oss-pulse 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +26 -0
- package/CODE_OF_CONDUCT.md +7 -0
- package/CONTRIBUTING.md +30 -0
- package/LICENSE +21 -0
- package/README.md +158 -0
- package/SECURITY.md +12 -0
- package/action.yml +45 -0
- package/dist/action-artifacts.d.ts +3 -0
- package/dist/action-artifacts.d.ts.map +1 -0
- package/dist/action-artifacts.js +38 -0
- package/dist/action-artifacts.js.map +1 -0
- package/dist/cli.d.ts +4 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +117 -0
- package/dist/cli.js.map +1 -0
- package/dist/errors.d.ts +19 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +31 -0
- package/dist/errors.js.map +1 -0
- package/dist/format.d.ts +8 -0
- package/dist/format.d.ts.map +1 -0
- package/dist/format.js +127 -0
- package/dist/format.js.map +1 -0
- package/dist/git.d.ts +3 -0
- package/dist/git.d.ts.map +1 -0
- package/dist/git.js +168 -0
- package/dist/git.js.map +1 -0
- package/dist/github-annotations.d.ts +3 -0
- package/dist/github-annotations.d.ts.map +1 -0
- package/dist/github-annotations.js +36 -0
- package/dist/github-annotations.js.map +1 -0
- package/dist/report-rules.d.ts +12 -0
- package/dist/report-rules.d.ts.map +1 -0
- package/dist/report-rules.js +207 -0
- package/dist/report-rules.js.map +1 -0
- package/dist/report.d.ts +3 -0
- package/dist/report.d.ts.map +1 -0
- package/dist/report.js +26 -0
- package/dist/report.js.map +1 -0
- package/dist/sarif.d.ts +3 -0
- package/dist/sarif.d.ts.map +1 -0
- package/dist/sarif.js +74 -0
- package/dist/sarif.js.map +1 -0
- package/dist/types.d.ts +52 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +11 -0
- package/dist/types.js.map +1 -0
- package/docs/CLAUDE_FOR_OSS_PLAYBOOK.md +31 -0
- package/docs/CONTRIBUTOR_BACKLOG.md +93 -0
- package/docs/RELEASE.md +38 -0
- package/docs/REPORT_SCHEMA.md +116 -0
- package/docs/ROADMAP.md +30 -0
- package/docs/examples/README.md +12 -0
- package/docs/examples/octocat-hello-world.md +44 -0
- package/docs/examples/sindresorhus-is.md +47 -0
- package/docs/report.schema.json +136 -0
- package/package.json +40 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif.d.ts","sourceRoot":"","sources":["../src/sarif.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAyB,WAAW,EAAE,MAAM,YAAY,CAAA;AAuDpE,wBAAgB,WAAW,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAsBvD"}
|
package/dist/sarif.js
ADDED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import { pathToFileURL } from "node:url";
|
|
2
|
+
import { artifactUriForAction } from "./action-artifacts.js";
|
|
3
|
+
const SOURCE_ROOT_URI_BASE_ID = "%SRCROOT%";
|
|
4
|
+
export function formatSarif(report) {
|
|
5
|
+
const log = {
|
|
6
|
+
$schema: "https://json.schemastore.org/sarif-2.1.0.json",
|
|
7
|
+
runs: [
|
|
8
|
+
{
|
|
9
|
+
originalUriBaseIds: {
|
|
10
|
+
[SOURCE_ROOT_URI_BASE_ID]: { uri: rootUri(report.root) },
|
|
11
|
+
},
|
|
12
|
+
results: report.actions.map(formatResult),
|
|
13
|
+
tool: {
|
|
14
|
+
driver: {
|
|
15
|
+
name: "oss-pulse",
|
|
16
|
+
rules: report.actions.map(formatRule),
|
|
17
|
+
semanticVersion: "0.1.0",
|
|
18
|
+
},
|
|
19
|
+
},
|
|
20
|
+
},
|
|
21
|
+
],
|
|
22
|
+
version: "2.1.0",
|
|
23
|
+
};
|
|
24
|
+
return `${JSON.stringify(log, null, 2)}\n`;
|
|
25
|
+
}
|
|
26
|
+
function formatRule(action) {
|
|
27
|
+
return {
|
|
28
|
+
fullDescription: { text: action.detail },
|
|
29
|
+
help: { text: action.detail },
|
|
30
|
+
id: action.id,
|
|
31
|
+
name: action.title,
|
|
32
|
+
shortDescription: { text: action.title },
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
function formatResult(action) {
|
|
36
|
+
return {
|
|
37
|
+
level: sarifLevel(action.priority),
|
|
38
|
+
locations: [
|
|
39
|
+
{
|
|
40
|
+
physicalLocation: {
|
|
41
|
+
artifactLocation: {
|
|
42
|
+
uri: artifactUriForAction(action.id),
|
|
43
|
+
uriBaseId: SOURCE_ROOT_URI_BASE_ID,
|
|
44
|
+
},
|
|
45
|
+
region: {
|
|
46
|
+
startLine: 1,
|
|
47
|
+
},
|
|
48
|
+
},
|
|
49
|
+
},
|
|
50
|
+
],
|
|
51
|
+
message: { text: `${action.title}: ${action.detail}` },
|
|
52
|
+
ruleId: action.id,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
function sarifLevel(priority) {
|
|
56
|
+
switch (priority) {
|
|
57
|
+
case "high":
|
|
58
|
+
return "error";
|
|
59
|
+
case "medium":
|
|
60
|
+
return "warning";
|
|
61
|
+
case "low":
|
|
62
|
+
return "note";
|
|
63
|
+
default:
|
|
64
|
+
return assertNever(priority);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
function rootUri(root) {
|
|
68
|
+
const uri = pathToFileURL(root).href;
|
|
69
|
+
return uri.endsWith("/") ? uri : `${uri}/`;
|
|
70
|
+
}
|
|
71
|
+
function assertNever(value) {
|
|
72
|
+
throw new Error(`unexpected SARIF value: ${value}`);
|
|
73
|
+
}
|
|
74
|
+
//# sourceMappingURL=sarif.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif.js","sourceRoot":"","sources":["../src/sarif.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAsD5D,MAAM,uBAAuB,GAAG,WAAW,CAAA;AAE3C,MAAM,UAAU,WAAW,CAAC,MAAmB;IAC7C,MAAM,GAAG,GAAa;QACpB,OAAO,EAAE,+CAA+C;QACxD,IAAI,EAAE;YACJ;gBACE,kBAAkB,EAAE;oBAClB,CAAC,uBAAuB,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;iBACzD;gBACD,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;gBACzC,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;wBACrC,eAAe,EAAE,OAAO;qBACzB;iBACF;aACF;SACF;QACD,OAAO,EAAE,OAAO;KACjB,CAAA;IAED,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAA;AAC5C,CAAC;AAED,SAAS,UAAU,CAAC,MAAmB;IACrC,OAAO;QACL,eAAe,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE;QACxC,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE;QAC7B,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,CAAC,KAAK;QAClB,gBAAgB,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,EAAE;KACzC,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,MAAmB;IACvC,OAAO;QACL,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC;QAClC,SAAS,EAAE;YACT;gBACE,gBAAgB,EAAE;oBAChB,gBAAgB,EAAE;wBAChB,GAAG,EAAE,oBAAoB,CAAC,MAAM,CAAC,EAAE,CAAC;wBACpC,SAAS,EAAE,uBAAuB;qBACnC;oBACD,MAAM,EAAE;wBACN,SAAS,EAAE,CAAC;qBACb;iBACF;aACF;SACF;QACD,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,MAAM,EAAE,EAAE;QACtD,MAAM,EAAE,MAAM,CAAC,EAAE;KAClB,CAAA;AACH,CAAC;AAED,SAAS,UAAU,CAAC,QAAiC;IACnD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,OAAO,CAAA;QAChB,KAAK,QAAQ;YACX,OAAO,SAAS,CAAA;QAClB,KAAK,KAAK;YACR,OAAO,MAAM,CAAA;QACf;YACE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,IAAY;IAC3B,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAA;IACpC,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAA;AAC5C,CAAC;AAED,SAAS,WAAW,CAAC,KAAY;IAC/B,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAA;AACrD,CAAC"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
export declare const REPORT_STATUSES: readonly ["ready", "needs-work"];
|
|
2
|
+
export type ReportStatus = (typeof REPORT_STATUSES)[number];
|
|
3
|
+
export declare const OUTPUT_FORMATS: readonly ["json", "markdown", "release-notes", "contributor-onboarding", "triage-suggestions", "sarif", "github-annotations"];
|
|
4
|
+
export type OutputFormat = (typeof OUTPUT_FORMATS)[number];
|
|
5
|
+
export type MaintainerFiles = {
|
|
6
|
+
readonly changelog: boolean;
|
|
7
|
+
readonly codeOfConduct: boolean;
|
|
8
|
+
readonly contributing: boolean;
|
|
9
|
+
readonly funding: boolean;
|
|
10
|
+
readonly goodFirstIssueTemplate: boolean;
|
|
11
|
+
readonly issueTemplate: boolean;
|
|
12
|
+
readonly license: boolean;
|
|
13
|
+
readonly pullRequestTemplate: boolean;
|
|
14
|
+
readonly readme: boolean;
|
|
15
|
+
readonly releaseWorkflow: boolean;
|
|
16
|
+
readonly security: boolean;
|
|
17
|
+
readonly workflowCount: number;
|
|
18
|
+
};
|
|
19
|
+
export type RepositorySignals = {
|
|
20
|
+
readonly branch: string;
|
|
21
|
+
readonly commitsLast30Days: number;
|
|
22
|
+
readonly contributorsLast90Days: number;
|
|
23
|
+
readonly files: MaintainerFiles;
|
|
24
|
+
readonly latestCommitIso: string | null;
|
|
25
|
+
readonly root: string;
|
|
26
|
+
};
|
|
27
|
+
