Merge pull request #43 from shipt/development

Master

.circleci/config.yml

@@ -37,7 +37,7 @@ jobs:
           command: cd osmosis; yarn build
       - run:
           name: Publish package
-          command: cd osmosis; npm publish
+          command: cd osmosis; npm publish --access public
 
 workflows:
   version: 2.1

.github/workflows/sast.yaml

@@ -0,0 +1,76 @@
+# This workflow is to automate Checkmarx SAST scans.  It runs on a push to the main branch.
+#
+# The following GitHub Secrets must be first defined:
+#   - CHECKMARX_URL
+#   - CHECKMARX_USER
+#   - CHECKMARX_PASSWORD
+#   - CHECKMARX_CLIENT_SECRET
+#
+# The following variables must be inserted below:
+#   - <ProjectName>
+#
+# Update the 'team' field to reflect the team name used in Checkmarx.
+#
+# For full documentation, including a list of all inputs, please refer to the README https://github.com/checkmarx-ts/checkmarx-cxflow-github-action
+
+name: Checkmarx SAST Scan
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+      - development
+  push:
+    branches:
+    - master
+    - main
+    - development
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Slack-start-of-scan
+      uses: archive/[email protected]
+      id: notify1
+      with:
+        slack-bot-user-oauth-access-token: ${{ secrets.SAST_SLACK_TOKEN }}
+        slack-channel: ${{ secrets.SAST_SLACK_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's
+        slack-text: Started security scanning of code for project ${{ github.event.repository.name }}...
+        slack-optional-icon_emoji: ":fire:"
+    - name: Checkmarx CxFlow Action
+      uses: checkmarx-ts/[email protected] #Github Action version
+      with:
+        project: ${{ github.event.repository.name }} # <-- Insert Checkmarx SAST Project Name
+        team: /CxServer
+        checkmarx_url: ${{ secrets.CHECKMARX_URL }} # To be stored in GitHub Secrets.
+        checkmarx_username: ${{ secrets.CHECKMARX_USER }} # To be stored in GitHub Secrets.
+        checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }} # To be stored in GitHub Secrets.
+        checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }} # To be stored in GitHub Secrets.
+        break_build: false
+        incremental: true 
+        scanners: sast
+        bug_tracker: Sarif
+        params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }}
+    - name: Slack-end-of-scan
+      uses: archive/[email protected]
+      id: notify2
+      with:
+        slack-bot-user-oauth-access-token: ${{ secrets.SAST_SLACK_TOKEN }}
+        slack-channel: ${{ secrets.SAST_SLACK_CHANNEL }} #USE CHANNEL ID, NOT CHANNEL NAME, SINCE ID IS USED IN NEW SLACK API's
+        slack-text: Completed security scanning of code for project ${{ github.event.repository.name }} report https://github.com/shipt/${{github.event.repository.name}}/security/code-scanning
+        slack-optional-icon_emoji: ":completed:"        
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: cx.sarif   
+    # - name: Upload report to slack
+    #   id: report-upload-slack
+    #   uses: adrey/slack-file-upload-action@master
+    #   with:
+    #     token: ${{ secrets.SAST_SLACK_TOKEN }}
+    #     path: cx.sarif
+    #     channel: ${{ secrets.SAST_SLACK_CHANNEL }}
+
+

