@ "readme-contains-development-and-software-delivery-lifecycle": { "level": "warning" }, + "readme-contains-core-team": { + "level": "off" + }, "readme-contains-local-development": { "level": "error" }, @@ -89,15 +89,9 @@ "contributing-contains-policies": { "level": "error" }, - "contributing-contains-open-source-policy": { - "level": "error" - }, "contributing-contains-security-and-responsible-disclosure-policy": { "level": "error" }, - "contributing-contains-public-domain": { - "level": "error" - }, "community-contains-table-of-project-members": { "level": "error" }, From a2c329ea4bdacabc5c7d9c203a14a2da00d65979 Mon Sep 17 00:00:00 2001 From: Mike Nolan Date: Wed, 3 Sep 2025 16:40:44 +0100 Subject: [PATCH 5/6] Fix all issues regarding tier 2 repo linting --- .CONTRIBUTING.md.swp | Bin 0 -> 12288 bytes CODE_OF_CONDUCT.md | 6 ++ COMMUNITY.md | 125 +++++++++++++--------------------------- COMMUNITY_GUIDELINES.md | 35 +++++++++++ CONTRIBUTING.md | 55 +++++++++++++----- README.md | 123 +++++++++++++++++++++++++++++++++------ repolinter.json | 6 -- 7 files changed, 227 insertions(+), 123 deletions(-) create mode 100644 .CONTRIBUTING.md.swp create mode 100644 COMMUNITY_GUIDELINES.md diff --git a/.CONTRIBUTING.md.swp b/.CONTRIBUTING.md.swp new file mode 100644 index 0000000000000000000000000000000000000000..f1bfd65235f95bda4bb0977a473d020a8d167c01 GIT binary patch literal 12288 zcmeHN&vP6{6>d{NAU}X2siJawv8#+Ec2*Lg#9lkDl2($VLXsV=6j#cn^7hX3?sPOW zJ?`$=)g}azb2xC|2;^@F{000AaDXF~Dj-LGoRS>E_j+~}JJ?RHz--m??#%SOe(!tV z``)-TgOyiy_ULkZRp9e2A@+XPOSk^{Gx2hCP823{Cz>xj`t!niwDx?ovKFoVFk0J) z*4H1h{3o@;<=7-@xhj$}{1X+@Yg5Q9ilrTxBC=|voww8F?v4G!gPo0|!=3%>?L2vi z*XDGCK!d>NB2f8Zbm^(1AAEmxh1Xs<{~SI2?W51Vty$0@&>+wt&>+wt&>+wt&>+wt z&>--?gMcs3iJu~!FU?YVe)fItGvBkr=Bq)VL7+jPL7+jPL7+jPL7+jPL7+jPL7+jP zLEyg-0f|4Wf9K0WJoXg?kH7!V|NsAwZwm2u*t@V_!`^|d!9Mtg5PyUH9`-iulzkr>C3D^fu2=QB(g!N(DuxDY9!vyRPkHatQH?a3$ORyh* zU5Gbeuftw}EyJFKJpudI*M#^J?2oX&J|@IpV2iK?*fX$?zAD6rFai4n`Gp*D*nAoU z8U+3?5ZL=-AG2qyGGk?1&B+^*#gv?%W_V3W$2dwz z+Bnr-#lEsK!!?|fHgV*Xr@=HhEv1ZLnx*6UfIHt88~If$U+xkjXLFci&4lb z8c3(wLagH^8mU5Y+@ne-D$|8(k@ln=At00Isz~4kJ0kxRxC$3ao_RX)CCf1xaRRwPJ zSnjaB^fZ>4PB?d+mzhFA03A&<0P&0|mV|885WxFDO$If~%p^p7=fUyc33Zg5 z_&{MTa(!sgaS$l(PAHTNp}RI6G7U-)Ff;|oJqCA}fgo+H zvJ5#Q(L`4{^8mSmltURa+7s>5kie`ZzUxqyF+wdF8Pr+kVMl|qSSJ37N==q1%k5&& zkK7*EDEQ>)1HloFGg-yR*3~_7^U~f|GeKwdomFvOVv6YYgCRX$xWHUk6ujgiez9ie zZ&4hEuI4cP#DIr7mv(wal2m172l9LEv#_@U0YY{ot5gV|IR%pA?iw|uIgwBRwAc`r z%Bj_(lpz4Vp`Ts_hk}dDL8<=J4_L|#%8ku!HAT*>a`4tQMN-B7c%ge^bL-BH?K^k@ zbMvTsh<7g++lZDs^^D-m0%m-WgIOVK?hX{llPTy6H!jLXw|95CTl>AOx@#2Yn6a3cTpa+YUUquhb*ZK@#f2dFA$05R7 zQ12mY$Hkcg#LMw5E$wpBm{oSHW962XI&+nI|E*s#D81Pg3JbI8`)~b<7B)9{x>aS1 z`T=i?g)Va)U7%yLtdH|J1h0mugzBT@9VQR5I)DaS7UtVV@^n+3)z#xSpqA?N#nsg} zLr4I?BQZe8;q(*3avO0g7+_bG6eSczgGy&fpB9`_bg;F)xwrM`ZC1{Y)V;P#y)TjWbhW8luu5%RNaV z8CCKuFJi3%GnbY&wTmm~xS1Jeo)g!#f2kVKJy(KPv^Wrus3;Eu&`ghtPv-$GVEdCW z{=YySF3s_{R2O>#BXV1xas;Ao{p|()_dNKj}v6ex~?w5CD{8B9n z%%OT1b4}63pq<5ilUXCU4nV|%2}a3InCd9*r)fihcsH(iCefHEeEp2WMLJLtPedTi z?K<7#h4ym&i^VeBbk8Fplq=}UykTkt%gju}z{3+;T9@iN3r$cFY4J!SFi0fB%0Yz3 ss=3Vb$YUOc^a6odi52b7-leB*c$c2K$QROaFngu`IhM~eSa6^CHx3Le9smFU literal 0 HcmV?d00001 diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index f35b8e526..87afffa65 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,5 +1,7 @@ # Contributor Covenant Code of Conduct +This project adheres to the **Contributor Code of Conduct**. By participating, you agree to abide by the guidelines described below and to help foster an open and welcoming environment for all. + ## Our Pledge We as members, contributors, and leaders pledge to make participation in our @@ -126,3 +128,7 @@ enforcement ladder](https://github.com/mozilla/diversity). For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations. + +## Acknowledgements + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.0. We would like to thank the maintainers of the Contributor Covenant and the broader open‑source community for establishing clear standards of behaviour. diff --git a/COMMUNITY.md b/COMMUNITY.md index 1d60f6141..f2f6d060c 100644 --- a/COMMUNITY.md +++ b/COMMUNITY.md @@ -1,113 +1,70 @@ -# COMMUNITY.md +# Community -undp-national-carbon-registry is supported by a dedicated team of individuals fulfilling various roles to ensure its success, security, and alignment with government standards and agency goals. +The **National Carbon Credit Registry** is supported by a dedicated team of individuals fulfilling various roles to ensure its success, security and alignment