adding cve finding and adding release-notes to PR template (#8916)

* adding cve finding and adding release-notes to PR template Signed-off-by: James Strong <strong.james.e@gmail.com> * update cve report with verbiage around open CVEs and not disclosures Signed-off-by: James Strong <strong.james.e@gmail.com> * fix then assignees Signed-off-by: James Strong <strong.james.e@gmail.com> Signed-off-by: James Strong <strong.james.e@gmail.com>
2022-08-24 22:20:05 -04:00 · 2022-08-24 22:20:05 -04:00 · a171d3f0f2
commit a171d3f0f2
parent f34769b543
3 changed files with 55 additions and 3 deletions
--- a/.github/ISSUE_TEMPLATE/cve_report.md
+++ b/.github/ISSUE_TEMPLATE/cve_report.md
@ -0,0 +1,20 @@
 ---
 name: CVE Finding Report
 about: CVE reporting for ingress-nginx
 title: ''
 labels: kind/bug
 assignees:
    - strongjz
    - rikatz
 ---
 <!-- if you found something that impacts directly ingress-nginx and 
 is not a public CVE yet, please reach out security@kubernetes.io" -->
 <!-- What scanner and version reported the CVE? -->
 <!-- What CVE was reported in the scanner findings? -->
 <!-- What versions of the controller did you test with?  -->
 <!-- Please provider other details that will help us determine the severity of the issue -->
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -15,8 +15,6 @@ The announcement in the dev mailing list is here https://groups.google.com/a/kub
 Thank you,
 Ingress-Nginx maintainer
 -->
 <!-- What do you want to happen? -->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -9,6 +9,7 @@
 <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
 - [ ] CVE Report (Scanner found CVE and adding report)
 - [ ] Breaking change (fix or feature that would cause existing functionality to change)
 - [ ] Documentation only
@ -30,5 +31,38 @@ fixes #
 - [ ] My change requires a change to the documentation.
 - [ ] I have updated the documentation accordingly.
 - [ ] I've read the [CONTRIBUTION](https://github.com/kubernetes/ingress-nginx/blob/main/CONTRIBUTING.md) guide
- [ ] I have added tests to cover my changes.
+- [ ] I have added unit and/or e2e tests to cover my changes.
 - [ ] All new and existing tests passed.
 - [ ] Added Release Notes.
 ## Does my pull request need a release note?
 Any user-visible or operator-visible change qualifies for a release note. This could be a:
 - CLI change
 - API change
 - UI change
 - configuration schema change
 - behavioral change
 - change in non-functional attributes such as efficiency or availability, availability of a new platform
 - a warning about a deprecation
 - fix of a previous Known Issue
 - fix of a vulnerability (CVE)
 No release notes are required for changes to the following:
 - Tests
 - Build infrastructure
 - Fixes for unreleased bugs
 For more tips on writing good release notes, check out the [Release Notes Handbook](https://github.com/kubernetes/sig-release/tree/master/release-team/role-handbooks/release-notes)
 <!--
 If no, just write "NONE" in the release-note block below.
 If yes, a release note is required:
 Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
 For more information on release notes see: https://git.k8s.io/community/contributors/guide/release-notes.md
 -->
 ```release-note
 PLACE RELEASE NOTES HERE 
 ```