CHANGELOG.md

@@ -0,0 +1,4 @@
+# Change Log
+## v1.0.0
+
+* Initial release as a separate repo

CONTRIBUTING.md

@@ -0,0 +1,47 @@
+# Contributing to Osmosis
+
+## Welcome
+
+We are glad you are here! We think it's awesome that you want to spend time helping us make Osmosis even better. We really value the community we get to be a part of, and we are grateful for your contribution.
+
+Contribution requires signing a Contributor License Agreement (CLA) via HelloSign, a process automated as a part of a pull request. Your Github email address must match the email address used to sign the CLA. Github has [documentation](https://help.github.com/articles/setting-your-commit-email-address-on-github/) on setting email addresses. Your git email must also match this email address.
+
+## How to Contribute to Osmosis
+
+The basic workflow:
+
+1. You have an idea or see something that you want to fix, so ...
+2. Fork Osmosis.
+3. Start a new branch for your feature.
+   - Branch prefixes we use:
+     - `feature/`: for features
+     - `support/`: for general refactoring
+     - `hotfix/`: something broke and we need to fix it now
+4. Submit a Pull Request! Do it early and mark it `WIP` so a maintainer knows it's not ready for review just yet.
+5. If you haven't signed our CLA before, then you will receive an email from HelloSign to sign the CLA.
+   - The CLA request will be sent to the email address associated with your github account.
+   - You cannot have your PR merged without signing the PR.
+   - If you already submitted a PR and need to correct your user.name and/or user.email please do so and then use `git commit --amend --reset-author` and then `git push --force` to correct the PR.
+6. Request review from one of our maintainers.
+7. Get Approval. We'll let you know if there are any changes that are needed.
+8. Boom! You can merge your changes into Osmosis.
+
+Pull Requests:
+
+- Submit a PR to get your changes approved.
+- Request review from a [maintainer](MAINTAINERS.md).
+- Make sure you include an explanation of what's changed, why, and anything these changes affect.
+- The CLA-bot will confirm that you're approved to contribute.
+- Our maintainer will review and approve your PR.
+- Merge!
+
+## Community Guidelines
+
+1. Be Kind
+   - Working with us should be a fun learning opportunity, and we want it to be a good experience for everyone. Please treat each other with respect.
+   - If something looks outdated or incorrect, please let us know! We want to make Osmosis as useful as possible.
+2. Own Your Work
+   - Creating a PR for Osmosis is your first step to becoming a contributor, so make sure that you own your changes.
+   - Our maintainers will do their best to respond to you in a timely manner, but we ask the same from you as the contributor.
+
+## _Thank you!_

LICENSE → LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Shipt
+Copyright (c) 2021 Shipt, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

MAINTAINERS.md

@@ -0,0 +1 @@
+### [Chace Burnette](https://github.com/chaceburnette)

README.md

@@ -1,9 +1,13 @@
 <p align="center">
-<img width="300" src=".github/logo.png" />
+<img width="300" src="https://github.com/shipt/osmosis/blob/master/logo.png" />
 </p>
 
 Osmosis utilizes React context and allows you to create your own custom hooks to provide lightweight and modularized global state management for any React or React Native project.
 
-# Links
+## Links
 - [Documentation](https://github.com/shipt/osmosis/tree/master/osmosis)
 - [Example Project](https://github.com/shipt/osmosis/tree/master/examples/counter-react)
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details.

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0     | :white_check_mark: |
+
+## Reporting a Vulnerability or Security Issue
+Shipt's security and engineering teams take security bugs in our software and applications very seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions. We have a few options available to accept these reports:
+
+ - Our public bug bounty program at HackerOne - https://hackerone.com/Shipt (this is the preferred and most efficient method)
+
+ - Via email: Send an email to [email protected] with a detailed proof of concept (POC) and/or evidence clearly outlining the vulnerability. Please include the string "Shipt OSS Vulnerability - Osmosis" in the subject line.
+
+With either method you choose above, Shipt's information security team will send a response outlining any next steps necessary in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and/or disclosure (if applicable) and may ask for additional information or guidance regarding the issue. 
+
+NOTE: Please report security bugs in third-party modules, libraries, and/or dependencies to the person, organization, or team that owns and/or supports those resources.

examples/counter-react/package.json

@@ -3,13 +3,13 @@
   "version": "0.1.0",
   "private": true,
   "dependencies": {
+    "@shipt/osmosis": "../../osmosis",
     "@testing-library/jest-dom": "^4.2.4",
     "@testing-library/react": "^9.3.2",
     "@testing-library/user-event": "^7.1.2",
-    "@shipt/osmosis": "../../osmosis",
     "react": "^16.13.1",
     "react-dom": "^16.13.1",
-    "react-scripts": "3.4.1"
+    "react-scripts": "4.0.3"
   },
   "scripts": {
     "start": "react-scripts start",

examples/counter-react/src/counter.js

@@ -1,7 +1,7 @@
 import React, { useContext } from 'react';
 import { CounterContext } from './store';
 
-export default () => {
+const Counter = () => {
   const [counterContext] = useContext(CounterContext);
   let { count } = counterContext.state;
 
@@ -17,3 +17,5 @@ export default () => {
     </div>
   );
 };
+
+export default Counter;

examples/counter-react/src/store/counter.store.js

@@ -1,4 +1,4 @@
-import React, { useState } from 'react';
+import { useState } from 'react';
 import { setupStore } from '@shipt/osmosis';
 
 const useCounterContainer = () => {