From 8e892606699b03533931382f65afcf6fd2f32f3d Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Wed, 11 Oct 2023 09:33:02 +0100 Subject: [PATCH 01/16] Onboard testutil --- profile/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/profile/README.md b/profile/README.md index 744f884..389c20d 100644 --- a/profile/README.md +++ b/profile/README.md @@ -6,6 +6,7 @@ Community organisation for the Go OpenAPI code generator, [deepmap/oapi-codegen] - [deepmap/oapi-codegen](https://github.com/deepmap/oapi-codegen) - [oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) +- [oapi-codegen/testutil](https://github.com/oapi-codegen/testutil) - [oapi-codegen/nethttp-middleware](https://github.com/oapi-codegen/nethttp-middleware) - [oapi-codegen/fiber-middleware](https://github.com/oapi-codegen/fiber-middleware) - [oapi-codegen/iris-middleware](https://github.com/oapi-codegen/iris-middleware) From a22ffa3f84bedb675b8459b97fe83826c7b65f60 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Mon, 6 Nov 2023 15:55:45 +0000 Subject: [PATCH 02/16] Add base Release Drafter configuration Via https://github.com/wiremock/.github/blob/ed5281ac78d1fe1d7ff0f4e8e786657d2dc82e39/.github/release-drafter.yml --- .github/release-drafter.yml | 42 +++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/release-drafter.yml diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..2f878d6 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,42 @@ +# Configuration for Release Drafter: https://github.com/toolmantim/release-drafter +name-template: $NEXT_PATCH_VERSION +tag-template: $NEXT_PATCH_VERSION + +# Emoji reference: https://gitmoji.carloscuesta.me/ +categories: + - title: ☢️ Breaking changes + labels: + - "☢️ breaking change" + - title: 🚀 New features and improvements + labels: + - enhancement + - title: 🐛 Bug fixes + labels: + - bug + - title: 📝 Documentation updates + labels: + - documentation + - title: 👻 Maintenance + labels: + - chore + - maintenance + - title: 🚦 Tests + labels: + - test + - title: ✍ Other changes + - title: 📦 Dependency updates + labels: + - dependencies + collapse-after: 5 +exclude-labels: + - skip-changelog + - invalid + +template: | + + $CHANGES + +autolabeler: + - label: 'documentation' + files: + - '*.md' From f455930b3d113e88451ed8c35778e0879b92f9e8 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Tue, 14 Nov 2023 16:16:33 +0000 Subject: [PATCH 03/16] Add Security to release notes --- .github/release-drafter.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 2f878d6..564ba09 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -28,6 +28,9 @@ categories: labels: - dependencies collapse-after: 5 + - title: 🔐 Security + labels: + - "🔐 security" exclude-labels: - skip-changelog - invalid From d18224f3b7ca3251b042996456f65894738f4f20 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Fri, 12 Apr 2024 09:53:46 +0100 Subject: [PATCH 04/16] Add `nullable` --- profile/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/profile/README.md b/profile/README.md index 389c20d..df8bed0 100644 --- a/profile/README.md +++ b/profile/README.md @@ -6,6 +6,7 @@ Community organisation for the Go OpenAPI code generator, [deepmap/oapi-codegen] - [deepmap/oapi-codegen](https://github.com/deepmap/oapi-codegen) - [oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) +- [oapi-codegen/nullable](https://github.com/oapi-codegen/nullable) - [oapi-codegen/testutil](https://github.com/oapi-codegen/testutil) - [oapi-codegen/nethttp-middleware](https://github.com/oapi-codegen/nethttp-middleware) - [oapi-codegen/fiber-middleware](https://github.com/oapi-codegen/fiber-middleware) From d31728b7a634a798003ed43beb26d43aec7a00a3 Mon Sep 17 00:00:00 2001 From: Marcin Romaszewicz Date: Wed, 5 Jun 2024 10:59:38 +0200 Subject: [PATCH 05/16] Update README.md --- profile/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profile/README.md b/profile/README.md index df8bed0..d8bc5b7 100644 --- a/profile/README.md +++ b/profile/README.md @@ -4,7 +4,7 @@ Community organisation for the Go OpenAPI code generator, [deepmap/oapi-codegen] ## Projects -- [deepmap/oapi-codegen](https://github.com/deepmap/oapi-codegen) +- [oapi-codegen/oapi-codegen](https://github.com/oapi-codegen/oapi-codegen) - [oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) - [oapi-codegen/nullable](https://github.com/oapi-codegen/nullable) - [oapi-codegen/testutil](https://github.com/oapi-codegen/testutil) From f20cd1ceaff6606965da0f4fe037b3c1eba47ac7 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Wed, 5 Jun 2024 10:09:18 +0100 Subject: [PATCH 06/16] Update README.md --- profile/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profile/README.md b/profile/README.md index d8bc5b7..d141bef 100644 --- a/profile/README.md +++ b/profile/README.md @@ -1,6 +1,6 @@ # oapi-codegen -Community organisation for the Go OpenAPI code generator, [deepmap/oapi-codegen](https://github.com/deepmap/oapi-codegen) and its related projects. +Community organisation for the Go OpenAPI code generator, [oapi-codegen/oapi-codegen](https://github.com/oapi-codegen/oapi-codegen) and its related projects. ## Projects From 9bb1794afa9140c67fb2636237c4fe68d474d257 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Sun, 25 Aug 2024 11:18:55 +0100 Subject: [PATCH 07/16] docs: add "notable features" section --- .github/release-drafter.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 564ba09..78ba043 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -7,6 +7,9 @@ categories: - title: ☢️ Breaking changes labels: - "☢️ breaking change" + - title: 🎉 Notable changes + labels: + - "notable changes" - title: 🚀 New features and improvements labels: - enhancement From 9b0e7c4a164039c60bf9ba7273460752dee98bda Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Sun, 25 Aug 2024 11:20:58 +0100 Subject: [PATCH 08/16] docs: add sponsors to our release notes With a note to fill it in manually. --- .github/release-drafter.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 78ba043..29ddab4 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -39,9 +39,27 @@ exclude-labels: - invalid template: | - $CHANGES + ## Sponsors + + We would like to thank our sponsors for their support during this release. + + > [!CAUTION] + > Please make sure that all the current sponsors (from our README) are added here. + + i.e. + +

