Merge main into development

Author: dacharyc

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,76 @@
+## Issue Description
+
+<!-- Provide a clear and concise description of the issue you're experiencing -->
+
+## Sample App Information
+
+**Which sample app are you using?**
+<!-- Check one -->
+- [ ] Java (Spring Boot)
+- [ ] JavaScript (Express.js)
+- [ ] Python (FastAPI)
+
+## Environment Details
+
+**MongoDB Database Version:**
+<!-- e.g., 7.0, 8.0, etc. -->
+
+**MongoDB Driver Version:**
+<!-- e.g., Java Driver 5.2.0, Node.js Driver 6.10.0, PyMongo 4.10.1, etc. -->
+
+**Deployment Type:**
+<!-- Check one -->
+- [ ] Local MongoDB instance
+- [ ] MongoDB Atlas (cloud)
+- [ ] Docker container
+- [ ] Other (please specify):
+
+**Operating System:**
+<!-- e.g., macOS 14.5, Ubuntu 22.04, Windows 11, etc. -->
+
+**Runtime Version:**
+<!-- e.g., Java 17, Node.js 20.11.0, Python 3.11, etc. -->
+
+## Steps to Reproduce
+
+<!-- Provide detailed steps to reproduce the issue -->
+
+1.
+2.
+3.
+
+## Expected Behavior
+
+<!-- What did you expect to happen? -->
+
+## Actual Behavior
+
+<!-- What actually happened? -->
+
+## Error Messages or Logs
+
+<!-- If applicable, paste any error messages or relevant log output -->
+
+```
+<!-- Paste error messages or logs here -->
+```
+
+## Additional Context
+
+<!-- Add any other context about the problem here, such as:
+- Screenshots
+- Configuration files
+- Network setup
+- Any modifications you made to the sample app
+- Links to relevant documentation
+-->
+
+## Checklist
+
+Before submitting this issue, please confirm:
+
+- [ ] I have checked the README for setup instructions
+- [ ] I have verified my MongoDB connection string is correct
+- [ ] I have installed all required dependencies
+- [ ] I have searched existing issues to avoid duplicates
+

.github/workflows/Security-Notification.yml

@@ -1,32 +1,64 @@
 name: Security Vulnerability Slack Notification
 
-# This workflow runs whenever a Dependabot alert is created or reopened.
 on:
-  dependabot_alert:
-    types: [created, reopened]
+  schedule:
+    - cron: "0 */2 * * *"  # Every 2 hours
+  workflow_dispatch:        # Allow manual trigger from GitHub Actions tab
 
 jobs:
   notify_slack_on_alert:
     runs-on: ubuntu-latest
+
     steps:
-      - name: Send Slack Notification via Direct Curl Payload
+      - name: Fetch Open Dependabot Alerts
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
         run: |
-          MESSAGE_TEXT="*🚨 Dependabot Alert: ${{ github.event.action }} 🚨*\n\n*Vulnerability:* ${{ github.event.alert.security_vulnerability.package.ecosystem }} package *${{ github.event.alert.security_vulnerability.package.name }}*\n*Severity:* ${{ github.event.alert.security_vulnerability.severity }}\n*Repository:* ${{ github.repository }}\n\n*View Details:* ${{ github.event.alert.html_url }}"
+          echo ":mag: Checking for open Dependabot vulnerability alerts..."
           
-          SLACK_PAYLOAD=$(jq -n \
-            --arg text "${MESSAGE_TEXT}" \
-            '{
-              "channel": "#docs-devdocs-notifications",
-              "username": "Dependabot Notifier",
-              "icon_emoji": ":lock:",
-              "text": $text
-            }')
-
-          # 3. Send the request directly to the webhook URL stored as a secret
-          curl -X POST \
-               -H 'Content-type: application/json' \
-               --data "$SLACK_PAYLOAD" \
-               ${{ secrets.SLACK_WEBHOOK }}
-        env:
-          # jq is pre-installed on GitHub runners and is used to safely build the JSON payload.
-          JQ_VERSION: 1.6
+          # Fetch open alerts from GitHub API
+          RESPONSE=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
+            "https://github.com/mongodb/docs-sample-apps/security/dependabot/alerts?state=open")
+
+          ALERT_COUNT=$(echo "$RESPONSE" | jq length)
+          echo "Found $ALERT_COUNT open alerts."
+
+          # Only send Slack message if there are alerts
+          if [ "$ALERT_COUNT" -gt 0 ]; then
+            echo ":warning: Sending Slack notification..."
+
+            MESSAGE_TEXT="*:rotating_light: Dependabot found $ALERT_COUNT open security alert(s) in ${{ github.repository }}!* :rotating_light:\n\n"
+
+            # Loop through each alert to include details
+            for i in $(seq 0 $(($ALERT_COUNT - 1))); do
+              PACKAGE=$(echo "$RESPONSE" | jq -r ".[$i].security_vulnerability.package.name")
+              ECOSYSTEM=$(echo "$RESPONSE" | jq -r ".[$i].security_vulnerability.package.ecosystem")
+              SEVERITY=$(echo "$RESPONSE" | jq -r ".[$i].security_vulnerability.severity")
+              URL=$(echo "$RESPONSE" | jq -r ".[$i].html_url")
+
+              MESSAGE_TEXT+="*Package:* ${PACKAGE} (${ECOSYSTEM})\n"
+              MESSAGE_TEXT+="*Severity:* ${SEVERITY}\n"
+              MESSAGE_TEXT+="*Details:* ${URL}\n\n"
+            done
+
+            # Build Slack payload
+            SLACK_PAYLOAD=$(jq -n \
+              --arg text "$MESSAGE_TEXT" \
+              '{
+                "channel": "#docs-devdocs-notifications",
+                "username": "Dependabot Notifier",
+                "icon_emoji": ":lock:",
+                "text": $text
+              }')
+
+            # Send notification to Slack
+            curl -X POST \
+                 -H 'Content-type: application/json' \
+                 --data "$SLACK_PAYLOAD" \
+                 "$SLACK_WEBHOOK"
+
+            echo ":white_check_mark: Slack notification sent successfully!"
+          else
+            echo ":white_check_mark: No active alerts — no Slack message sent."
+          fi

