diff --git a/.cspell.json b/.cspell.json new file mode 100644 index 0000000..b8c9118 --- /dev/null +++ b/.cspell.json @@ -0,0 +1,42 @@ +{ + "version": "0.2", + "language": "en", + "words": [ + "DEMA", + "Dema", + "demaconsulting", + "DemaConsulting", + "dotnet", + "Dotnet", + "nuget", + "NuGet", + "nupkg", + "Nuget", + "nuspec", + "spdx", + "SBOM", + "weasyprint", + "Weasyprint", + "WeasyPrint", + "csproj", + "netstandard", + "mkdir", + "unzip", + "wget", + "Kozea", + "courtbouillon", + "cspell", + "markdownlint", + "newword" + ], + "ignorePaths": [ + "node_modules", + ".git", + "*.nupkg", + "pack/win-x64", + "pack/tools", + "DotnetToolWrapper", + "weasyprint-windows", + "pack/_manifest" + ] +} diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..82732c1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,83 @@ +name: 🐛 Bug Report +description: Report a bug or issue with WeasyprintTool +title: "[Bug]: " +labels: ["bug"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + - type: textarea + id: description + attributes: + label: Description + description: A clear and concise description of what the bug is. + placeholder: Describe the bug... + validations: + required: true + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce + description: Steps to reproduce the behavior + placeholder: | + 1. Run command '...' + 2. See error + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: A clear and concise description of what you expected to happen. + placeholder: What should happen? + validations: + required: true + + - type: textarea + id: actual + attributes: + label: Actual Behavior + description: A clear and concise description of what actually happened. + placeholder: What actually happened? + validations: + required: true + + - type: input + id: version + attributes: + label: Version + description: What version of WeasyprintTool are you using? + placeholder: e.g., 1.0.0 + validations: + required: true + + - type: input + id: dotnet-version + attributes: + label: .NET Version + description: What version of .NET are you using? + placeholder: e.g., 8.0, 9.0, 10.0 + validations: + required: false + + - type: input + id: os + attributes: + label: Operating System + description: What operating system are you using? + placeholder: e.g., Windows 11, Ubuntu 24.04, macOS 14 + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: Add any other context about the problem here. + placeholder: Any additional information... + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..f6ef751 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,11 @@ +blank_issues_enabled: false +contact_links: + - name: 📚 Documentation + url: https://github.com/demaconsulting/WeasyprintTool/blob/main/README.md + about: Check the documentation for usage instructions + - name: 💬 Discussions + url: https://github.com/demaconsulting/WeasyprintTool/discussions + about: Ask questions and discuss ideas with the community + - name: 🌐 Weasyprint Documentation + url: https://doc.courtbouillon.org/weasyprint/stable/ + about: Official Weasyprint documentation diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..558bcb6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,45 @@ +name: ✨ Feature Request +description: Suggest a new feature or enhancement for WeasyprintTool +title: "[Feature]: " +labels: ["enhancement"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to suggest a new feature! + + - type: textarea + id: problem + attributes: + label: Problem Statement + description: Is your feature request related to a problem? Please describe. + placeholder: I'm always frustrated when... + validations: + required: true + + - type: textarea + id: solution + attributes: + label: Proposed Solution + description: Describe the solution you'd like to see. + placeholder: I would like to... + validations: + required: true + + - type: textarea + id: alternatives + attributes: + label: Alternatives Considered + description: Describe any alternative solutions or features you've considered. + placeholder: Alternative approaches... + validations: + required: false + + - type: textarea + id: additional + attributes: + label: Additional Context + description: Add any other context, screenshots, or examples about the feature request here. + placeholder: Any additional information... + validations: + required: false diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6daf737 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,29 @@ +version: 2 +updates: + # GitHub Actions dependencies + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + groups: + github-actions: + patterns: + - "*" + labels: + - "dependencies" + - "github-actions" + + # NuGet dependencies + - package-ecosystem: "nuget" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + groups: + nuget: + patterns: + - "*" + labels: + - "dependencies" + - "nuget" diff --git a/.github/workflows/build-on-push.yaml b/.github/workflows/build-on-push.yaml index ffd439c..984e142 100644 --- a/.github/workflows/build-on-push.yaml +++ b/.github/workflows/build-on-push.yaml @@ -3,8 +3,23 @@ name: Build on: [push] jobs: + quality-checks: + name: Quality Checks + runs-on: ubuntu-24.04 + permissions: + contents: read + steps: + - uses: actions/checkout@v6 + + - name: Check Spelling + run: npx cspell "**/*.md" + + - name: Lint Markdown + run: npx markdownlint-cli "**/*.md" + build: name: Build Artifacts + needs: quality-checks uses: ./.github/workflows/build.yaml with: wrapper: "1.2.0" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e47d81a --- /dev/null +++ b/.gitignore @@ -0,0 +1,21 @@ +# Node modules (for quality checks) +node_modules/ + +# Build artifacts +*.nupkg +DotnetToolWrapper/ +weasyprint-windows/ +pack/win-x64/ +pack/_manifest/ + +# OS files +.DS_Store +Thumbs.db + +# IDE files +.vscode/ +.idea/ +*.suo +*.user +*.userosscache +*.sln.docstates diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 0000000..d2fd493 --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,9 @@ +{ + "default": true, + "MD013": false, + "MD033": { + "allowed_elements": ["img", "br", "details", "summary"] + }, + "MD041": false, + "no-hard-tabs": false +} diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..f952e9c --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,169 @@ +# Agent Instructions + +This document contains instructions for AI agents working on the WeasyprintTool project. + +## Overview + +WeasyprintTool is a repackaging of [Weasyprint][weasyprint-url] as a [.NET tool][dotnet-tools-url]. The project uses GitHub Actions for building and releasing the NuGet package. + +## Project Structure + +- `/pack/` - NuGet package configuration and build files + - `DemaConsulting.WeasyprintTool.csproj` - Project file + - `DemaConsulting.WeasyprintTool.nuspec` - NuGet package specification + - `/tools/` - .NET tool binaries (populated during build) + - `/win-x64/` - Windows x64 Weasyprint binaries (populated during build) +- `/.github/` - GitHub Actions workflows and templates + - `/workflows/` - CI/CD workflows + - `/ISSUE_TEMPLATE/` - Issue templates for bugs and features +- Configuration files: + - `.cspell.json` - Spelling check configuration + - `.markdownlint.json` - Markdown linting configuration + - `.gitignore` - Git ignore patterns + +## Important Rules + +### README.md Requirements + +**CRITICAL**: The `README.md` file is distributed in the NuGet package. It has special requirements: + +- **All links MUST be absolute URLs** (e.g., `https://github.com/demaconsulting/WeasyprintTool/...`) +- **NEVER use relative links** (e.g., `./CONTRIBUTING.md`, `#section`) +- This ensures links work correctly when README.md is viewed in the NuGet package +- Always verify links in README.md are absolute before committing + +### Markdown Link Format + +All Markdown files should use the reference link format: + +```markdown +[link text][reference-id] + +[reference-id]: https://example.com +``` + +Benefits: + +- Easier to maintain links +- More readable text +- Consistent style across documentation + +### Quality Checks + +Before completing any task, always run these quality checks: + +1. **Spelling**: `npx cspell "**/*.md"` + - Checks spelling in all Markdown files + - Add project-specific words to `.cspell.json` if needed + - Never commit files with spelling errors + +2. **Markdown Linting**: `npx markdownlint-cli "**/*.md"` + - Checks Markdown formatting + - Ensures consistent style + - Fix all warnings before committing + +3. **Build Verification**: Check that workflows pass + - Quality Checks job should pass + - Build job should pass + +### Testing Changes + +When making changes: + +1. Run spelling check: `npx cspell "**/*.md"` +2. Run markdown lint: `npx markdownlint-cli "**/*.md"` +3. Fix any issues found +4. Verify changes work as expected +5. Commit only after all checks pass + +## Build Process + +The project uses GitHub Actions workflows: + +1. **build-on-push.yaml** - Triggers on every push + - Runs quality checks (spelling, markdown linting) + - Calls build.yaml workflow +2. **build.yaml** - Reusable build workflow + - Downloads DotnetToolWrapper + - Downloads Weasyprint binaries + - Generates SBOM (Software Bill of Materials) + - Creates NuGet package +3. **release.yaml** - Handles releases + - Creates releases with proper versioning + +## Dependencies + +### External Dependencies + +- [DotnetToolWrapper][wrapper-url] - .NET tool wrapper framework +- [Weasyprint][weasyprint-url] - Document factory (Python-based) + +### Dependency Updates + +Dependabot is configured to automatically: + +- Update GitHub Actions weekly +- Update NuGet packages weekly +- Group updates to reduce PR count + +## Code Style + +- Follow existing patterns in the codebase +- Keep changes minimal and focused +- Write clear commit messages +- Update documentation when needed + +## Documentation + +When updating documentation: + +- Use Markdown reference links +- Check spelling with cspell +- Lint with markdownlint +- Ensure README.md uses absolute URLs only +- Keep documentation concise and clear + +## Common Tasks + +### Adding a Word to Spell Check + +Edit `.cspell.json` and add to the `words` array: + +```json +{ + "words": [ + "newword" + ] +} +``` + +### Updating Weasyprint Version + +Edit `.github/workflows/build-on-push.yaml` and `.github/workflows/release.yaml` to update the `weasyprint` version input. + +### Adding Issue Templates + +Add new templates to `.github/ISSUE_TEMPLATE/` following the existing format. + +## Quality Standards + +All changes must: + +1. Pass spelling checks (`cspell`) +2. Pass markdown linting (`markdownlint`) +3. Follow documentation standards +4. Use absolute URLs in README.md +5. Use reference-style links in Markdown +6. Include appropriate tests/validation + +## Resources + +- [Weasyprint Documentation][weasyprint-docs-url] +- [.NET Tools Documentation][dotnet-tools-url] +- [GitHub Actions Documentation][github-actions-url] + +[weasyprint-url]: https://weasyprint.org/ +[weasyprint-docs-url]: https://doc.courtbouillon.org/weasyprint/stable/ +[dotnet-tools-url]: https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools +[wrapper-url]: https://github.com/demaconsulting/DotnetToolWrapper +[github-actions-url]: https://docs.github.com/en/actions diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..e56a3a0 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,133 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[https://github.com/demaconsulting/WeasyprintTool][contact-url]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][covenant-url]. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder][mozilla-url]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq-url]. Translations are available at +[https://www.contributor-covenant.org/translations][translations-url]. + +[homepage]: https://www.contributor-covenant.org +[covenant-url]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html +[mozilla-url]: https://github.com/mozilla/diversity +[faq-url]: https://www.contributor-covenant.org/faq +[translations-url]: https://www.contributor-covenant.org/translations +[contact-url]: https://github.com/demaconsulting/WeasyprintTool diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..f692ad3 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,138 @@ +# Contributing to WeasyprintTool + +Thank you for your interest in contributing to WeasyprintTool! This document provides guidelines and instructions for contributing to this project. + +## Code of Conduct + +This project adheres to a Code of Conduct. By participating, you are expected to uphold this code. Please read [CODE_OF_CONDUCT.md][code-of-conduct-url] before contributing. + +## How to Contribute + +### Reporting Bugs + +If you find a bug, please report it by: + +1. Checking if the issue already exists in [GitHub Issues][issues-url] +2. If not, create a new issue using the bug report template +3. Provide as much detail as possible including: + - Version of WeasyprintTool + - .NET version + - Operating system + - Steps to reproduce + - Expected vs actual behavior + +### Suggesting Features + +We welcome feature suggestions! To suggest a feature: + +1. Check if the feature has already been requested in [GitHub Issues][issues-url] +2. If not, create a new issue using the feature request template +3. Describe the problem you're trying to solve +4. Explain your proposed solution +5. Consider any alternatives you've thought about + +### Contributing Code + +1. **Fork the repository** on GitHub +2. **Clone your fork** locally +3. **Create a branch** for your changes +4. **Make your changes** following our coding standards +5. **Test your changes** thoroughly +6. **Commit your changes** with clear commit messages +7. **Push to your fork** and submit a pull request + +## Development Guidelines + +### Project Structure + +- `/pack/` - NuGet package configuration and build files +- `/.github/` - GitHub Actions workflows and templates +- `README.md` - Project documentation (distributed in NuGet package) + +### Coding Standards + +- Follow existing code style and conventions +- Write clear, self-documenting code +- Add comments only when necessary to explain complex logic + +### Documentation Standards + +#### README.md Special Requirements + +The `README.md` file is distributed in the NuGet package and has special requirements: + +- **All links MUST use absolute URLs** (e.g., `https://github.com/...