merge master

.github/workflows/release.yml

@@ -0,0 +1,44 @@
+name: Release
+on: push
+jobs:
+  test:
+    runs-on: ubuntu-18.04
+    strategy:
+      matrix:
+        go: ['1.11', '1.12', '1.13']
+    name: Go ${{ matrix.go }} test
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ matrix.go }}
+      - run: go run main.go
+  build:
+    runs-on: ubuntu-18.04
+    needs: test
+    strategy:
+      matrix:
+        go: ['1.11', '1.12', '1.13']
+    name: Go ${{ matrix.go }} build
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ matrix.go }}
+      - run: go run main.go
+  release:
+    runs-on: ubuntu-18.04
+    needs: [test, build]
+    steps:
+    - name: Source checkout
+      uses: actions/checkout@v1
+      with:
+        fetch-depth: 1
+    - name: Release
+      shell: bash
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        npx semantic-release

.gitignore

@@ -13,3 +13,4 @@
 
 **/__debug_bin
 .vscode
+.DS_Store

.releaserc.js

@@ -0,0 +1,7 @@
+module.exports = {
+    branch: 'master',
+    plugins: [ 
+        "@semantic-release/commit-analyzer",
+        "@semantic-release/release-notes-generator"
+    ]
+  };

README.md

@@ -1,2 +1,6 @@
 # oidc
+
+[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)]
+![Release Badge](https://github.com/caos/oidc/workflows/Release/badge.svg)
+
 OpenID Connect SDK (client and server) for Go

SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policy
+
+At caos we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
+
+## Supported Versions
+
+After the initial Release the following version support will apply
+
+| Version | Supported                               |
+| ------- | ------------------                      |
+| 1.x.x   | :white_check_mark: (note yet available) |
+| 0.x.x   | :x:                                     |
+
+## Reporting a vulnerability
+
+To file a incident, please disclose by email to security@caos.ch with the security details.
+
+At the moment GPG encryption is no yet supported, however you may sign your message at will.
+
+### When should I report a vulnerability
+
+* You think you discovered a ...
+  * ... potential security vulnerability in the SDK
+  * ... vulnerability in another project that this SDK bases on
+* For projects with their own vulnerability reporting and disclosure process, please report it directly there
+
+### When should I NOT report a vulnerability
+
+* You need help applying security related updates
+* Your issue is not security related
+
+## Security Vulnerability Response
+
+TBD
+
+## Public Disclosure
+
+All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/oidc/security/advisories)
+
+### Timing
+
+We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days.

main.go

@@ -0,0 +1,5 @@
+package main
+import "fmt"
+func main() {
+    fmt.Println("hello world")
+}