export type CheckId = "readme" | "license" | "contributing" | "issue-template" | "good-first-issue-template" | "pull-request-template" | "security" | "ci-workflow" | "release-workflow" | "changelog" | "funding" | "external-contributors" | "code-of-conduct" | "recent-activity";
|
|
28
|
+
export type ActionId = "add-readme" | "add-license" | "add-contributing-guide" | "add-issue-template" | "add-good-first-issue-template" | "add-pull-request-template" | "add-security-policy" | "add-ci-workflow" | "add-release-workflow" | "add-changelog" | "add-funding" | "invite-contributors" | "add-code-of-conduct" | "resume-maintenance";
|
|
29
|
+
export type PulseCheck = {
|
|
30
|
+
readonly detail: string;
|
|
31
|
+
readonly id: CheckId;
|
|
32
|
+
readonly label: string;
|
|
33
|
+
readonly passed: boolean;
|
|
34
|
+
readonly points: number;
|
|
35
|
+
};
|
|
36
|
+
export type PulseAction = {
|
|
37
|
+
readonly detail: string;
|
|
38
|
+
readonly id: ActionId;
|
|
39
|
+
readonly priority: "high" | "medium" | "low";
|
|
40
|
+
readonly title: string;
|
|
41
|
+
};
|
|
42
|
+
export type PulseReport = {
|
|
43
|
+
readonly actions: readonly PulseAction[];
|
|
44
|
+
readonly branch: string;
|
|
45
|
+
readonly checks: readonly PulseCheck[];
|
|
46
|
+
readonly generatedAtIso: string;
|
|
47
|
+
readonly latestCommitIso: string | null;
|
|
48
|
+
readonly root: string;
|
|
49
|
+
readonly score: number;
|
|
50
|
+
readonly status: ReportStatus;
|
|
51
|
+
};
|
|
52
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe,kCAAmC,CAAA;AAC/D,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAA;AAE3D,eAAO,MAAM,cAAc,+HAQjB,CAAA;AACV,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,CAAC,CAAA;AAE1D,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAA;IAC/B,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAA;IAC9B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAA;IACxC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAA;IAC/B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAA;IACrC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAA;IACxB,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAA;IACjC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;CAC/B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,CAAA;IACvC,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAA;IAC/B,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,OAAO,GACf,QAAQ,GACR,SAAS,GACT,cAAc,GACd,gBAAgB,GAChB,2BAA2B,GAC3B,uBAAuB,GACvB,UAAU,GACV,aAAa,GACb,kBAAkB,GAClB,WAAW,GACX,SAAS,GACT,uBAAuB,GACvB,iBAAiB,GACjB,iBAAiB,CAAA;AAErB,MAAM,MAAM,QAAQ,GAChB,YAAY,GACZ,aAAa,GACb,wBAAwB,GACxB,oBAAoB,GACpB,+BAA+B,GAC/B,2BAA2B,GAC3B,qBAAqB,GACrB,iBAAiB,GACjB,sBAAsB,GACtB,eAAe,GACf,aAAa,GACb,qBAAqB,GACrB,qBAAqB,GACrB,oBAAoB,CAAA;AAExB,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAA;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAA;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAA;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC5C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,QAAQ,CAAC,OAAO,EAAE,SAAS,WAAW,EAAE,CAAA;IACxC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,MAAM,EAAE,SAAS,UAAU,EAAE,CAAA;IACtC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAA;CAC9B,CAAA"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export const REPORT_STATUSES = ["ready", "needs-work"];
|
|
2
|
+
export const OUTPUT_FORMATS = [
|
|
3
|
+
"json",
|
|
4
|
+
"markdown",
|
|
5
|
+
"release-notes",
|
|
6
|
+
"contributor-onboarding",
|
|
7
|
+
"triage-suggestions",
|
|
8
|
+
"sarif",
|
|
9
|
+
"github-annotations",
|
|
10
|
+
];
|
|
11
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,YAAY,CAAU,CAAA;AAG/D,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,MAAM;IACN,UAAU;IACV,eAAe;IACf,wBAAwB;IACxB,oBAAoB;IACpB,OAAO;IACP,oBAAoB;CACZ,CAAA"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# Claude for Open Source Playbook
|
|
2
|
+
|
|
3
|
+
The goal is to become eligible through visible open source maintenance work, not a one-off application.