`) +- **Do NOT use relative links** (e.g., `./CONTRIBUTING.md`) +- This ensures links work correctly when the README is viewed in the NuGet package + +#### Markdown Link Format + +All Markdown files should use the reference link format: + +```markdown +[link text][reference-id] + +[reference-id]: https://example.com +``` + +This makes links easier to maintain and read. + +### Quality Checks + +Before submitting a pull request: + +1. **Spelling**: Run `npx cspell "**/*.md"` to check spelling +2. **Markdown Linting**: Run `npx markdownlint-cli "**/*.md"` to check formatting +3. **Build**: Ensure the project builds successfully +4. **Testing**: Test your changes thoroughly + +The CI pipeline will automatically run these checks on your pull request. + +### Commit Messages + +- Use clear, descriptive commit messages +- Start with a verb in present tense (e.g., "Add feature", "Fix bug") +- Keep the first line under 72 characters +- Add details in the body if needed + +## Building the Project + +WeasyprintTool uses GitHub Actions for building. The build process: + +1. Downloads the DotnetToolWrapper +2. Downloads Weasyprint binaries +3. Creates the NuGet package + +To test the build locally, you can examine the workflow files in `.github/workflows/`. + +## Testing + +- Test your changes with different .NET versions (8.0, 9.0, 10.0) +- Test on different operating systems when possible +- Verify the tool works correctly with various Weasyprint commands + +## Pull Request Process + +1. Update documentation if needed +2. Ensure all quality checks pass (spelling, markdown linting) +3. Update the README.md if you're changing functionality +4. Your pull request will be reviewed by maintainers +5. Address any feedback from reviewers +6. Once approved, your changes will be merged + +## Questions? + +If you have questions about contributing: + +- Check existing [GitHub Issues][issues-url] +- Start a [GitHub Discussion][discussions-url] +- Review the [README.md][readme-url] + +## License + +By contributing to WeasyprintTool, you agree that your contributions will be licensed under the BSD-3-Clause License. + +[code-of-conduct-url]: https://github.com/demaconsulting/WeasyprintTool/blob/main/CODE_OF_CONDUCT.md +[issues-url]: https://github.com/demaconsulting/WeasyprintTool/issues +[discussions-url]: https://github.com/demaconsulting/WeasyprintTool/discussions +[readme-url]: https://github.com/demaconsulting/WeasyprintTool/blob/main/README.md diff --git a/README.md b/README.md index fe3396a..242b2bc 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,60 @@ -![GitHub forks](https://img.shields.io/github/forks/demaconsulting/WeasyprintTool?style=plastic) -![GitHub Repo stars](https://img.shields.io/github/stars/demaconsulting/WeasyprintTool?style=plastic) -![GitHub contributors](https://img.shields.io/github/contributors/demaconsulting/WeasyprintTool?style=plastic) -![GitHub](https://img.shields.io/github/license/demaconsulting/WeasyprintTool?style=plastic) +![GitHub forks][forks-badge] +![GitHub Repo stars][stars-badge] +![GitHub contributors][contributors-badge] +![GitHub][license-badge] +[![NuGet][nuget-badge]][nuget-url] # About -WeasyprintTool is a repackaging of the [Weasyprint](https://weasyprint.org/) document factory as a [Dotnet tool](https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools). +WeasyprintTool is a repackaging of the [Weasyprint][weasyprint-url] document factory as a [.NET tool][dotnet-tools-url]. -Weasyprint is already available in numerous formats for [installation](https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#installation). -Packaging it as a Dotnet tool allows for multiple versions to be installed and cached on a system +Weasyprint is already available in numerous formats for [installation][weasyprint-install-url]. +Packaging it as a .NET tool allows for multiple versions to be installed and cached on a system simultaneously, and users can control which version is used through a -[Dotnet tool manifest