Rust Staging Lab

A small Rust-first staging area for learning GitHub, tooling, automation, repository hygiene, and future app or CLI ideas.

Repository

Public repository: https://github.com/jjoanna2-debug/test-project-tbd

Clone URL:

git clone https://github.com/jjoanna2-debug/test-project-tbd.git

Purpose

This repository is used for experimenting with GitHub workflows and basic project setup.

It is not a production system, commercial product, managed service, professional recommendation, security tool, or operational dependency.

Start here

If you are new to GitHub, read START_HERE.md first. It explains the files in this repository, the basic GitHub words, and a tiny practice plan.

For hands-on setup and workflow notes, read:

• docs/LOCAL_SETUP.md
• docs/GITHUB_WORKFLOW.md
• docs/PROJECT_STRUCTURE.md

Starter project

This repository now uses a small Rust starter instead of a static web page:

Cargo.toml
Cargo.lock
src/main.rs
src/bin/check_repo.rs
scripts/doctor.sh

Edit the Rust or shell files to practice commits, branches, pull requests, and checks. The Rust code is intentionally small for now; it is a staging point, not a finished product.

What The Doctor Checks

src/bin/check_repo.rs is the main project-specific tool in this repository. It verifies that the public repository stays small, readable, and safe to practice with:

• required project, policy, documentation, GitHub, Rust, and script files exist;
• expected Rust safety references stay in place;
• issue evidence artifacts are explicitly marked as redacted;
• common sensitive filenames are not committed;
• private-key blocks, GitHub-token shapes, AWS access-key shapes, and generic secret assignments are flagged;
• GitHub Actions workflows avoid broad write permissions;
• third-party GitHub Actions are pinned to full commit SHAs.

Run it locally with:

bash scripts/doctor.sh

Passing output:

Repository check passed.
Doctor check passed.

Current scope

• Repository setup
• Beginner onboarding
• README structure
• Rust starter project
• Rust-native repository doctor and shell wrapper
• License and disclaimer hygiene
• GitHub workflow practice
• Basic public-repository policy files
• Issue and pull request templates
• Basic GitHub Actions smoke checks
• Weekly Dependabot checks for GitHub Actions and Cargo
• Local and CI guards for common secret patterns, sensitive filenames, redacted evidence artifacts, workflow permissions, and pinned GitHub Actions
• Funding status note

Important notices

This repository is provided for learning, testing, and experimentation only. Use of this repository or its contents is voluntary and entirely at your own risk.

This repository is not production software, not professional advice, not a managed service, not a security product, not audited, not supported, and not guaranteed to be accurate, complete, secure, maintained, or suitable for any purpose.

Do not use this repository with production credentials, secrets, private keys, API tokens, personal data, confidential information, customer data, regulated data, business-critical workflows, or security-sensitive systems.

Policies and project files

• LICENSE — Apache License 2.0 terms
• NOTICE — copyright and project attribution notice
• LEGAL_NOTICES.md — plain-language license and public-use boundaries
• DISCLAIMER.md — warranty, liability, professional-advice, and risk disclaimer
• SECURITY.md — security policy and no-support expectations
• SUPPORT.md — support and maintenance boundaries
• CONTRIBUTING.md — contribution rules and sensitive-information restrictions
• CODE_OF_CONDUCT.md — participation and moderation expectations
• SPONSORS.md — funding status and no-benefits clarification
• CHANGELOG.md — chronological repository change notes
• ROADMAP.md — future learning path and project ideas
• docs/PROJECT_STRUCTURE.md — current file layout

GitHub workflow helpers

This repository includes:

• issue templates for bugs, features, and documentation tasks;
• a pull request template;
• a basic GitHub Actions workflow;
• a small Rust test;
• Rust and shell local checks;
• weekly Dependabot checks for GitHub Actions and Cargo;
• public-repository hardening checks for secrets, redacted evidence artifacts, and GitHub workflow safety;
• CODEOWNERS review visibility;
• .editorconfig and .gitattributes for cleaner editing and diffs.

Funding status

This repository does not currently expose active GitHub funding links. If funding is enabled later, any support will remain voluntary and will not create support, maintenance, consulting, service-level, feature, priority, warranty, or commercial obligations. See SPONSORS.md.

A placeholder .github/FUNDING.yml exists for future funding metadata only.

Next steps

• Edit the Rust starter
• Create a branch
• Make commits
• Open a pull request
• Review the GitHub Actions result
• Merge the pull request
• Read the changelog and roadmap

License

This project is licensed under the Apache License 2.0. See LICENSE for the full license text and LEGAL_NOTICES.md for plain-language context.

Copyright and project attribution are listed in NOTICE.

Disclaimer

This repository is provided on an "as is" and "as available" basis for learning, testing, and experimentation purposes only. See DISCLAIMER.md for additional clarification.