├── README.md ├── .github ├── ISSUE_TEMPLATE │ ├── issue.md │ └── join.yml └── workflows │ └── join.yml └── profile └── README.md /README.md: -------------------------------------------------------------------------------- 1 | profile/README.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/issue.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Report an issue 3 | about: Report a bug/request a feature/... 4 | --- 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/join.yml: -------------------------------------------------------------------------------- 1 | name: Join the team 2 | description: Request membership in the GitHub Debian team 3 | title: "please add me to this organization" 4 | labels: ["join", "auto join"] 5 | body: 6 | - type: markdown 7 | attributes: 8 | value: | 9 | If you maintain a package whose upstream developers use GitHub, the Debian organization is the right 10 | place for mirroring such a project in order to forward patches upstream. 11 | 12 | Note that the @Debian GitHub organization is not intended to serve as the canonical (specified with 13 | `Vcs-*` fields of *debian/control*) location for corresponding Debian source packages. 14 | Most often such repositories should be made available on the Debian project's public forge 15 | [Salsa](https://salsa.debian.org/) to guarantee [autonomy](https://web.archive.org/web/20081002034726/http://autonomo.us/2008/07/franklin-street-statement/). 16 | 17 | In order to make ensure that you are a [Debian Member](https://nm.debian.org/members/) and not a 3rd party 18 | trying to impersonate you, we would like to ask you to provide a *signed* membership request. 19 | 20 | Something like the following 21 | 22 | ~~~sh 23 | echo "Please add me (Debian user '${DEBEMAIL%@*}') to the Debian GitHub organization" | gpg --clear-sign 24 | ~~~ 25 | 26 | If you want to provide additional information, just add it to the signed message (before signing it). 27 | - type: textarea 28 | id: signed-message 29 | attributes: 30 | label: Your signed membership application 31 | description: Please prove your association with Debian with an OpenPGP signed membership request. 32 | placeholder: | 33 | -----BEGIN PGP SIGNED MESSAGE----- 34 | Hash: SHA512 35 | 36 | Please add me (Debian user 'root') to the Debian GitHub organization 37 | -----BEGIN PGP SIGNATURE----- 38 | 39 | iQIzBAEBCAAdFiEEdAXnRVdICXNIABVttlAZxH96NvgFAmHoLcUACgkQtlAZx... 40 | -----END PGP SIGNATURE----- 41 | render: plain text 42 | validations: 43 | required: true 44 | -------------------------------------------------------------------------------- /profile/README.md: -------------------------------------------------------------------------------- 1 | README 2 | ====== 3 | 4 | [Debian](https://www.debian.org) packages, maintains and distributes many 5 | projects developed using GitHub. This account was created to facilitate 6 | push/pull interactions with the upstream developers of such projects. If 7 | you maintain a package whose upstream developers use GitHub, please feel 8 | free to join this group and mirror such project here. 9 | 10 | This account is not intended to serve as the canonical (specified with 11 | Vcs-* fields of debian/control) location for corresponding Debian 12 | source packages. Most often such repositories should be made 13 | available on the Debian project's public forge 14 | [Salsa](https://salsa.debian.org) to guarantee 15 | [autonomy](https://web.archive.org/web/20081002034726/http://autonomo.us/2008/07/franklin-street-statement/). 16 | 17 | How to join 18 | ----------- 19 | 20 | Open a [**new** issue](https://github.com/Debian/.github/issues/new/choose) 21 | with a signed statement asking to be added to the organization. 22 | The signature needs to be made with your PGP key currently in the 23 | Debian keyring. 24 | All active Debian Developers will be approved. 25 | 26 | Tips 27 | ---- 28 | 29 | You might find following tools available from Debian useful for 30 | your interaction with GitHub 31 | 32 | [github-backup](https://github-backup.branchable.com/) 33 | backs up everything GitHub knows about a repository, to the repository 34 | 35 | 36 | Acknowledgements 37 | --------------- 38 | 39 | Many thanks to the GitHub admins for their prompt action to release the 40 | previous (unused) "Debian" account. 41 | 42 | 43 | Disclaimers 44 | ----------- 45 | 46 | This GitHub organization is not an endorsement of GitHub by Debian. 