+ + + + + Elastic logo + + +

+ autolabeler: - label: 'documentation' files: From 96f79b08cd70fadf504f82e166b8fab7ef032656 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Sun, 25 Aug 2024 11:25:34 +0100 Subject: [PATCH 09/16] docs: update Sponsors release notes explanation --- .github/release-drafter.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 29ddab4..3bdca9f 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -47,15 +47,18 @@ template: | > [!CAUTION] > Please make sure that all the current sponsors (from our README) are added here. + > + > Please also note that the URLs will need pinning to the release we're about to publish. i.e.

- - - Elastic logo + .github/sponsors/devzero-dark.svg + + + Elastic logo

From ffcca4dbd18024173cf113cff4bdec759a22c177 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Sun, 25 Aug 2024 11:28:13 +0100 Subject: [PATCH 10/16] docs: add a note about how to do "Notable Changes" --- .github/release-drafter.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 3bdca9f..e6a593b 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -39,6 +39,9 @@ exclude-labels: - invalid template: | + > [!CAUTION] + > Please fill out the "Notable Changes" section with information about each of the features, for instance how https://github.com/oapi-codegen/oapi-codegen/releases/tag/v2.2.0 was done + $CHANGES ## Sponsors From 43c43b157feef53277c6d7e7fa8dc2575f56e6f2 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Fri, 20 Sep 2024 21:08:40 +0100 Subject: [PATCH 11/16] Remove accidental line --- .github/release-drafter.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index e6a593b..1ec8eaf 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -58,7 +58,6 @@ template: |