|
|
4
|
+
|
|
5
|
+
## Positioning
|
|
6
|
+
|
|
7
|
+
`oss-pulse` helps maintainers make contribution paths visible and measurable. That directly supports the open source ecosystem and gives the project a clear story when applying for Claude for Open Source.
|
|
8
|
+
|
|
9
|
+
## 90-Day Targets
|
|
10
|
+
|
|
11
|
+
- ship a usable CLI and GitHub Action
|
|
12
|
+
- publish to npm
|
|
13
|
+
- merge at least 20 external contributor pull requests
|
|
14
|
+
- land useful pull requests in external open source repositories
|
|
15
|
+
- document real repository scans and before-after fixes
|
|
16
|
+
|
|
17
|
+
## Weekly Operating Rhythm
|
|
18
|
+
|
|
19
|
+
- Monday: choose 3 small external OSS contributions
|
|
20
|
+
- Tuesday: ship one `oss-pulse` improvement
|
|
21
|
+
- Wednesday: write or refine good first issues
|
|
22
|
+
- Thursday: review contributor pull requests
|
|
23
|
+
- Friday: publish a short changelog and usage note
|
|
24
|
+
|
|
25
|
+
## Application Evidence
|
|
26
|
+
|
|
27
|
+
- merged external pull requests authored by us
|
|
28
|
+
- external contributors merged into this project
|
|
29
|
+
- npm downloads and GitHub stars
|
|
30
|
+
- public examples where `oss-pulse` improved a repo
|
|
31
|
+
- consistent release history
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
# Contributor Backlog
|
|
2
|
+
|
|
3
|
+
This backlog is designed to help outside contributors land small pull requests quickly.
|
|
4
|
+
|
|
5
|
+
## Good First Issues
|
|
6
|
+
|
|
7
|
+
Starter issues are clear for the current release. Add the next batch from the roadmap.
|
|
8
|
+
|
|
9
|
+
## Shipped
|
|
10
|
+
|
|
11
|
+
1. Add `--fail-under <score>` for CI.
|
|
12
|
+
- Shipped in `0.1.0`.
|
|
13
|
+
- The CLI exits `1` when score is below the threshold and `0` otherwise.
|
|
14
|
+
|
|
15
|
+
2. Add `--summary-only` Markdown output.
|
|
16
|
+
- Shipped in `0.1.0`.
|
|
17
|
+
- The output includes score and next actions without the full checks table.
|
|
18
|
+
|
|
19
|
+
3. Add `CHANGELOG.md` detection to the maintainer file checks.
|
|
20
|
+
- Shipped in `0.1.0`.
|
|
21
|
+
- A repository with `CHANGELOG.md` gets a passing changelog check.
|
|
22
|
+
|
|
23
|
+
4. Add `FUNDING.yml` detection.
|
|
24
|
+
- Shipped in `0.1.0`.
|
|
25
|
+
- `.github/FUNDING.yml` appears in the JSON checks.
|
|
26
|
+
|
|
27
|
+
5. Add release workflow detection.
|
|
28
|
+
- Shipped in `0.1.0`.
|
|
29
|
+
- Acceptance: repositories with `.github/workflows/release.yml` receive a release-readiness check.
|
|
30
|
+
|
|
31
|
+
6. Improve unsupported format errors.
|
|
32
|
+
- Shipped in `0.1.0`.
|
|
33
|
+
- `--format xml` suggests the accepted output formats.
|
|
34
|
+
|
|
35
|
+
7. Add feature request examples to the README.
|
|
36
|
+
- Shipped in `0.1.0`.
|
|
37
|
+
- README shows one CLI use case and one GitHub Action use case.