.github/workflows/new-issue-notify.yml

@@ -0,0 +1,29 @@
+name: Issue Opened Slack Notification
+
+# This workflow runs only when a new issue is opened.
+on:
+  issues:
+    types: [opened]
+
+
+jobs:
+  notify_slack_on_issue:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Slack Notification for New Issue
+        run: |
+          MESSAGE_TEXT="*📢 New Issue Opened in ${{ github.repository }} 📢*\n\n*Issue Title:* ${{ github.event.issue.title }}\n*Opened By:* ${{ github.event.issue.user.login }}\n\n*View Issue:* ${{ github.event.issue.html_url }}"
+
+          SLACK_PAYLOAD=$(jq -n \
+            --arg text "${MESSAGE_TEXT}" \
+            '{
+              "channel": "#docs-devdocs-notifications",
+              "username": "Issue Notifier",
+              "icon_emoji": ":mega:",
+              "text": $text
+            }')
+
+          curl -X POST \
+               -H 'Content-type: application/json' \
+               --data "$SLACK_PAYLOAD" \
+               ${{ secrets.SLACK_WEBHOOK }}

README.md

@@ -1,3 +1,111 @@
 # Docs Sample Apps
 
-A repository of sample applications for the MongoDB documentation.
+A repository of sample applications for the MongoDB documentation. This README
+describes internal details for the repository maintainers. If you are a developer
+having issues with the sample app, please refer to the `Issues` section below.
+
+## Sample Apps
+
+This repository currently contains a single sample app using the `mflix` dataset.
+
+### MFlix Sample App
+
+The sample app provides a Next.js frontend in the `client` directory, with the
+choice of three backend stacks in the `server` directory:
+
+- Java: Spring Boot
+- JavaScript: Express.js
+- Python: FastAPI
+
+```
+├── mflix/
+│   ├── client/               # Next.js frontend - source for all `mflix` sample app backend repos
+│   └── server/
+│       ├── express/          # Express.js backend - source for sample-app-nodejs-mflix
+│       ├── java-spring/      # Java/Spring backend - source for sample-app-java-mflix
+│       └── python/           # Python/FastAPI backend - source for sample-app-python-mflix
+├── README.md
+├── copier-config.yaml
+└── deprecated_examples.json
+```
+
+## Artifact Repositories
+
+This repository serves as the source for the following artifact repositories:
+
+- Java: [mongodb/sample-app-java-mflix](https://github.com/mongodb/sample-app-java-mflix)
+- JavaScript: [mongodb/sample-app-nodejs-mflix](https://github.com/mongodb/sample-app-nodejs-mflix)
+- Python: [mongodb/sample-app-python-mflix](https://github.com/mongodb/sample-app-python-mflix)
+
+## Development
+
+When you merge to `main`, a copier tool copies the source from this repository
+to a target repository for each sample app. For configuration details, refer to
+`copier-config.yaml`.
+
+### Branching Model
+
+For development, work from the `development` branch. Make incremental PRs
+containing new features and bug fixes to `development`, *not* `main`.
+
+When all development work is complete, *then* create a release PR from
+`development` to `main`. Upon merging to `main,` the copier tool runs
+automatically. It creates a new PR in the target repository, which must be
+tested and merged manually.
+
+### Deleting Files
+
+If a PR from `development` to `main` deletes any files, this creates a new
+entry in the `deprecated_examples.json` file. This entry resembles:
+
+```json
+{
+  "filename": "go/gcloud24march_v2.go",
+  "repo": "docs-code-examples-test-target",
+  "branch": "v2.2",
+  "deleted_on": "2025-03-24T18:16:30Z"
+},
+```
+
+The copier tool does not delete files from the target repository. You must
+manually delete files from the target repository that are listed in
+`deprecated_examples.json`. This is an intentional step to avoid accidentally
+deleting files that are referred to in documentation. Review documentation
+references before deleting files.
+
+## Release Process
+
+When you merge a release PR from `development` to `main`, the copier tool
+creates a new PR in the target repository. This PR must be tested and merged
+manually. This is an intentional design choice to ensure:
+
+- The sample app still functions as expected after copying.
+- Any documentation references are updated as part of the release process.
+
+To test and verify the PR, navigate to the target repository - see
+`Artifact Repositories` above. Perform the following checks:
+
+- [ ] Verify that the PR contains the expected changes.
+- [ ] Check out the PR locally.
+  - [ ] Build and test the changes.
+  - [ ] Run the tests
+  - [ ] Run the application and verify that it functions as expected.
+- [ ] Review the `deprecated_examples.json` file for any files that need to be
+  deleted. If files are deleted:
+  - [ ] Add a commit to the copier PR to delete the files from the target repository.
+- [ ] Merge the PR.
+
+## Issues
+
+If you are a developer having issues with the sample app, feel free to open an
+issue in this repository. Please include the following information:
+
+- [ ] The sample app you are using (Java, JavaScript, or Python)
+- [ ] The version of the MongoDB database you are using
+- [ ] The version of the MongoDB driver you are using
+- [ ] What type of deployment you're using (local, Atlas, etc.)
+- [ ] Any other relevant information that might help us reproduce the issue
+
+## Contributions
+
+We are not currently accepting public contributions to this repository.