From 97d571af97fd85a4fcb06d65f535ccfcef6ab6a5 Mon Sep 17 00:00:00 2001 From: Michele Dolfi <97102151+dolfim-ibm@users.noreply.github.com> Date: Thu, 21 Nov 2024 13:59:45 +0100 Subject: [PATCH] chore: add downloads in README, security policy and update ci actions (#401) * add security policy Signed-off-by: Michele Dolfi * update deprecated actions Signed-off-by: Michele Dolfi * add comment about licenses for new dependencies Signed-off-by: Michele Dolfi * add pypi downloads badge Signed-off-by: Michele Dolfi * add citation file Signed-off-by: Michele Dolfi --------- Signed-off-by: Michele Dolfi --- .github/SECURITY.md | 23 +++++++++++++++++++++++ .github/actions/setup-poetry/action.yml | 2 +- .github/workflows/cd.yml | 2 +- .github/workflows/checks.yml | 2 +- .github/workflows/pypi.yml | 2 +- CITATION.cff | 15 +++++++++++++++ CONTRIBUTING.md | 4 ++++ README.md | 1 + 8 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 .github/SECURITY.md create mode 100644 CITATION.cff diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..419e13d --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,23 @@ +# Security and Disclosure Information Policy for the Docling Project + +The Docling team and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +## Reporting a Vulnerability + +If you think you've identified a security issue in an Docling project repository, please DO NOT report the issue publicly via the GitHub issue tracker, etc. + +Instead, send an email with as many details as possible to [deepsearch-core@zurich.ibm.com](mailto:deepsearch-core@zurich.ibm.com). This is a private mailing list for the maintainers team. + +Please do not create a public issue. + +## Security Vulnerability Response + +Each report is acknowledged and analyzed by the core maintainers within 3 working days. + +Any vulnerability information shared with core maintainers stays within the Docling project and will not be disseminated to other projects unless it is necessary to get the issue fixed. + +After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + +## Security Alerts + +We will send announcements of security vulnerabilities and steps to remediate on the [Docling announcements](https://github.com/DS4SD/docling/discussions/categories/announcements). diff --git a/.github/actions/setup-poetry/action.yml b/.github/actions/setup-poetry/action.yml index e9ce697..0bdd730 100644 --- a/.github/actions/setup-poetry/action.yml +++ b/.github/actions/setup-poetry/action.yml @@ -10,7 +10,7 @@ runs: - name: Install poetry run: pipx install poetry==1.8.3 shell: bash - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ inputs.python-version }} cache: 'poetry' diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 9a2bf71..1f0502d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -15,7 +15,7 @@ jobs: outputs: TARGET_TAG_V: ${{ steps.version_check.outputs.TRGT_VERSION }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # for fetching tags, required for semantic-release - uses: ./.github/actions/setup-poetry diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 6cd0d38..1cd08f2 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -8,7 +8,7 @@ jobs: matrix: python-version: ['3.9', '3.10', '3.11', '3.12'] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install tesseract run: sudo apt-get update && sudo apt-get install -y tesseract-ocr tesseract-ocr-eng tesseract-ocr-fra tesseract-ocr-deu tesseract-ocr-spa libleptonica-dev libtesseract-dev pkg-config - name: Set TESSDATA_PREFIX diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index 0d206b2..395f34c 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -15,7 +15,7 @@ jobs: build-and-publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: ./.github/actions/setup-poetry - name: Build and publish run: poetry publish --build --no-interaction --username=__token__ --password=${{ secrets.PYPI_TOKEN }} diff --git a/CITATION.cff b/CITATION.cff new file mode 100644 index 0000000..2a7ca30 --- /dev/null +++ b/CITATION.cff @@ -0,0 +1,15 @@ +# This CITATION.cff file was generated with cffinit. +# Visit https://bit.ly/cffinit to generate yours today! + +cff-version: 1.2.0 +title: Docling +message: 'If you use Docling, please consider citing as below.' +type: software +authors: + - name: Docling Team +identifiers: + - type: url + value: 'https://arxiv.org/abs/2408.09869' + description: 'arXiv:2408.09869' +repository-code: 'https://github.com/DS4SD/docling' +license: MIT diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1adacc2..770b923 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -71,6 +71,10 @@ local git repository using the following command: git commit -s ``` +### New dependencies + +This project strictly adheres to using dependencies that are compatible with the MIT license to ensure maximum flexibility and permissiveness in its usage and distribution. As a result, dependencies licensed under restrictive terms such as GPL, LGPL, AGPL, or similar are explicitly excluded. These licenses impose additional requirements and limitations that are incompatible with the MIT license's minimal restrictions, potentially affecting derivative works and redistribution. By maintaining this policy, the project ensures simplicity and freedom for both developers and users, avoiding conflicts with stricter copyleft provisions. + ## Communication diff --git a/README.md b/README.md index 893b604..f236fc6 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ [![Pydantic v2](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/pydantic/pydantic/main/docs/badge/v2.json)](https://pydantic.dev) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit) [![License MIT](https://img.shields.io/github/license/DS4SD/docling)](https://opensource.org/licenses/MIT) +[![PyPI Downloads](https://static.pepy.tech/badge/docling/month)](https://pepy.tech/projects/docling) Docling parses documents and exports them to the desired format with ease and speed.