diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..998fda57 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,21 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Include Markdown files in GitHub's file statistics for this repo. +*.md linguist-detectable + +# Exclude config files from GitHub's file statistics. Most are YAML files and +# Linguist already treats .yaml files as data, so only add some exceptions. +.markdownlintrc linguist-documentation +.shfmt linguist-documentation diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 466bbae4..77bd1bf1 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,19 +1,25 @@ # Reporting security issues -The ReCirq developers and community take security bugs in ReCirq seriously. -We appreciate your efforts to responsibly disclose your findings, and will make -every effort to acknowledge your contributions. +This project's developers and community are committed to addressing security +bugs promptly and effectively. We appreciate your efforts to disclose your +findings responsibly, and will make every effort to acknowledge your +contributions. Please **do not** use GitHub issues to report security vulnerabilities; GitHub issues are public, and doing so could allow someone to exploit the information -before the problem can be addressed. Instead, please use the GitHub ["Report -a Vulnerability"](https://github.com/quantumlib/recirq/security/advisories/new) -interface from the _Security_ tab of the ReCirq repository. +before the problem can be addressed. Instead, please use the *Report a +vulnerability* interface from the *Security* tab at the top of this GitHub +repository page. + +
+Location of the report button on the repository page +
Please report security issues in third-party modules to the person or team -maintaining the module rather than the project stewards, unless you -believe that some action needs to be taken with ReCirq in order to guard -against the effects of a security vulnerability in a third-party module. +maintaining the module rather than this project's stewards, unless you believe +that some action needs to be taken specifically with this project in order to +guard against the effects of a security vulnerability in third-party software. ## Responses to security reports @@ -27,4 +33,4 @@ announcement, and may ask for additional information or guidance. Please contact the project stewards at Google Quantum AI via email at quantum-oss-maintainers@google.com if you have questions or other concerns. If for any reason you are uncomfortable reaching out to the project stewards, -please email opensource@google.com. +please email opensource@google.com instead. diff --git a/.github/report-vulnerability-button.png b/.github/report-vulnerability-button.png new file mode 100644 index 00000000..bfaabdce Binary files /dev/null and b/.github/report-vulnerability-button.png differ diff --git a/.gitignore b/.gitignore index a4a1468f..e28c8ff5 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,6 @@ docs/generated # Default pycharm virtual env .venv/ + +# File created by write-ci-requirements.py +ci-requirements.txt