|
|
38
|
+
|
|
39
|
+
8. Add JSON schema documentation.
|
|
40
|
+
- Shipped in `0.1.0`.
|
|
41
|
+
- `docs/REPORT_SCHEMA.md` describes every report field and example values.
|
|
42
|
+
|
|
43
|
+
9. Add fixture-based integration tests.
|
|
44
|
+
- Shipped in `0.1.0`.
|
|
45
|
+
- Test fixtures cover a complete repo, a sparse repo, and a nested package path.
|
|
46
|
+
|
|
47
|
+
10. Add real repository case studies.
|
|
48
|
+
- Shipped in `0.1.0`.
|
|
49
|
+
- `docs/examples/` contains before-after reports for two public repos.
|
|
50
|
+
|
|
51
|
+
11. Add good first issue template detection.
|
|
52
|
+
- Shipped in `0.1.0`.
|
|
53
|
+
- Repositories with `.github/ISSUE_TEMPLATE/good_first_issue.md` receive starter contribution readiness points.
|
|
54
|
+
|
|
55
|
+
12. Add release notes draft output.
|
|
56
|
+
- Shipped in `0.1.0`.
|
|
57
|
+
- `--format release-notes` emits a paste-ready Markdown draft with score, verified surfaces, and follow-up actions.
|
|
58
|
+
|
|
59
|
+
13. Add contributor onboarding report.
|
|
60
|
+
- Shipped in `0.1.0`.
|
|
61
|
+
- `--format contributor-onboarding` emits available surfaces, maintainer follow-up actions, and a first PR checklist.
|
|
62
|
+
|
|
63
|
+
14. Add issue and pull request triage suggestions.
|
|
64
|
+
- Shipped in `0.1.0`.
|
|
65
|
+
- `--format triage-suggestions` emits issue triage and pull request review guidance.
|
|
66
|
+
|
|
67
|
+
15. Harden GitHub Action metadata and README usage.
|
|
68
|
+
- Shipped in `0.1.0`.
|
|
69
|
+
- `action.yml` documents every supported output format and README lists Action inputs.
|
|
70
|
+
|
|
71
|
+
16. Add SARIF output.
|
|
72
|
+
- Shipped in `0.1.0`.
|
|
73
|
+
- `--format sarif` emits SARIF 2.1.0 results for missing maintainer surfaces.
|
|
74
|
+
|
|
75
|
+
17. Add GitHub workflow annotations.
|
|
76
|
+
- Shipped in `0.1.0`.
|
|
77
|
+
- `--format github-annotations` emits `::error`, `::warning`, and `::notice` commands for GitHub Actions.
|
|
78
|
+
|
|
79
|
+
18. Add machine-readable JSON Schema documentation.
|
|
80
|
+
- Shipped in `0.1.0`.
|
|
81
|
+
- `docs/report.schema.json` describes `--format json` output and is tested against runtime ids.
|
|
82
|
+
|
|
83
|
+
## Help Wanted
|
|
84
|
+
|
|
85
|
+
Help wanted issues are clear for the current release. Add the next batch from the roadmap.
|
|
86
|
+
|
|
87
|
+
## Maintainer Routine
|
|
88
|
+
|
|
89
|
+
- Keep issues under one focused behavior.
|
|
90
|
+
- Label starter issues with `good first issue`.
|
|
91
|
+
- Ask contributors to include the command they ran.
|
|
92
|
+
- Prefer small pull requests over broad refactors.
|
|
93
|
+
- Close stale ideas gently and point to the roadmap.
|
package/docs/RELEASE.md
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Release
|
|
2
|
+
|
|
3
|
+
This project publishes two surfaces:
|
|
4
|
+
|
|
5
|
+
- npm package: `oss-pulse`
|
|
6
|
+
- GitHub composite Action: pinned repository tags such as `v0.1.0`
|
|
7
|
+
|
|
8
|
+
## Prerequisites
|
|
9
|
+
|
|
10
|
+
- npm package name is available or owned by the maintainer.
|
|
11
|
+
- GitHub repository has `NPM_TOKEN` configured as an Actions secret.
|
|
12
|
+
- The release branch passes `npm run check`.
|
|
13
|
+
|
|
14
|
+
## Local Preflight
|
|
15
|
+
|
|
16
|
+
```bash
|
|
17
|
+
npm ci
|
|
18
|
+
npm run check
|
|
19
|
+
npm run build
|
|
20
|
+
npm pack --dry-run
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
Confirm the dry-run includes `dist`, `README.md`, `CHANGELOG.md`, `LICENSE`, `action.yml`, and `package.json`.
|
|
24
|
+
|
|
25
|
+
## Publish
|
|
26
|
+
|
|
27
|
+
1. Update `CHANGELOG.md`.
|
|
28
|
+
2. Update `package.json` version.
|
|
29
|
+
3. Run the local preflight.
|
|
30
|
+
4. Create and push a tag named `vX.Y.Z`.
|
|
31
|
+
5. Create a GitHub Release from that tag.
|
|
32
|
+
6. The `Release` workflow publishes to npm with provenance.
|
|
33
|
+
|
|
34
|
+
## After Publish
|
|
35
|
+
|
|
36
|
+
- Run `npx --yes oss-pulse@X.Y.Z scan . --format markdown`.
|
|
37
|
+
- Open a pull request that uses the pinned Action tag.
|
|
38
|
+
- Add one real scan example to the README or `docs/examples/`.
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
# Report Schema
|
|
2
|
+
|
|
3
|
+
`oss-pulse scan --format json` emits one JSON object followed by a newline.
|
|
4
|
+
|
|
5
|
+
The schema is intended for CI jobs, dashboards, and repository automation that need a stable maintainer-readiness signal.
|
|
6
|
+
|
|
7
|
+
The machine-readable JSON Schema lives at [`docs/report.schema.json`](./report.schema.json). It is tested against the runtime check and action identifiers so automation consumers do not drift from CLI output.
|
|
8
|
+
|
|
9
|
+
For code scanning consumers, `oss-pulse scan --format sarif` emits a SARIF 2.1.0 log where each remediation action is represented as a SARIF result.
|
|
10
|
+
|
|
11
|
+
For GitHub Actions consumers, `oss-pulse scan --format github-annotations` emits workflow commands where high-priority actions become errors, medium-priority actions become warnings, and low-priority actions become notices.
|
|
12
|
+
|
|
13
|
+
## Top-Level Object
|
|
14
|
+
|
|
15
|
+
| Field | Type | Description |
|
|
16
|
+
| --- | --- | --- |
|
|
17
|
+
| `actions` | `PulseAction[]` | Ranked remediation actions for failed checks. Empty when `status` is `ready`. |
|
|
18
|
+
| `branch` | `string` | Current git branch, or `detached` when no branch name is available. |
|
|
19
|
+
| `checks` | `PulseCheck[]` | Every scored maintainer-readiness check in display order. |
|
|
20
|
+
| `generatedAtIso` | `string` | ISO timestamp for when the report was generated. |
|
|
21
|
+
| `latestCommitIso` | `string \| null` | ISO timestamp for the latest commit, or `null` when unavailable. |
|
|
22
|
+
| `root` | `string` | Absolute path to the scanned git repository root. |
|
|
23
|
+
| `score` | `number` | Integer score from `0` to `100`. |
|
|
24
|
+
| `status` | `"ready" \| "needs-work"` | `ready` only when `score` is `100`. |
|
|
25
|
+
|
|
26
|
+
## PulseCheck
|
|
27
|
+
|
|
28
|
+
| Field | Type | Description |
|
|
29
|
+
| --- | --- | --- |
|
|
30
|
+
| `detail` | `string` | Human-readable check detail. |
|
|
31
|
+
| `id` | `CheckId` | Stable machine-readable check id. |
|
|
32
|
+
| `label` | `string` | Short display label. |
|
|
33
|
+
| `passed` | `boolean` | Whether the check passed. |
|
|
34
|
+
| `points` | `number` | Awarded points. Failed checks always emit `0`. |
|
|
35
|
+
|
|
36
|
+
## CheckId Values
|
|
37
|
+
|
|
38
|
+
| ID | Max Points |
|
|
39
|
+
| --- | ---: |
|
|
40
|
+
| `readme` | 10 |
|
|
41
|
+
| `license` | 15 |
|
|
42
|
+
| `contributing` | 10 |
|
|
43
|
+
| `issue-template` | 5 |
|
|
44
|
+
| `good-first-issue-template` | 5 |
|
|
45
|
+
| `pull-request-template` | 10 |
|
|
46
|
+
| `security` | 10 |
|
|
47
|
+
| `ci-workflow` | 5 |
|
|
48
|
+
| `release-workflow` | 5 |
|
|
49
|
+
| `changelog` | 5 |
|
|
50
|
+
| `funding` | 5 |
|
|
51
|
+
| `external-contributors` | 5 |
|
|
52
|
+
| `code-of-conduct` | 5 |
|
|
53
|
+
| `recent-activity` | 5 |
|
|
54
|
+
|
|
55
|
+
## PulseAction
|
|
56
|
+
|
|
57
|
+
| Field | Type | Description |
|
|
58
|
+
| --- | --- | --- |
|
|
59
|
+
| `detail` | `string` | Human-readable remediation detail. |
|
|
60
|
+
| `id` | `ActionId` | Stable machine-readable action id. |
|
|
61
|
+
| `priority` | `"high" \| "medium" \| "low"` | Suggested action priority. |
|
|
62
|
+
| `title` | `string` | Short display title. |
|
|
63
|
+
|
|
64
|
+
## ActionId Values
|
|
65
|
+
|
|
66
|
+
- `add-readme`
|
|
67
|
+
- `add-license`
|
|
68
|
+
- `add-contributing-guide`
|
|
69
|
+
- `add-issue-template`
|
|
70
|
+
- `add-good-first-issue-template`
|
|
71
|
+
- `add-pull-request-template`
|
|
72
|
+
- `add-security-policy`
|
|
73
|
+
- `add-ci-workflow`
|
|
74
|
+
- `add-release-workflow`
|
|
75
|
+
- `add-changelog`
|
|
76
|
+
- `add-funding`
|
|
77
|
+
- `invite-contributors`
|
|
78
|
+
- `add-code-of-conduct`
|
|
79
|
+
- `resume-maintenance`
|
|
80
|
+
|
|
81
|
+
## Example
|
|
82
|
+
|
|
83
|
+
```json
|
|
84
|
+
{
|
|
85
|
+
"actions": [
|
|
86
|
+
{
|
|
87
|
+
"detail": "Add .github/FUNDING.yml so sponsor paths are discoverable from GitHub.",
|
|
88
|
+
"id": "add-funding",
|
|
89
|
+
"priority": "low",
|
|
90
|
+
"title": "Add funding metadata"
|
|
91
|
+
}
|
|
92
|
+
],
|
|
93
|
+
"branch": "main",
|
|
94
|
+
"checks": [
|
|
95
|
+
{
|
|
96
|
+
"detail": "README found",
|
|
97
|
+
"id": "readme",
|
|
98
|
+
"label": "README",
|
|
99
|
+
"passed": true,
|
|
100
|
+
"points": 10
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"detail": "No funding metadata",
|
|
104
|
+
"id": "funding",
|
|
105
|
+
"label": "Funding metadata",
|
|
106
|
+
"passed": false,
|
|
107
|
+
"points": 0
|
|
108
|
+
}
|
|
109
|
+
],
|
|
110
|
+
"generatedAtIso": "2026-07-08T06:30:37.183Z",
|
|
111
|
+
"latestCommitIso": null,
|
|
112
|
+
"root": "/path/to/repository",
|
|
113
|
+
"score": 85,
|
|
114
|
+
"status": "needs-work"
|
|
115
|
+
}
|
|
116
|
+
```
|
package/docs/ROADMAP.md
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# Roadmap
|
|
2
|
+
|
|
3
|
+
`oss-pulse` should stay small enough for maintainers to trust, but useful enough that real projects run it in CI.
|
|
4
|
+
|
|
5
|
+
## 0.1.x
|
|
6
|
+
|
|
7
|
+
- keep the repository health report stable
|
|
8
|
+
- ship and harden `--fail-under <score>` for CI gates
|
|
9
|
+
- ship and harden `--summary-only` for compact GitHub summaries
|
|
10
|
+
- ship and harden detector coverage for funding, changelog, and release workflow files
|
|
11
|
+
- ship and harden good-first-issue template detection
|
|
12
|
+
- ship and harden release notes draft output
|
|
13
|
+
- ship and harden contributor onboarding output
|
|
14
|
+
- ship and harden issue and pull request triage suggestions
|
|
15
|
+
- ship and harden SARIF output for code scanning integrations
|
|
16
|
+
- ship and harden GitHub workflow annotations for CI surfaces
|
|
17
|
+
- ship and harden error messages and GitHub Action documentation
|
|
18
|
+
- ship and harden JSON Schema documentation for report consumers
|
|
19
|
+
- add examples from real open source repositories
|
|
20
|
+
- keep contributor-facing issues small and reviewable
|
|
21
|
+
|
|
22
|
+
## 0.2.0
|
|
23
|
+
|
|
24
|
+
- publish a repository Action tag after npm publication
|
|
25
|
+
|
|
26
|
+
## Later
|
|
27
|
+
|
|
28
|
+
- support hosted GitHub repository scans
|
|
29
|
+
- provide a web report renderer
|
|
30
|
+
- collect anonymized benchmark examples only with explicit opt-in
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Example Reports
|
|
2
|
+
|
|
3
|
+
These examples show `oss-pulse` against public repositories, then a local what-if scan after adding the recommended maintainer surfaces in a temporary clone.