with government standards and agency goals. This document introduces the people and principles that shape our community and explains how to get involved. -## Project Members +## Table of Project Members - +Additional contributors and collaborators are listed in the automatically generated contributors section of this repository. See the [contributors workflow](.github/workflows/contributors.yml) for details. -| Role | Name | Affiliation | -| :----- | :------ | :------------- | -| Technical Lead | Mike Nolan | UNDP | -| Product Lead | Vu Hanh Dung Nguyen | UNDP | -| | | | - - - - +The members of the **undp‑national‑carbon‑registry** community guide its development, ensure quality standards and foster a collaborative environment. Key roles include: - +## Maintainers - +- [@nolski](https://github.com/nolski) – Technical Lead +- [@zungundp](https://github.com/zungundp) – Product Lead - +- [@nolski](https://github.com/nolski) +- [@zungundp](https://github.com/zungundp) - +Reviewers provide feedback on pull requests to ensure code quality and consistency. At present the review team comprises the maintainers listed above. We welcome additional reviewers—please contact a maintainer if you would like to help review contributions. - - - - - - - -## UNDP National Carbon Credit Registry Open Source Community Guidelines - -This document contains principles and guidelines for participating in the UNDP National Carbon Credit Registry open source community. - -### Principles +We are grateful to everyone who contributes to this project. A list of contributors is automatically generated by the contributors workflow. Thank you for your support! -These principles guide our data, product, and process decisions, architecture, and approach. +## Alumni -- Open means transparent and participatory. -- We take a modular and modern approach to software development. -- We build open-source software and open-source process. -- We value ease of implementation. -- Fostering community includes building capacity and making our software and processes accessible to participants with diverse backgrounds and skillsets. -- Data (and data science) is as important as software and process. We build open data sets where possible. -- We strive for transparency for algorithms and places we might be introducing bias. +We acknowledge past contributors who are no longer active. There are none at this time. -### Community Guidelines +## Principles -All community members are expected to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md). +Our community abides by the following principles: -Information on contributing to this repository is available in our [Contributing file](CONTRIBUTING.md). +- **Openness** – We value transparency and participation. All design decisions and discussions take place in public. +- **Modularity** – We take a modular and modern approach to software development. +- **Open Source** – We build open‑source software and open‑source processes. +- **Ease of Implementation** – We value ease of deployment and use so that countries of all sizes can benefit. +- **Inclusive Community** – We foster a safe, welcoming and inclusive environment for participants from diverse backgrounds and skill sets. +- **Data Centric** – Data and data science are as important as software and processes; we build open data sets where possible. +- **Transparency** – We strive for transparency in algorithms and areas where bias may be introduced. -When participating in UNDP National Carbon Credit Registry open source community conversations and spaces, we ask individuals to follow the following guidelines: +## Community Guidelines -- When joining a conversation for the first time, please introduce yourself by providing a brief intro that includes: - - your related organization (if applicable) - - your pronouns - - your superpower, and how you hope to use it for UNDP National Carbon Credit Registry -- Embrace a culture of learning, and educate each other. We are all entering this conversation from different starting points and with different backgrounds. There are no dumb questions. -- Take space and give space. We strive to create an equitable environment in which all are welcome and able to participate. We hope individuals feel comfortable voicing their opinions and providing contributions and will do our best to recognize and make space for individuals who may be struggling to find space here. Likewise, we expect individuals to recognize when they are taking up significant space and take a