Best practice: Container should execute process(es) as a non-root user

.github/.wordlist.txt

@@ -0,0 +1,253 @@
+Abdel
+ABMF
+agentpoyo
+Aiden
+AMF
+Anuket
+APIs
+approvers
+aspirational
+Atomicity
+Automatable
+Badging
+Bartolini
+Bernier
+BGP
+Billingsley
+blockquote
+bryanl
+BSO
+Calin
+carte
+Caywood
+Cbkhare
+CBPP
+CBPPs
+CCS
+CGF
+CHF
+Chitrabasu
+Chunghwa
+cJtJgCTqViH
+claudiobartolini
+Clément
+cloudified
+cloudnativecon
+CNCF
+CNF
+CNFs
+CNI
+CNPD
+conformant
+constrasted
+CRDs
+creativecommons
+CRI
+Cristian
+Csatari
+CsatariGergely
+CSP
+CSP's
+CSPs
+dataplane
+deliverables
+Deutsche
+dev
+DevOps
+discoverability
+divestments
+DNS
+drawbacksalternatives
+eg
+electrocucaracha
+Equinix
+ETSI
+failover
+fkautz
+forklifted
+fRkx
+Ganbar
+GC
+Gergely
+getters
+GitOps
+GL
+Gojnic
+golang
+Goygal
+hackmd
+Haiby
+href
+hthFb
+https
+Huawei
+hypervised
+iawells
+Ildiko
+ildikov
+img
+impactful
+InfraCloud
+infracloudio
+Infrastucture
+installable
+IOV
+Jambi
+jeffsaelens
+Joshi
+JPUOulYfxA
+jungy
+Kautz
+KEP
+Khare
+Kivlin
+kube
+KubeCon
+kubenative
+kubernetes
+kwJOrsc
+learnk
+lifecycle
+Lifecycle
+Liles
+linuxfoundation
+Liron
+lixuna
+Lucina
+LVAQCC
+Maciej
+Makefile
+MANO
+MATRIXX
+Merz
+michaelspedersen
+Michal
+microservice
+microservices
+Miklus
+Miroslav
+mkr
+mmiklus
+namespace
+namespaces
+nativeness
+NFs
+NFV
+NFVi
+nickolaev
+NICs
+Nikolaev
+Nikolay
+NNNN
+notesconstraintscaveats
+Nussbaumer
+observability
+ol
+onboarding
+OSS
+overrepresented
+OVP
+Pankaj
+Passcode
+PCF
+Pedersen
+Petar
+petorre
+pgoyal
+philipperobin
+PLj
+PNF
+png
+Postconditions
+pre
+prem
+PRs
+pSMVZGQmNRemEwUk
+PV
+pwd
+PyMYvw
+qrOn
+Rabi
+Ranny
+rannyh
+reachability
+README
+repo
+RFPs
+rmerz
+roadmap
+Ronan
+runtime
+runtimes
+Saelens
+scalable
+sched
+Sewera
+Sheetal
+sheetaljoshi
+SIG
+signoff
+SIGs
+sishbi
+Skrocki
+SLA
+SMF
+Smitholi
+snetworkplumbingwg
+src
+sronanrh
+stateful
+Stricko
+svg
+Swisscom
+Tal
+tbd
+TBD
+TCP
+telco
+telecom
+Telekom
+testsuite
+timeframe
+tliron
+toc
+tokt
+Toktonaliev
+tolerations
+tomkivlin
+Torre
+Tradeoffs
+tradeoffsconstraintscaveatsnotes
+txt
+UC
+UE
+uncomment
+upgradeable
+uptime
+Vancsa
+VCS
+virtualize
+Virtualized
+VMware
+VNF
+VNFs
+Vodafone
+VPNs
+VRF
+VRFs
+VTMrSjRWQ
+Vuk
+vukg
+Vulk
+wavell
+WG
+WG's
+WGs
+wiH
+WIP
+writeup
+XDP
+xyz
+yaml
+YFimQftjkTUsxNGTsKdakvP
+yzYM

.github/workflows/linter.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - uses: github/super-linter@v3
+      - uses: github/super-linter@v4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           LINTER_RULES_PATH: /

.github/workflows/reviewdog.yml → .github/workflows/spell.yml

@@ -8,12 +8,21 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 
-name: Run misspell with reviewdog
+name: Run misspell
 # yamllint disable-line rule:truthy
 on: [push, pull_request]
+
 jobs:
-  build:
+  check-reviewdog:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - uses: reviewdog/action-misspell@v1
+        with:
+          github_token: ${{ secrets.github_token }}
+  check-spellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: igsekor/pyspelling-any@v0.0.2
+        name: Spellcheck

.gitignore

@@ -8,3 +8,4 @@
 super-linter.log
 # IDEA files
 .idea/
+dictionary.dic

.spellcheck.yml

@@ -0,0 +1,22 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2021
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+matrix:
+  - name: markdown
+    dictionary:
+      wordlists:
+        - .github/.wordlist.txt
+    pipeline:
+      - pyspelling.filters.markdown:
+    sources:
+      - '**/*.md'
+    aspell:
+      lang: en
+      ignore-case: true

README.md

@@ -4,7 +4,7 @@ The Cloud Native Network Function WG (CNF WG) operates under the aegis of CNCF.
 
 The primary goal for this group is to provide a set of cloud native + Kubenative best practices for network applications.
 
-The [CNF WG Charter](charter.md) futher outlines the scope of our group activities as well as intended deliverables.
+The [CNF WG Charter](charter.md) further outlines the scope of our group activities as well as intended deliverables.
 
 The [CNF Test Suite](https://github.com/cncf/cnf-testsuite) will support testing a set of these best practices to allow developers and network operators to evaluate how well a network application follows cloud native principles and best practices. Proposals which have been adopted by the CNF WG are listed in the [CNF Best Practice Proposal](cbpps/) folder.
 

cbpps/0001-cnf-best-practice-proposal-process.md

@@ -99,7 +99,7 @@ I agree/disagree with a proposed Cloud Native best practice definition. After re
 
 ### **Tradeoffs/Constraints/Caveats/Notes**
 
-This first structure is still WIP and should not be considered final. As the CNF WG begins to dive into their work, this format and process should be modified to meet the WG’s current needs.
+This first structure is still WIP and should not be considered final. As the CNF WG begins to dive into their work, this format and process should be modified to meet the WG's current needs.
 
 When applicable, it should also provide a warning if the practice would be a determent to a divergent type of workload.