Improve GitHub community standards

[glatterf42]

Today, I stumbled upon GitHub's guidelines for establishing a healthy community. This PR includes various suggested files to improve the experience of working with message_ix.

Apart from these files, GitHub also suggests to turn on various security features that we had not enabled, so I did that as well. That is why we are seeing new CI checks: GitHub checks if any secrets haven been accidentally included. We also now accept people directly reporting vulnerabilities in our code in private.

One feature I'm not sure is working even though I did enable it is that the repository admins accept content reports (please see here for a check list). Not sure what's going on there, maybe we have to actually work through one report to show we accept them?

How to review

• Read the diff and note that the CI checks all pass.
• Read the new files and check that information is correct and they are helpful.

PR checklist

• Continuous integration checks all ✅
• [ ] Add or expand tests; coverage checks both ✅ Not touching code.
• Add, expand, or update documentation.
• Update release notes.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.6%. Comparing base (00241f6) to head (9e8664d).
Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #871   +/-   ##
=====================================
  Coverage   95.6%   95.6%           
=====================================
  Files         46      46           
  Lines       4344    4344           
=====================================
  Hits        4154    4154           
  Misses       190     190           

[khaeru]

This is all excellent and valuable material. I think it is very good practice to have clear statements of practice like this. It doesn't bind us to keeping things exactly the same forever (we can always update and amend these texts), but helps us notice when our actual practices and intent are starting to diverge.

A few suggested changes, but most of all let's discuss the CoC with the team and ensure we have consensus.

[glatterf42]

Thanks for the suggestion. As recommended in today's weekly meeting, let's try to have as many people as possible on board before introducing a Code of Conduct (CoC). So @iiasa/messageix-devs, please read through the proposed CoC and provide feedback here (or see below for a summary). If you are happy with these guidelines/rules, please leave a thumbs up; if you don't like them, please tell us what specifically you'd like to see changed. Please do this before the 15th of August.

To add some context for the discussion about CoCs:

What is it?

A Code of Conduct (CoC) is intended to outline how everyone in the community should interact, signal a welcoming and inclusive community, and explain how misconduct can be reported/will be handled.

What form can it take?

In principle, this can be any document outlining (at least) the above (e.g. rust has written a unique one and is consistently one of the most popular programming languages).
However, there are some common forms: GitHub itself suggests either the Citizen CoC (for large communities) or the Contributor Covenant (for all sizes); I've also seen the Django CoC being recommended.

How do these compare?

The first two are both rather formal and seem to differ only in details, Django seems more free-form and positive ("be welcoming", etc).
For now, I chose Contributor Covenant because of its popularity: Linux, Google, Microsoft, Mozilla, xarray, ruff and thousands of other projects use it and there's an official badge to use. This means people will likely know what we are aiming for as soon as they see the badge, if they are at all familiar with the topic.

What needs to be done?

The main thing we would need to agree on: everyone should follow the outlined rules and take an active role in reporting misconduct, so that we actually enforce the CoC. For the Contributor Covenant, this means:

• Demonstrating empathy and kindness toward other people
• Being respectful of differing opinions, viewpoints, and experiences
• Giving and gracefully accepting constructive feedback
• Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
• Focusing on what is best not just for us as individuals, but for the overall community
• And reporting for example:
  • The use of sexualized language or imagery, and sexual attention or advances of any kind
  • Trolling, insulting or derogatory comments, and personal or political attacks
  • Public or private harassment
  • Publishing others' private information, such as a physical or email address, without their explicit permission
  • Other conduct which could reasonably be considered inappropriate in a professional setting