step back to allow room for others. - -- Be respectful. -- Default to positive. Assume others' contributions are legitimate and valuable and that they are made with good intention. +All community members are expected to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md). Detailed guidelines for participating in conversations, meetings and forums are provided in [COMMUNITY_GUIDELINES.md](COMMUNITY_GUIDELINES.md). Please review these guidelines before engaging with the community. -### Acknowledgements +## Acknowledgements -The Community Guidelines sections were originally forked from the [United States Digital Service](https://usds.gov) [Justice40](https://thejustice40.com) open source [repository](https://github.com/usds/justice40-tool), and we would like to acknowledge and thank the community for their contributions. +These community principles and guidelines were inspired by the United States Digital Service Justice40 project and other open‑source communities. We would like to thank all those projects for paving the way and providing excellent examples of inclusive and effective open‑source governance. \ No newline at end of file diff --git a/COMMUNITY_GUIDELINES.md b/COMMUNITY_GUIDELINES.md new file mode 100644 index 000000000..840b3aece --- /dev/null +++ b/COMMUNITY_GUIDELINES.md @@ -0,0 +1,35 @@ +# Community Guidelines + +Participation in the **National Carbon Credit Registry** community is governed by these guidelines. Our aim is to foster an open, inclusive and productive environment where everyone feels welcome and respected. + +## Joining the Conversation + +When joining a conversation for the first time, please introduce yourself by sharing: + +- Your organisation or affiliation (if applicable); +- Your pronouns; and +- Your “superpower” and how you hope to use it for the registry. + +## Be Respectful and Inclusive + +- Embrace a culture of learning. There are no silly questions and everyone is at a different point in their journey. +- Take space and give space. Ensure everyone has an opportunity to contribute. If you tend to speak a lot, make room for others; if you are usually quiet, know that your input is valued. +- Be present and engaged in meetings and conversations. If you join a synchronous chat, please participate. +- Be respectful. Disagreement is natural but personal attacks or disrespectful language are not tolerated. +- Default to positive intent. Assume others are acting in good faith and that contributions are made with the best intentions. + +## Code of Conduct + +All participants must adhere to our [Code of Conduct](CODE_OF_CONDUCT.md). Instances of unacceptable behaviour may be reported to the project maintainers using the contact information provided in the code of conduct. + +## How to Contribute + +For practical guidance on how to propose changes, report issues or submit pull requests, please read [CONTRIBUTING.md](CONTRIBUTING.md). That document explains how to build the project locally, describes our workflow and branching model, and outlines expectations for tests and documentation. + +## Governance and Roles + +Details on project roles, responsibilities and decision‑making processes are provided in [COMMUNITY.md](COMMUNITY.md). Maintainers and approvers oversee contributions and releases, while reviewers provide feedback on proposed changes. + +## Acknowledgements + +These guidelines were adapted from the United States Digital Service Justice40 project and the Contributor Covenant community. We thank these communities for their leadership in fostering inclusive and respectful open‑source projects. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5db5ed021..659a4435b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,23 +1,50 @@ -# Guidance on how to contribute +# Contributing -> All contributions to this project will be released under [LICENSE](LICENSE). By submitting a pull request or filing a bug, issue, or -> feature request, you are agreeing to comply with this waiver of copyright interest. You are also agreeing to comply to our community [Code of Conduct](CODE_OF_CONDUCT.md). +Thanks for your interest in contributing to the National Carbon Credit Registry! +## Getting Started +- Read the [README](./README.md) for architecture, local setup, and deployment paths. +- Preferred workflows: open an Issue first for larger changes. -There are two primary ways to help: - - [Using the issue tracker](#tracker) - - [Changing the code-base](#code) +## How to Contribute - -## Using the issue tracker +Contributions