Docs: Update repo templates (microsoft#4677)

Author: StephanTLavavej

CODE_OF_CONDUCT.md

@@ -0,0 +1,10 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [[email protected]](mailto:[email protected]) with questions or concerns
+- Employees can reach out at [aka.ms/opensource/moderation-support](https://aka.ms/opensource/moderation-support)

CONTRIBUTING.md

@@ -55,8 +55,8 @@ so we can determine whether the license is compatible and whether any other step
 # Code of Conduct
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
+
+See [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for more information.
 
 [label:"good first issue"]:
    https://github.com/microsoft/STL/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22

README.md

@@ -512,8 +512,9 @@ See [CONTRIBUTING.md][] for more information.
 
 # Code Of Conduct
 
-This project has adopted the [Microsoft Open Source Code of Conduct][]. For more information see the
-[Code of Conduct FAQ][] or contact [[email protected]][] with any additional questions or comments.
+This project has adopted the [Microsoft Open Source Code of Conduct][].
+
+See [CODE_OF_CONDUCT.md][] for more information.
 
 # License
 
@@ -524,7 +525,7 @@ SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 [Changelog]: https://github.com/microsoft/STL/wiki/Changelog
 [clang-format]: https://clang.llvm.org/docs/ClangFormat.html
 [CMake]: https://cmake.org/download
-[Code of Conduct FAQ]: https://opensource.microsoft.com/codeofconduct/faq/
+[CODE_OF_CONDUCT.md]: CODE_OF_CONDUCT.md
 [Compiler Explorer]: https://godbolt.org
 [CONTRIBUTING.md]: CONTRIBUTING.md
 [Developer Community]: https://aka.ms/feedback/report?space=62
@@ -555,6 +556,5 @@ SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 [libcxx]: https://libcxx.llvm.org
 [lit]: https://llvm.org/docs/CommandGuide/lit.html
 [lit result codes]: https://llvm.org/docs/CommandGuide/lit.html#test-status-results
-[[email protected]]: mailto:[email protected]
 [redistributables]: https://learn.microsoft.com/en-US/cpp/windows/latest-supported-vc-redist
 [natvis documentation]: https://learn.microsoft.com/en-us/visualstudio/debugger/create-custom-views-of-native-objects

SECURITY.md

@@ -1,46 +1,41 @@
-<!-- BEGIN MICROSOFT SECURITY.MD V0.0.1 BLOCK -->
-
-## Security
-
-Microsoft takes the security of our software products and services seriously, which includes all source code
-repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft),
-[Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet),
-[Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/).
-
-If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's
-[definition](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security
-vulnerability, please report it to us as described below.
-
-## Reporting Security Issues
-
-**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the
-Microsoft Security Response Center at [[email protected]](mailto:[email protected]). If possible, encrypt your
-message with our PGP key; please download it from the
-[Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155).
-
-You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we
-received your original message. Additional information can be found at
-[microsoft.com/msrc](https://www.microsoft.com/msrc).
-
-Please include the requested information listed below (as much as you can provide) to help us better understand the
-nature and scope of the possible issue:
-
-  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-  * Full paths of source file(s) related to the manifestation of the issue
-  * The location of the affected source code (tag/branch/commit or direct URL)
-  * Any special configuration required to reproduce the issue
-  * Step-by-step instructions to reproduce the issue
-  * Proof-of-concept or exploit code (if possible)
-  * Impact of the issue, including how an attacker might exploit the issue
-
-This information will help us triage your report more quickly.
-
-## Preferred Languages
-
-We prefer all communications to be in English.
-
-## Policy
-
-Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
-
-<!-- END MICROSOFT SECURITY.MD BLOCK -->
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.9 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet) and [Xamarin](https://github.com/xamarin).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/security.md/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/security.md/msrc/create-report).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/security.md/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

tools/validate/validate.cpp

@@ -212,6 +212,12 @@ int main() {
         L".obj"sv,
     };
 
+    // CODE_OF_CONDUCT.md and SECURITY.md are copied exactly from https://github.com/microsoft/repo-templates
+    static constexpr array skipped_relative_paths{
+        LR"(.\CODE_OF_CONDUCT.md)"sv,
+        LR"(.\SECURITY.md)"sv,
+    };
+
     // make sure someone doesn't accidentally include a diff in the tree
     static constexpr array bad_extensions{
         L".diff"sv,
@@ -228,6 +234,7 @@ int main() {
 
     static_assert(ranges::is_sorted(skipped_directories));
     static_assert(ranges::is_sorted(skipped_extensions));
+    static_assert(ranges::is_sorted(skipped_relative_paths));
     static_assert(ranges::is_sorted(bad_extensions));
     static_assert(ranges::is_sorted(tabby_filenames));
     static_assert(ranges::is_sorted(tabby_extensions));
@@ -252,6 +259,10 @@ int main() {
 
         const wstring& relative_path = filepath.native();
 
+        if (ranges::binary_search(skipped_relative_paths, relative_path)) {
+            continue;
+        }
+
         constexpr size_t maximum_relative_path_length = 120;
         if (relative_path.size() > maximum_relative_path_length) {
             validation_failure(any_errors, filepath, "filepath is too long ({} characters; the limit is {}).",