|
|
4
|
+
|
|
5
|
+
The after reports are not claims about upstream repository state. They show what the score would look like if the listed maintenance files and recent contributor activity were added.
|
|
6
|
+
|
|
7
|
+
Generated on 2026-07-08.
|
|
8
|
+
|
|
9
|
+
## Examples
|
|
10
|
+
|
|
11
|
+
- [octocat/Hello-World](octocat-hello-world.md)
|
|
12
|
+
- [sindresorhus/is](sindresorhus-is.md)
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# octocat/Hello-World Case Study
|
|
2
|
+
|
|
3
|
+
Repository: https://github.com/octocat/Hello-World
|
|
4
|
+
|
|
5
|
+
Generated on 2026-07-08 from a shallow local clone.
|
|
6
|
+
|
|
7
|
+
## Before
|
|
8
|
+
|
|
9
|
+
```text
|
|
10
|
+
Score: 10/100
|
|
11
|
+
Status: needs-work
|
|
12
|
+
Branch: master
|
|
13
|
+
Latest commit: 2012-03-06T15:06:50-08:00
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
Passing checks:
|
|
17
|
+
|
|
18
|
+
- README
|
|
19
|
+
|
|
20
|
+
First recommended actions:
|
|
21
|
+
|
|
22
|
+
1. Add LICENSE
|
|
23
|
+
2. Add CONTRIBUTING guide
|
|
24
|
+
3. Add issue template
|
|
25
|
+
4. Add good first issue template
|
|
26
|
+
5. Add pull request template
|
|
27
|
+
|
|
28
|
+
## Local What-If After
|
|
29
|
+
|
|
30
|
+
The temporary clone received:
|
|
31
|
+
|
|
32
|
+
- LICENSE, CONTRIBUTING, SECURITY, CODE_OF_CONDUCT, CHANGELOG
|
|
33
|
+
- issue, good first issue, and pull request templates
|
|
34
|
+
- CI and release workflows
|
|
35
|
+
- funding metadata
|
|
36
|
+
- two recent commits from two authors
|
|
37
|
+
|
|
38
|
+
```text
|
|
39
|
+
Score: 100/100
|
|
40
|
+
Status: ready
|
|
41
|
+
Next actions: none
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
This demonstrates the smallest maintenance-surface path from a demonstration repository to a fully passing `oss-pulse` report.
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# sindresorhus/is Case Study
|
|
2
|
+
|
|
3
|
+
Repository: https://github.com/sindresorhus/is
|
|
4
|
+
|
|
5
|
+
Generated on 2026-07-08 from a shallow local clone.
|
|
6
|
+
|
|
7
|
+
## Before
|
|
8
|
+
|
|
9
|
+
```text
|
|
10
|
+
Score: 40/100
|
|
11
|
+
Status: needs-work
|
|
12
|
+
Branch: main
|
|
13
|
+
Latest commit: 2026-05-11T22:57:22+09:00
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
Passing checks:
|
|
17
|
+
|
|
18
|
+
- README
|
|
19
|
+
- License
|
|
20
|
+
- Security policy
|
|
21
|
+
- CI workflow
|
|
22
|
+
|
|
23
|
+
First recommended actions:
|
|
24
|
+
|
|
25
|
+
1. Add CONTRIBUTING guide
|
|
26
|
+
2. Add issue template
|
|
27
|
+
3. Add good first issue template
|
|
28
|
+
4. Add pull request template
|
|
29
|
+
5. Add release workflow
|
|
30
|
+
|
|
31
|
+
## Local What-If After
|
|
32
|
+
|
|
33
|
+
The temporary clone received:
|
|
34
|
+
|
|
35
|
+
- CONTRIBUTING, CODE_OF_CONDUCT, CHANGELOG
|
|
36
|
+
- issue, good first issue, and pull request templates
|
|
37
|
+
- release workflow
|
|
38
|
+
- funding metadata
|
|
39
|
+
- two recent commits from two authors
|
|
40
|
+
|
|
41
|
+
```text
|
|
42
|
+
Score: 100/100
|
|
43
|
+
Status: ready
|
|
44
|
+
Next actions: none
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
This demonstrates how an already mature package can use `oss-pulse` to find smaller contributor-onboarding gaps.
|