file](https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools#install-a-local-tool). - +[.NET tool manifest file][dotnet-manifest-url]. # Installation & Usage -The following will add WeasyprintTool to a Dotnet tool manifest file: +The following will add WeasyprintTool to a .NET tool manifest file: -``` +```bash dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local DEMAConsulting.WeasyprintTool ``` The tool can then be executed by: -``` +```bash dotnet weasyprint -``` \ No newline at end of file +``` + +# Contributing + +We welcome contributions! Please see our [Contributing Guide][contributing-url] for details. + +# Code of Conduct + +This project has adopted a Code of Conduct. Please see [CODE_OF_CONDUCT.md][code-of-conduct-url] for details. + +# Security + +For information on reporting security vulnerabilities, please see our [Security Policy][security-url]. + +# License + +This project is licensed under the BSD-3-Clause License - see the [LICENSE][license-url] file for details. + +[forks-badge]: https://img.shields.io/github/forks/demaconsulting/WeasyprintTool?style=plastic +[stars-badge]: https://img.shields.io/github/stars/demaconsulting/WeasyprintTool?style=plastic +[contributors-badge]: https://img.shields.io/github/contributors/demaconsulting/WeasyprintTool?style=plastic +[license-badge]: https://img.shields.io/github/license/demaconsulting/WeasyprintTool?style=plastic +[nuget-badge]: https://img.shields.io/nuget/v/DEMAConsulting.WeasyprintTool?style=plastic&logo=nuget +[nuget-url]: https://www.nuget.org/packages/DEMAConsulting.WeasyprintTool/ +[weasyprint-url]: https://weasyprint.org/ +[weasyprint-install-url]: https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#installation +[dotnet-tools-url]: https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools +[dotnet-manifest-url]: https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools#install-a-local-tool +[contributing-url]: https://github.com/demaconsulting/WeasyprintTool/blob/main/CONTRIBUTING.md +[code-of-conduct-url]: https://github.com/demaconsulting/WeasyprintTool/blob/main/CODE_OF_CONDUCT.md +[security-url]: https://github.com/demaconsulting/WeasyprintTool/blob/main/SECURITY.md +[license-url]: https://github.com/demaconsulting/WeasyprintTool/blob/main/LICENSE diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..4f0db76 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,57 @@ +# Security Policy + +## Supported Versions + +We provide security updates for the following versions of WeasyprintTool: + +| Version | Supported | +| ------- | ------------------ | +| Latest | :white_check_mark: | +| < Latest| :x: | + +We recommend always using the latest version of WeasyprintTool to ensure you have the most recent security patches and improvements. + +## Reporting a Vulnerability + +If you discover a security vulnerability in WeasyprintTool, please report it by following these steps: + +1. **Do NOT** open a public issue on GitHub +2. Report the vulnerability privately through [GitHub Security Advisories][security-url] +3. Provide a detailed description of the vulnerability including: + - Steps to reproduce the issue + - Potential impact of the vulnerability + - Suggested fix (if available) + +We take all security reports seriously and will respond as quickly as possible to address the issue. + +## Security Update Process + +When a security vulnerability is reported: + +1. We will acknowledge receipt of your report within 48 hours +2. We will investigate and validate the vulnerability +3. We will develop and test a fix +4. We will release a new version with the security fix +5. We will publicly disclose the vulnerability after the fix is available + +## Dependencies + +WeasyprintTool wraps the [Weasyprint][weasyprint-url] document factory. Security vulnerabilities in Weasyprint should be reported to the Weasyprint project directly: + +- [Weasyprint Security Information][weasyprint-security-url] + +We monitor Weasyprint releases and update WeasyprintTool when security fixes are available. + +## Best Practices + +When using WeasyprintTool: + +- Always use the latest version +- Review the release notes for security updates +- Use [.NET tool manifests][tool-manifest-url] to manage versions in your projects +- Monitor [GitHub Security Advisories][security-url] for this repository + +[security-url]: https://github.com/demaconsulting/WeasyprintTool/security/advisories +[weasyprint-url]: https://weasyprint.org/ +[weasyprint-security-url]: https://github.com/Kozea/WeasyPrint/security +[tool-manifest-url]: https://learn.microsoft.com/en-us/dotnet/core/tools/global-tools