- .github/sponsors/devzero-dark.svg Elastic logo From e3b8d1fd11c17a0f1a3e5a4e56fc009541d3a2c0 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Mon, 21 Oct 2024 14:44:12 +0100 Subject: [PATCH 12/16] Add organisation-level `FUNDING` To then show up on all repos by default. --- .github/FUNDING.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..9fde76a --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,4 @@ +github: +- oapi-codegen +- jamietanna +open_collective: oapi-codegen From 2c43ca0f551521cea79e386d266c0e5c08e6a8f3 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Mon, 7 Apr 2025 15:44:14 +0100 Subject: [PATCH 13/16] docs: update projects --- profile/README.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/profile/README.md b/profile/README.md index d141bef..e437904 100644 --- a/profile/README.md +++ b/profile/README.md @@ -4,12 +4,25 @@ Community organisation for the Go OpenAPI code generator, [oapi-codegen/oapi-cod ## Projects +`oapi-codegen` is primarily operated out of two core projects: + - [oapi-codegen/oapi-codegen](https://github.com/oapi-codegen/oapi-codegen) - [oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) -- [oapi-codegen/nullable](https://github.com/oapi-codegen/nullable) -- [oapi-codegen/testutil](https://github.com/oapi-codegen/testutil) + +Additionally, there are the following HTTP middleware bindings for performing request/response validation against the OpenAPI spec: + - [oapi-codegen/nethttp-middleware](https://github.com/oapi-codegen/nethttp-middleware) - [oapi-codegen/fiber-middleware](https://github.com/oapi-codegen/fiber-middleware) - [oapi-codegen/iris-middleware](https://github.com/oapi-codegen/iris-middleware) - [oapi-codegen/echo-middleware](https://github.com/oapi-codegen/echo-middleware) - [oapi-codegen/gin-middleware](https://github.com/oapi-codegen/gin-middleware) + +## Non-OpenAPI projects + +Additionally, there is [the `nullable` package](https://github.com/oapi-codegen/nullable): + +> An implementation of a `Nullable` type for JSON bodies, indicating whether the field is absent, set to `null`, or set to a value + +And the lesser used `testutil` project, which can provide a more fluent means to create HTTP requests, and validate them: + +- [oapi-codegen/testutil](https://github.com/oapi-codegen/testutil) From b97716be0217cf04741bfcb1ad9038dd55a22385 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Sat, 10 May 2025 16:10:44 +0100 Subject: [PATCH 14/16] docs: link to governance --- profile/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/profile/README.md b/profile/README.md index e437904..0289400 100644 --- a/profile/README.md +++ b/profile/README.md @@ -2,6 +2,8 @@ Community organisation for the Go OpenAPI code generator, [oapi-codegen/oapi-codegen](https://github.com/oapi-codegen/oapi-codegen) and its related projects. +The project is maintained in according to [its governance](https://github.com/oapi-codegen/governance/). + ## Projects `oapi-codegen` is primarily operated out of two core projects: From c938bb6d1b0c18b8e67fac51afae35f912c86948 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Wed, 24 Sep 2025 17:25:09 +0100 Subject: [PATCH 15/16] docs: add `SECURITY.md` As a first step towards providing a basis for a more secure project, we can introduce an org-level `SECURITY.md` to cover all projects in the organisation. Closes https://github.com/oapi-codegen/governance/issues/7 --- SECURITY.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..6dc560d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,49 @@ +# Security Policy + +As a key component in the implementation of API clients and servers, [`oapi-codegen`](https://github.com/oapi-codegen/oapi-codegen) is in an critical position to keep secure. + +## Supported versions + +Only `oapi-codegen`'s latest minor version is generally supported. + +Related: [`oapi-codegen`'s support model (`SUPPORT.md`)](./SUPPORT.md) + +However, depending on the severity of a given security vulnerability, there may be case(s) where this would lead to a backport of the patch on a currently unsupported version. + +## Reporting Security Issues + + + +If you believe you have found a security vulnerability in `oapi-codegen` or any of the related projects in [the `oapi-codegen` GitHub organisation](https://github.com/oapi-codegen/), please report it to us through coordinated disclosure. + +> [!IMPORTANT] +> **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** + +Please report the vulnerability through the GitHub security advisories page. + +For instance, for the core `oapi-codegen` CLI, you would report it [on this page](https://github.com/oapi-codegen/oapi-codegen/security/advisories/). + +Please include as much of the information listed below as you can to help us better understand and resolve the issue: + +* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) +* Full paths of source file(s) related to the manifestation of the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +## CVEs in dependencies + +If a dependency that `oapi-codegen` (or its child projects) contains a CVE, we will look to patch that dependency in the following cases: + +- The dependency's CVE is exploitable using static analysis, via [`govulncheck`](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) +- The dependency's CVE requires a mix of some code changes and a version bump to address the CVE +- If we are generally updating dependencies (for instance part of general hygiene or as part of updating dependencies ahead of a release) + +> [!NOTE] +> Given the Go ecosystem allows projects to override dependency updates, this allows consumers of `oapi-codegen` to upgrade dependencies separate to `oapi-codegen` making changes upstream. +> +> We will strive to make sure that we do update these dependencies on a regular basis, but until a fix or release is made From 6595a981a0cd6aaa701c75eb986e7b7fba69e555 Mon Sep 17 00:00:00 2001 From: Jamie Tanna Date: Thu, 25 Sep 2025 16:48:24 +0100 Subject: [PATCH 16/16] docs: correct link to `SUPPORT.md` --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 6dc560d..a332ff2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ As a key component in the implementation of API clients and servers, [`oapi-code Only `oapi-codegen`'s latest minor version is generally supported. -Related: [`oapi-codegen`'s support model (`SUPPORT.md`)](./SUPPORT.md) +Related: [`oapi-codegen`'s support model (`SUPPORT.md`)](https://github.com/oapi-codegen/oapi-codegen/blob/HEAD/SUPPORT.md) However, depending on the severity of a given security vulnerability, there may be case(s) where this would lead to a backport of the patch on a currently unsupported version.