mirror of
https://github.com/ChuckBuilds/LEDMatrix.git
synced 2026-04-10 21:03:01 +00:00
38773044e9
Tier 1 organizational files that any open-source project at LEDMatrix's maturity is expected to have. None of these existed before. They're additive — no existing content was rewritten. CODE_OF_CONDUCT.md - Contributor Covenant 2.1 (the de facto standard for open-source projects). Mentions both the Discord and the GitHub Security Advisories channel for reporting violations. SECURITY.md - Private vulnerability disclosure flow with two channels: GitHub Security Advisories (preferred) and Discord DM. - Documents the project's known security model as intentional rather than vulnerabilities: no web UI auth, plugins run unsandboxed, display service runs as root for GPIO access, config_secrets.json is plaintext. These match the limitations already called out in PLUGIN_QUICK_REFERENCE.md and the audit flagging from earlier in this PR. - Out-of-scope section points users at upstream (rpi-rgb-led-matrix, third-party plugins) so reports land in the right place. .github/PULL_REQUEST_TEMPLATE.md - 10-line checklist that prompts for the things that would have caught the bugs in this very PR: did you load the changed plugin once, did you update docs alongside code, are there any plugin compatibility implications. - Linked from CONTRIBUTING.md for the full flow. README.md - Added a License section near the bottom (the README previously said nothing about the license despite the project being GPL-3.0). - Added a Contributing section pointing at CONTRIBUTING.md and SECURITY.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
63 lines
1.7 KiB
Markdown
63 lines
1.7 KiB
Markdown
# Pull Request
|
|
|
|
## Summary
|
|
|
|
<!-- 1-3 sentences describing what this PR does and why. -->
|
|
|
|
## Type of change
|
|
|
|
<!-- Check all that apply. -->
|
|
|
|
- [ ] Bug fix
|
|
- [ ] New feature
|
|
- [ ] Documentation
|
|
- [ ] Refactor (no functional change)
|
|
- [ ] Build / CI
|
|
- [ ] Plugin work (link to the plugin)
|
|
|
|
## Related issues
|
|
|
|
<!-- "Fixes #123" or "Refs #123". Use "Fixes" for bug PRs so the issue
|
|
auto-closes when this merges. -->
|
|
|
|
## Test plan
|
|
|
|
<!-- How did you test this? Check all that apply. Add details for any
|
|
checked box. -->
|
|
|
|
- [ ] Ran on a real Raspberry Pi with hardware
|
|
- [ ] Ran in emulator mode (`EMULATOR=true python3 run.py`)
|
|
- [ ] Ran the dev preview server (`scripts/dev_server.py`)
|
|
- [ ] Ran the test suite (`pytest`)
|
|
- [ ] Manually verified the affected code path in the web UI
|
|
- [ ] N/A — documentation-only change
|
|
|
|
## Documentation
|
|
|
|
- [ ] I updated `README.md` if user-facing behavior changed
|
|
- [ ] I updated the relevant doc in `docs/` if developer behavior changed
|
|
- [ ] I added/updated docstrings on new public functions
|
|
- [ ] N/A — no docs needed
|
|
|
|
## Plugin compatibility
|
|
|
|
<!-- For changes to BasePlugin, the plugin loader, the web UI, or the
|
|
config schema. -->
|
|
|
|
- [ ] No plugin breakage expected
|
|
- [ ] Some plugins will need updates — listed below
|
|
- [ ] N/A — change doesn't touch the plugin system
|
|
|
|
## Checklist
|
|
|
|
- [ ] My commits follow the message convention in `CONTRIBUTING.md`
|
|
- [ ] I read `CONTRIBUTING.md` and `CODE_OF_CONDUCT.md`
|
|
- [ ] I've not committed any secrets or hardcoded API keys
|
|
- [ ] If this adds a new config key, the form in the web UI was
|
|
verified (the form is generated from `config_schema.json`)
|
|
|
|
## Notes for reviewer
|
|
|
|
<!-- Anything reviewers should know — gotchas, things you weren't
|
|
sure about, decisions you'd like a second opinion on. -->
|