document installation via pypi.org, update documentation, fix REUSE

CONTRIBUTING.md

@@ -6,10 +6,16 @@ SPDX-License-Identifier: Apache-2.0
 
 # Contributing to the Open Source Red Flag Checker
 
-Thanks for your interest in our project. Contributions are welcome. Feel free to open an issue with questions or reporting ideas and bugs, or open pull requests to contribute code.
+Thank you for your interest in our project. Contributions are welcome. Feel free to open an issue with questions or reporting ideas and bugs, or open pull requests to contribute code.
 
 We are committed to fostering a welcoming, respectful, and harassment-free environment. Be kind!
 
+## Development setup
+
+Starting development is as easy as installing `poetry` and running `poetry install` once.
+
+In order to run the project in the new virtual environment, run `poetry run ossrfc`.
+
 ## Typical contributions
 
 ### Add a new check
@@ -30,3 +36,15 @@ See commit `cc93fc8b07445e09b5b92de207632d86edc0125d` or
 1. `README.md`
     * Add the new searched data point under the "Searched data" headline
     * Add its analysis under the "Analysis based on data" headline
+
+
+## Release workflow
+
+* Upgrade dependencies: `poetry update`
+* Bump version in `pyproject.toml`
+* Build package: `poetry build`
+* Optional: publish to `test.pypi.org` with `poetry publish -r test-pypi` and test the package: `pip install -i https://test.pypi.org/simple oss-red-flag-checker`
+* Publish to PyPI: `poetry publish` (you may have to set your credentials/API key first)
+* Create Git tag: `git tag -s vx.y.z` (use a minimal message)
+* Push to GitHub
+* Make a release on GitHub

README.md

@@ -23,7 +23,7 @@ This projects evaluates remote repositories by looking for typical red flags lik
 
 ## Features
 
-[![asciicast](https://asciinema.org/a/P4TUlp1f2esZZXrGDWBHyZk3n.svg)](https://asciinema.org/a/P4TUlp1f2esZZXrGDWBHyZk3n)
+[![asciicast](https://asciinema.org/a/TTgMvR8kyzusNCUL7VKlCzIaT.svg)](https://asciinema.org/a/TTgMvR8kyzusNCUL7VKlCzIaT)
 
 ### Searched data
 
@@ -62,32 +62,41 @@ Green flags:
 
 ## Installation
 
-We recommend to run this tool via `poetry` that takes care of installing the correct dependencies in a clean environment.
+You must have the following dependencies installed:
 
+* `git` >= 1.7.0
 * `python` >= 3.8
-* `poetry` >= 1.1.0
+* `pip3`
 
-Inside of the repository, run `poetry install` once and you are ready to go. If you update the repository, run this command again to fetch new versions and dependencies.
+You can install the latest release using pip: `pip3 install oss-red-flag-checker`.
+
+The command to run the program afterwards will be `ossrfc`.
+
+### Install/develop using poetry
+
+You can also run this tool via `poetry` that takes care of installing the correct dependencies in a clean environment. This also makes development very easy. We recommend to have at least poetry 1.1.0. Inside of the repository, run `poetry install` once and you are ready to go. If you update the repository, run this command again to fetch new versions and dependencies.
+
+The command to run the programm will be `poetry run ossrfc`.
 
 ## Usage
 
-You can find all supported flags by running `poetry run ossrfc --help`.
+You can find all supported flags by running `ossrfc --help`.
 
 Basic examples:
 
 ```sh
 # Check a remote repository
-poetry run ossrfc -r https://github.com/hashicorp/terraform
+ossrfc -r https://github.com/hashicorp/terraform
 # Cache the cloned repository so subsequent checks are faster
-poetry run ossrfc -r https://github.com/hashicorp/terraform --cache
+ossrfc -r https://github.com/hashicorp/terraform --cache
 # Return the results as JSON
-poetry run ossrfc -r https://github.com/hashicorp/terraform --json
+ossrfc -r https://github.com/hashicorp/terraform --json
 # Do not check for CLAs and DCOs in pull requests
-poetry run ossrfc -r https://github.com/hashicorp/terraform -d cla-dco-pulls
+ossrfc -r https://github.com/hashicorp/terraform -d cla-dco-pulls
 # Ignore findings about contribution distribution
-poetry run ossrfc -r https://github.com/hashicorp/terraform -i contributions
+ossrfc -r https://github.com/hashicorp/terraform -i contributions
 # Provide a list of repositories to be checked
-poetry run ossrfc -f repos.txt
+ossrfc -f repos.txt
 ```
 
 Here's a possible output in both the Markdown view as well as in JSON:

doc/screencast.sh

@@ -1,15 +1,21 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# SPDX-FileCopyrightText: 2023 DB Systel GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Script to create the asciinema recording:
+# asciinema rec ~/ossrfc.cast -c ./doc/screencast.sh
 
 # You can choose different typed, e.g. pe or pei
-TYPE=pe
+TYPE=pei
 # What to do with comments? : for doing nothing, $TYPE for doing the same as with code
 COMM=":"
 
 . ~/Git/github/demo-magic/demo-magic.sh
 
 clear
 
-$TYPE 'poetry run ossrfc -c -r https://github.com/hashicorp/terraform'
-$TYPE 'poetry run ossrfc -c -r https://github.com/curl/curl'
-$TYPE 'poetry run ossrfc -c -r https://github.com/azure/azure-dev --json | jq ".repositories[0] | {cla_files, cla_pulls}"'
+$TYPE 'ossrfc -c -r https://github.com/hashicorp/terraform'
+$TYPE 'ossrfc -c -r https://github.com/curl/curl'
+$TYPE 'ossrfc -c -r https://github.com/azure/azure-dev --json | jq ".repositories[0] | {cla_files, cla_pulls}"'
 wait

pyproject.toml

@@ -4,7 +4,7 @@
 
 [tool.poetry]
 name = "oss-red-flag-checker"
-version = "0.1.0"
+version = "0.1.1"
 description = "Check remote repositories for typical red flags like CLAs and risks due to low development activity"
 authors = ["Max Mehl <[email protected]>"]
 license = "Apache-2.0"