47 | Debian does not maintain or distribute the GitHub engine codebase 48 | because it is not available under free and open-source license (see 49 | [Wikipedia](https://en.wikipedia.org/wiki/Forge_%28software%29) for a 50 | list of available free and open-source alternatives). Moreover, this 51 | GitHub organization is not an official part of the Debian project. It 52 | is maintained by individual Debian developers (signed below) with the 53 | sole purpose of being useful. 54 | 55 | -- Charles Plessy Thu, 14 Jun 2012 09:11:55 +0900 56 | 57 | -- Yaroslav Halchenko Thu, 14 Jun 2012 13:22:03 -0400 58 | -------------------------------------------------------------------------------- /.github/workflows/join.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Check Join Requests 3 | 4 | on: 5 | issues: 6 | types: [opened] 7 | 8 | jobs: 9 | 10 | keycheck: 11 | name: Check requirements 12 | if: contains(github.event.issue.labels.*.name, 'auto join') 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Check signature of join request 16 | id: openpgp-check 17 | env: 18 | DATA: ${{ github.event.issue.body }} 19 | run: | 20 | echo "${DATA}" > file.txt 21 | sed -e '0,/^```plain text$/d' -e '/```$/,$d' -i file.txt 22 | 23 | rm -rf mygpg 24 | mkdir -v -m 0700 mygpg 25 | 26 | gpg --homedir mygpg --verify --status-fd 1 file.txt 2>/dev/null || true 27 | # 0: success 28 | # 2: no public key 29 | echo "extracting OpenPGP certificate ID..." 30 | key=$(gpg --homedir mygpg --verify --status-fd 1 file.txt 2>/dev/null | awk '{if ($2 == "ERRSIG") print $9; else if ($2 == "VALIDSIG") print $3}') 31 | echo "KEY: ${key}" 32 | echo "fetching OpenPGP certificate from keyring.debian.org..." 33 | gpg --homedir mygpg --keyserver keyring.debian.org --recv-keys "$key" 34 | debuser=$(gpg --homedir mygpg -k ${key} | grep -E "^uid[[:space:]].*@debian.org>" | sed -e 's|.*<\([^@]*\)@debian.org>.*|\1|' | head -1) 35 | userid=$(gpg --homedir mygpg -k ${key} | grep -E "^uid[[:space:]].*\[" | sed -e 's|.*][[:space:]]*||' -e '/^[[:space:]]*$/d' | head -1) 36 | echo "primary USER: ${userid}" 37 | echo "Debian USER: ${debuser}" 38 | echo "verifying the signature..." 39 | gpg --homedir mygpg --verify file.txt 40 | echo "DEBUSER=${debuser}" >> $GITHUB_OUTPUT 41 | echo "USERID=${userid}" >> $GITHUB_OUTPUT 42 | outputs: 43 | deb-username: ${{ steps.openpgp-check.outputs.DEBUSER }} 44 | pgp-userid: ${{ steps.openpgp-check.outputs.USERID }} 45 | 46 | decline: 47 | name: Decline membership 48 | if: always() && (needs.keycheck.result == 'failure') 49 | runs-on: ubuntu-latest 50 | needs: ["keycheck"] 51 | steps: 52 | - name: Close issue 53 | uses: peter-evans/close-issue@v2 54 | with: 55 | comment: | 56 | It seems that the membership application was either not PGP signed at all, or signed with a key that is not currently in the Debian keyring (as offered by https://keyring.debian.org). 57 | The [Debian GitHub](https://github.com/Debian) organization is intended for [Debian Developers (DD)](https://wiki.debian.org/DebianDeveloper). 58 | 59 | Therefore this issue is closed automatically. 60 | If you feel that this is unwarranted (e.g. because the auto-closing :robot: has a bug), please leave a comment. 61 | 62 | debuser: 63 | name: Debian Developer 64 | runs-on: ubuntu-latest 65 | needs: ["keycheck"] 66 | if: "${{ needs.keycheck.outputs.deb-username != '' }}" 67 | steps: 68 | - name: Post username 69 | env: 70 | DEBUSERNAME: ${{ needs.keycheck.outputs.deb-username }} 71 | uses: peter-evans/create-or-update-comment@v2 72 | with: 73 | issue-number: ${{ github.event.issue.number }} 74 | body: | 75 | Your membership application was correctly PGP signed with a key that is in the Debian keyring :tada:, 76 | and you were were identified via your debian.org email as Debian user `${{ needs.keycheck.outputs.deb-username }}`. 77 | 78 | Please stay tuned until some human administrator accepts your application. 79 | 80 | otheremail: 81 | name: Debian Developer without @debian.org email 82 | runs-on: ubuntu-latest 83 | needs: ["keycheck"] 84 | if: "${{ needs.keycheck.outputs.deb-username == '' }}" 85 | steps: 86 | - name: Post username 87 | uses: peter-evans/create-or-update-comment@v2 88 | with: 89 | issue-number: ${{ github.event.issue.number }} 90 | body: | 91 | Your membership application was correctly PGP signed with a key that is in the Debian keyring :tada:, 92 | although there's no debian.org email associated with that key. 93 | The first user ID in the key is `${{ needs.keycheck.outputs.pgp-userid }}`. 94 | 95 | Please stay tuned until some human administrator accepts your application. 96 | --------------------------------------------------------------------------------