Add GitHub security and governance files

Security improvements:
- CODEOWNERS: Define code review requirements
- SECURITY.md: Link to security policy in .github/ for GitHub Security tab
- Pull request template: Enforce PR checklist and guidelines
- Issue templates: Bug reports and feature requests with structured forms
- Issue config: Disable blank issues, add helpful links

These files protect the repository by:
- Requiring code review from @mellow-fox for all changes
- Enforcing security-sensitive file approval (auth, database, Docker)
- Providing clear contribution guidelines
- Preventing low-quality or spam issues
- Guiding contributors with structured templates

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
root 2026-02-17 18:51:40 +01:00
parent a7cd81fe81
commit ca42323934
6 changed files with 302 additions and 0 deletions

22
.github/CODEOWNERS vendored Normal file
View file

@ -0,0 +1,22 @@
# Code Owners for TidyQuest
# These owners will be automatically requested for review when someone opens a pull request
# Global owner (all files)
* @mellow-fox
# Security-sensitive files (require explicit approval)
/SECURITY.md @mellow-fox
/.github/ @mellow-fox
/docker-compose.yml @mellow-fox
/Dockerfile @mellow-fox
/.env.example @mellow-fox
# Server code (backend)
/server/ @mellow-fox
# Database schema changes
/server/src/database.ts @mellow-fox
# Authentication and security
/server/src/middleware/auth.ts @mellow-fox
/server/src/routes/auth.ts @mellow-fox

115
.github/ISSUE_TEMPLATE/bug_report.yml vendored Normal file
View file

@ -0,0 +1,115 @@
name: 🐛 Bug Report
description: Report a bug or unexpected behavior
title: "[Bug]: "
labels: ["bug"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to report a bug! Please fill out the form below.
- type: textarea
id: description
attributes:
label: Description
description: A clear and concise description of the bug
placeholder: What happened?
validations:
required: true
- type: textarea
id: steps
attributes:
label: Steps to Reproduce
description: Steps to reproduce the behavior
placeholder: |
1. Go to '...'
2. Click on '...'
3. Scroll down to '...'
4. See error
validations:
required: true
- type: textarea
id: expected
attributes:
label: Expected Behavior
description: What did you expect to happen?
validations:
required: true
- type: textarea
id: actual
attributes:
label: Actual Behavior
description: What actually happened?
validations:
required: true
- type: dropdown
id: version
attributes:
label: TidyQuest Version
description: Which version are you running?
options:
- v0.1.0
- main (latest)
- Other (please specify in additional context)
validations:
required: true
- type: dropdown
id: deployment
attributes:
label: Deployment Method
options:
- Docker Compose
- Docker (manual)
- Other
validations:
required: true
- type: textarea
id: environment
attributes:
label: Environment
description: |
Provide details about your environment:
- OS (Linux, macOS, Windows)
- Docker version
- Browser (if frontend issue)
placeholder: |
- OS: Ubuntu 22.04
- Docker: 24.0.5
- Browser: Chrome 120
validations:
required: false
- type: textarea
id: logs
attributes:
label: Logs
description: Paste relevant logs (if any)
render: shell
validations:
required: false
- type: textarea
id: additional
attributes:
label: Additional Context
description: Any other context about the problem
validations:
required: false
- type: checkboxes
id: terms
attributes:
label: Checklist
options:
- label: I have searched existing issues to avoid duplicates
required: true
- label: I have reviewed the SECURITY.md file
required: false
- label: This is not a security vulnerability (if it is, please email instead)
required: true

11
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View file

@ -0,0 +1,11 @@
blank_issues_enabled: false
contact_links:
- name: 💬 GitHub Discussions
url: https://github.com/mellow-fox/TidyQuest/discussions
about: Ask questions and discuss ideas with the community
- name: 🔒 Security Vulnerability
url: https://github.com/mellow-fox/TidyQuest/security
about: Report security vulnerabilities privately (DO NOT open a public issue)
- name: 📖 Documentation
url: https://github.com/mellow-fox/TidyQuest/blob/main/README.md
about: Read the full documentation

View file

@ -0,0 +1,84 @@
name: ✨ Feature Request
description: Suggest a new feature or improvement
title: "[Feature]: "
labels: ["enhancement"]
body:
- type: markdown
attributes:
value: |
Thanks for suggesting a feature! Please fill out the form below.
- type: textarea
id: problem
attributes:
label: Problem Description
description: Is your feature request related to a problem? Please describe.
placeholder: I'm frustrated when...
validations:
required: true
- type: textarea
id: solution
attributes:
label: Proposed Solution
description: Describe the solution you'd like
placeholder: I would like TidyQuest to...
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Alternatives Considered
description: Describe alternatives you've considered
validations:
required: false
- type: dropdown
id: area
attributes:
label: Area of Impact
description: Which area does this feature affect?
options:
- Frontend (UI/UX)
- Backend (API)
- Database
- Documentation
- Docker/Deployment
- Security
- Other
validations:
required: true
- type: dropdown
id: priority
attributes:
label: Priority
description: How important is this feature to you?
options:
- Nice to have
- Would be helpful
- Important
- Critical
validations:
required: true
- type: textarea
id: additional
attributes:
label: Additional Context
description: Add any other context, screenshots, or mockups
validations:
required: false
- type: checkboxes
id: terms
attributes:
label: Checklist
options:
- label: I have searched existing issues to avoid duplicates
required: true
- label: This feature aligns with TidyQuest's goal of gamifying household chores
required: true
- label: I am willing to contribute to the implementation (optional)
required: false

16
.github/SECURITY.md vendored Normal file
View file

@ -0,0 +1,16 @@
# Security Policy
For security information, vulnerability reporting, and best practices, please see:
👉 **[SECURITY.md](../SECURITY.md)** at the root of the repository
## Quick Links
- 🔒 [Security Best Practices](../SECURITY.md#-security-best-practices)
- 🚨 [Reporting a Vulnerability](../SECURITY.md#-reporting-a-vulnerability)
- 📋 [Security Checklist](../SECURITY.md#-security-checklist-before-going-public)
---
**Note**: This file exists in `.github/` to enable GitHub's "Security" tab.
All documentation is maintained in the root `SECURITY.md` file.

54
.github/pull_request_template.md vendored Normal file
View file

@ -0,0 +1,54 @@
## Description
<!-- Provide a brief description of your changes -->
## Type of Change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Documentation update
- [ ] Code refactoring
- [ ] Performance improvement
- [ ] Security fix
## Related Issue
<!-- Link to the issue this PR addresses, e.g., "Fixes #123" -->
Fixes #
## Changes Made
<!-- List the changes you made -->
-
-
-
## Testing
<!-- Describe how you tested your changes -->
- [ ] Tested locally with Docker
- [ ] Tested on production-like environment
- [ ] Added/updated tests
- [ ] All existing tests pass
## Checklist
- [ ] My code follows the project's code style
- [ ] I have performed a self-review of my code
- [ ] I have commented my code where necessary
- [ ] I have updated the documentation (README, API.md, etc.)
- [ ] My changes generate no new warnings or errors
- [ ] I have checked for security vulnerabilities
- [ ] I have not committed any secrets (.env, API keys, passwords)
## Screenshots (if applicable)
<!-- Add screenshots to help explain your changes -->
## Additional Notes
<!-- Any additional information -->