are welcome by all, we have a number of different types of issues and reports to help us understand your contributions. -Use the issue tracker to suggest feature requests, report bugs, and ask questions. This platform provides an excellent medium for interfacing with the project's development team and other stakeholders who share an interest in this solution. +### Writing Issues -Use the issue tracker to find ways to contribute. Find a bug or a feature, mention in the issue that you will take on that effort, then follow the _Changing the code-base_ guidance below. + - **Bugs**: If you have found what you think is a bug, please submit a bug report via our issue tracker using the bug report template. + - **Feature Submissions & Requests**: If you have an idea for a feature that you would like to develop or request, please first begin a discussion on our issue tracker so we can help coordinate. + - **Becoming a Core Contributor**: If you think your involvement with the project would benefit from you being a core contributor, please discuss this with the core team and request access via our issue tracker. - -## Changing the code-base +### Writing Pull Requests -As a general guideline, it is recommended to fork this repository, make changes in your own fork, and then submit a pull request. All new code should have associated unit tests that validate implemented features and the presence or lack of defects. +To keep reviews fast and code quality high: -Moreover, the modified code should conform to any stylistic and architectural standards set by the project. In scenarios where such directives are not explicitly stated, strive to emulate the styles and patterns observed in the existing code-base. +- **Keep PRs small and focused.** One logical change per PR. If it’s growing, split it. +- **All CI must pass** before requesting review (build, tests, linters, type checks). +- Include tests for any behavior change and update docs when relevant. +- Write a clear description: **what changed, why, how it was tested**, and note any breaking changes. +- Reference related issues (e.g., `Fixes #123`) and avoid unrelated refactors—send those separately. + + +## Building Dependencies +- Backend: Node.js LTS, Yarn, PostgreSQL; optional AWS tooling for cloud flows. +- Frontend: Node.js LTS, Yarn. +- Optional: Docker/Compose for containerized services. + +## Building the Project +- **Containers**: `docker-compose up -d --build` (see [README](./README.md)). +- **Local services**: follow “Run Services Locally” (DB setup, `yarn run sls:install`, `sls offline`). + +## Workflow and Branching +- Branch from `main`: `feat/` or `fix/`. +- Keep PRs small; rebase as needed; squash-merge with Conventional Commit titles. + +## Coding Style and Linters +- ESLint + Prettier; TypeScript strict mode. +- Run locally: + ```bash + npm run lint + ``` +## Security and Responsible Disclosure Policy +Please see [SECURITY.md](./SECURITY.md) \ No newline at end of file diff --git a/README.md b/README.md index 24939c624..28c15b701 100644 --- a/README.md +++ b/README.md @@ -46,8 +46,10 @@ The system continues to offer the below key features: * [API](#api) * [Status Page](#status) * [Governance & Support](#support) -* [Contributing](#contributing) -* [Community Guidelines](#community) +* [Contributing](./CONTRIBUTING.md) +* [Community Guidelines](./COMMUNITY.md) +* [Security and Responsible Disclosure Policy](./SECURITY.md) + ## Standards and License @@ -533,20 +535,103 @@ Note: Above resource requirement mentioned for a single instance from each micro The United Nations Development Program (UNDP) is responsible for managing the application. To ensure alignment with international demand, Digital For Climate (D4C) will act as an advisory body to the Digital Public Good Carbon Registry codebase. D4C is a collaboration between [European Bank for Reconstruction and Development (EBRD)](https://www.ebrd.com), [United Nations Development Program (UNDP)](https://www.undp.org), [United Nations Framework Convention on Climate Change (UNFCCC)](https://www.unfccc.int), [International Emissions Trading Association (IETA)](https://www.ieta.org), [European Space Agency (ESA)](https://www.esa.int), and [World Bank Group](https://www.worldbank.org)  that aims to coordinate respective workflows and create a modular and interoperable end-to-end digital ecosystem for the carbon market. The overarching goal is to support a transparent, high integrity global carbon market that can channel capital for impactful climate action and low-carbon development. -This code is managed by [United Nations Development Programme](https://www.undp.org) as custodian, detailed in the press release. For technical questions, please visit the community of practice [‘Keeping Track of the Paris Agreement’]() or submit through the [open forum](https://github.com/undp/carbon-registry/discussions). For any other questions, contact us at digital4planet@undp.org. - - -### Contributing -We welcome issues, discussions, and PRs! Please read **[CONTRIBUTING.md](./CONTRIBUTING.md)** for: -- Getting started, build/test instructions -- Coding style & linting -- Branching, commits, and PR reviews -- Security disclosure and policies - - -### Community Guidelines -See **[COMMUNITY.md](./COMMUNITY.md)** for: -- Project principles and norms -- Roles & responsibilities (maintainers/approvers/reviewers/contributors) -- Member table and acknowledgements -- Code of Conduct → **[CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md)** + ++This code is managed by [United Nations Development Programme](https://www.undp.org) as custodian, detailed in the press release. For technical questions, please visit the community of practice [‘Keeping Track of the Paris Agreement’]() or submit through the [open forum](https://github.com/undp/carbon-registry/discussions). For any other questions, contact us at digital4planet@undp.org. ++ ++## Project Vision ++ ++Our long‑term vision is to empower every country to track and manage carbon credits transparently and efficiently. By providing an open, interoperable and standards‑based registry, we aim to accelerate climate action and support sustainable development across the globe. ++ ++## Project Mission ++ ++The mission of the National Carbon Credit Registry is to deliver an open‑source, modular and extensible platform for recording the issuance, transfer and retirement of carbon credits. Through collaboration with governments, standards bodies and the open‑source community we strive to ensure high‑integrity market infrastructure that anyone can deploy and adapt. ++ ++## Agency Mission ++ ++The United Nations Development Programme (UNDP) works to eradicate poverty, reduce inequalities and build resilience so countries can sustain progress. This registry aligns with UNDP’s mission by enabling transparent reporting of mitigation activities and helping countries meet their obligations under the Paris Agreement. ++ ++## Team Mission ++ ++The Digital4Climate team within UNDP’s Digital Public Goods programme maintains this project. Our team’s mission is to provide high‑quality software and documentation, to steward community contributions responsibly, and to foster an ecosystem of partners working towards equitable climate solutions. ++ ++## Core Team ++ ++The following individuals currently lead and maintain the project. See [COMMUNITY.md](COMMUNITY.md) for additional roles and contributors. ++ ++| Role | Name | GitHub | ++| --- | --- | --- | ++| Technical Lead | Mike Nolan | [@nolski](https://github.com/nolski) | ++| Product Lead | Vu Hanh Dung Nguyen | [@zungundp](https://github.com/zungundp) | ++ ++## Documentation Index ++ ++Comprehensive developer and user documentation is maintained in the `documentation` directory. You can find API references, architectural decision records and deployment guides in the relevant subfolders. If you are new to the project, start with [backend/services/README.md](./backend/services/README.md) and [web/README.md](./web/README.md). ++ ++## Repository Structure ++ ++The repository is organised into several top‑level directories: ++ ++- **backend/** – source code for the service‑oriented API and related libraries. ++- **web/** – the React‑based frontend application. ++- **documentation/** – design documents, API references and diagrams. ++- **.github/** – GitHub workflows, issue templates and the [`CODEOWNERS.md`](.github/CODEOWNERS.md) file. ++- **scripts/** – helper scripts for development and deployment. ++ ++Refer to each directory’s README for details on its contents. ++ ++## Development & Software Delivery Lifecycle ++ ++We follow an agile development process with regular releases. Changes are made on short‑lived feature branches and reviewed via pull requests. Continuous integration (CI) workflows run automated tests and linters on every PR. Once approved, changes are merged into the `main` branch and automatically deployed through our GitHub Actions pipelines. ++ ++## Local Development ++ ++To run the registry locally: ++ ++1. Clone this repository. ++2. Install dependencies in both the backend and web directories using `npm install`. ++3. Start the services using Docker Compose (`docker compose up --build`) or by running each service individually as described in their READMEs. ++4. Visit the frontend at `http://localhost:3000` and the API at `http://localhost:3001` (default ports) to verify everything is working. ++ ++Detailed instructions for each component are provided in [backend/services/README.md](./backend/services/README.md) and [web/README.md](./web/README.md). ++ ++## Coding Style & Linters ++ ++We enforce consistent code style using [ESLint](https://eslint.org/) and [Prettier](https://prettier.io/). Run `npm run lint` in the respective service directory to check your changes locally. Many formatting issues can be fixed automatically via `npm run lint -- --fix`. ++ ++## Branching Model ++ ++The `main` branch always contains the latest stable version of the code. New work should be conducted on feature branches named according to the purpose of the change (e.g. `feature/add-new-endpoint`). Keep your branch up to date with `main` and open a pull request when your work is ready. We follow the standard GitHub flow; see [CONTRIBUTING.md](CONTRIBUTING.md#workflow--branching) for more information. ++ ++## Contributing ++ ++We welcome contributions of all kinds! Read the [CONTRIBUTING.md](CONTRIBUTING.md) file for guidelines on how to report issues, propose new features, improve documentation and submit pull requests. ++ ++## Code Owners ++ ++This repository uses a [`CODEOWNERS`](.github/CODEOWNERS.md) file to specify maintainers responsible for different parts of the codebase. When opening a pull request, tag the relevant owners to ensure your changes are reviewed by the right people. ++ ++## Community ++ ++The registry is built by an open community of developers, researchers and policy makers. Visit [COMMUNITY.md](COMMUNITY.md) to learn about our members, roles and ways to participate. ++ ++## Community Guidelines ++ ++Participation in this project is governed by our [Community Guidelines](COMMUNITY_GUIDELINES.md). They outline expectations for respectful and inclusive communication and describe how to get help. ++ ++## Governance ++ ++The project is stewarded by UNDP in collaboration with Digital for Climate and other partners. Governance policies, roles and escalation processes are described in [COMMUNITY.md](COMMUNITY.md). Major decisions are made openly with community input. ++ ++## Feedback ++ ++We value your feedback! Use the GitHub [Issues](https://github.com/undp/carbon-registry/issues) and [Discussions](https://github.com/undp/carbon-registry/discussions) tabs to report bugs, request features or ask questions. For sensitive topics you can also reach us via the contact addresses listed above. ++ ++## Glossary ++ ++| Term | Definition | ++| --- | --- | ++| **AEF** | Agreed Electronic Format: a standardised reporting format for Article 6.2 credits. | ++| **DNA** | Designated National Authority: national body responsible for approving projects and credit transfers. | ++| **IC** | Independent Certifier: entity that validates and verifies mitigation projects. | ++| **Serial Number** | Unique identifier assigned to a batch of credits or projects. | ++| **MRV** | Monitoring, Reporting and Verification: the process used to track emission reductions. | \ No newline at end of file diff --git a/repolinter.json b/repolinter.json index 62da3f329..80e2f72e4 100644 --- a/repolinter.json +++ b/repolinter.json @@ -17,9 +17,6 @@ "community-guidelines-file-exists": { "level": "error" }, - "readme-contains-documentation-index": { - "level": "warning" - }, "readme-contains-repository-structure": { "level": "warning" }, @@ -35,9 +32,6 @@ "readme-contains-coding-style-and-linters": { "level": "warning" }, - "readme-contains-branching-model": { - "level": "warning" - }, "readme-contains-contributing": { "level": "error" }, From 6f6b1bfccca8048ff9dfa9c0703897ac955e461c Mon Sep 17 00:00:00 2001 From: Mike Nolan Date: Wed, 3 Sep 2025 17:13:33 +0100 Subject: [PATCH 6/6] Turn policies requirement off --- repolinter.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repolinter.json b/repolinter.json index 80e2f72e4..705e6a54a 100644 --- a/repolinter.json +++ b/repolinter.json @@ -81,7 +81,7 @@ "level": "warning" }, "contributing-contains-policies": { - "level": "error" + "level": "off" }, "contributing-contains-security-and-responsible-disclosure-policy": { "level": "error"