chore: move community health files to .github/#20
Merged
Conversation
Move CONTRIBUTING.md, CODE_OF_CONDUCT.md, and SECURITY.md from the
repository root to .github/, the GitHub-blessed location for
community health files. GitHub auto-discovers them there with full
feature parity:
* 'Contribute' tab and PR-opening flow find .github/CONTRIBUTING.md
* 'Security' tab and the private vulnerability reporting page find
.github/SECURITY.md
* Code of Conduct detection finds .github/CODE_OF_CONDUCT.md
Files that stay at root and why:
* README.md — pyproject.toml's 'readme' field reads it; PyPI
and GitHub home page convention
* CHANGELOG.md — release-please writes here every release
(changelog-path in release-please-config.json)
* LICENSE — license-detection tools hardcode root path
* NOTICE — Apache-2.0 NOTICE convention is at root
Reference updates:
* README.md:144 — link target → .github/CONTRIBUTING.md
* docs/CI.md:297, 703 — relative-path links → ../.github/CONTRIBUTING.md
* .github/workflows/release.yml:115 — comment text updated
* openspec/specs/ci-infrastructure/spec.md:86 — scenario reference
updated to .github/CONTRIBUTING.md
Sibling links inside the moved files (CONTRIBUTING.md → SECURITY.md
and → CODE_OF_CONDUCT.md) remain valid: all three are now siblings
in .github/, so the relative paths still resolve.
Archived openspec changes under openspec/changes/archive/ are
deliberately NOT updated; they are historical records of changes as
they existed at the time of authoring. Rewriting them would falsify
the project history.
Verified: openspec-validate clean (only ci-release-please-app-auth
active); ruff + cfn-lint clean; grep finds zero lingering
root-relative refs to the moved files in active files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Moves three community health files from the repository root to
.github/, the GitHub-blessed location:GitHub auto-discovers them there with full feature parity to root: the 'Contribute' tab, the 'Security' tab + private vulnerability reporting page, and the Community Standards detection all find them.
Files that stay at root (and why)
README.mdpyproject.toml: readmereads it; PyPI metadata; GitHub home page; 37 cross-refsCHANGELOG.mdchangelog-pathin release-please-config.json)LICENSENOTICENet root reduction: 5 .md → 2 .md (README, CHANGELOG).
Reference updates
README.md:144[CONTRIBUTING.md](CONTRIBUTING.md)→(.github/CONTRIBUTING.md)docs/CI.md:297, 703../CONTRIBUTING.md→../.github/CONTRIBUTING.md.github/workflows/release.yml:115openspec/specs/ci-infrastructure/spec.md:86Sibling links inside the moved files (CONTRIBUTING ↔ SECURITY ↔ CODE_OF_CONDUCT) remain valid: all three are now siblings in
.github/, so the relative paths still resolve.Deliberately not changed
openspec/changes/archive/**— archived openspec changes are historical records. References to root-level files describe the state at the time of authoring; rewriting them would falsify the project history.docs/CI.md:261, 695) — descriptive references, not broken links.Verification
just openspec-validatecleanjust lint(ruff + format + cfn-lint) cleanPost-merge
After merge, you can verify GitHub picked them up correctly at: