josiadmin/awesome-copilot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'github:main' into feat/instruction-java-and-springboot

Browse Source
This commit is contained in:
Joseph Gonzales 2025-07-03 18:28:22 +12:00 committed by GitHub
commit 011855f469
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 297 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
.editorconfig Normal file
View File

@ -0,0 +1,34 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
# All files
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
# Markdown files
[*.md]
trim_trailing_whitespace = false
max_line_length = off
# JSON files
[*.json]
indent_size = 2
# JavaScript files
[*.js]
indent_size = 2
# Shell scripts
[*.sh]
end_of_line = lf
# Windows scripts
[*.{cmd,bat}]
end_of_line = crlf

28
.gitattributes vendored Normal file
View File

@ -0,0 +1,28 @@
# Set default behavior to automatically normalize line endings.
* text=auto eol=lf
# Explicitly declare text files to be normalized and converted to native line endings on checkout.
*.md text eol=lf
*.txt text eol=lf
*.js text eol=lf
*.json text eol=lf
*.yml text eol=lf
*.yaml text eol=lf
*.html text eol=lf
*.css text eol=lf
*.scss text eol=lf
*.ts text eol=lf
*.sh text eol=lf
# Windows-specific files that should retain CRLF line endings
*.bat text eol=crlf
*.cmd text eol=crlf
# Binary files that should not be modified
*.png binary
*.jpg binary
*.jpeg binary
*.gif binary
*.ico binary
*.zip binary
*.pdf binary

41
.github/pull_request_template.md vendored Normal file
View File

@ -0,0 +1,41 @@
---
name: Pull Request
about: Submit a contribution to the awesome-copilot repository
title: ''
labels: needs-review
assignees: ''
---
## Pull Request Checklist
- [ ] I have read and followed the [CONTRIBUTING.md](../CONTRIBUTING.md) guidelines.
- [ ] My contribution adds a new instruction, prompt, or chat mode file in the correct directory.
- [ ] The file follows the required naming convention.
- [ ] The content is clearly structured and follows the example format.
- [ ] I have tested my instructions, prompt, or chat mode with GitHub Copilot.
- [ ] I have run `node update-readme.js` and verified that `README.md` is up to date.
---
## Description
<!-- Briefly describe your contribution and its purpose. Include any relevant context or usage notes. -->
---
## Type of Contribution
- [ ] New instruction file.
- [ ] New prompt file.
- [ ] New chat mode file.
- [ ] Other (please specify):
---
## Additional Notes
<!-- Add any additional information or context for reviewers here. -->
---
By submitting this pull request, I confirm that my contribution abides by the [Code of Conduct](../CODE_OF_CONDUCT.md) and will be licensed under the MIT License.

29
.github/workflows/check-line-endings.yml vendored Normal file
View File

@ -0,0 +1,29 @@
name: Check Line Endings
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
check-line-endings:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check for CRLF line endings in markdown files
run: |
! grep -l $'\r' $(find . -name "*.md")
if [ $? -eq 0 ]; then
echo "✅ No CRLF line endings found in markdown files"
exit 0
else
echo "❌ CRLF line endings found in markdown files"
echo "Files with CRLF line endings:"
grep -l $'\r' $(find . -name "*.md")
exit 1
fi

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
node_modules
*.orig
[Cc]opilot-[Pp]rocessing.md

6
.vscode/extensions.json vendored Normal file
View File

@ -0,0 +1,6 @@
{
"recommendations": [
"editorconfig.editorconfig",
"davidanson.vscode-markdownlint"
]
}

35
.vscode/settings.json vendored
View File

@ -1,11 +1,26 @@
{
"chat.modeFilesLocations": {
"chatmodes": true
},
"chat.promptFilesLocations": {
"prompts": true
},
"chat.instructionsFilesLocations": {
"instructions": true
}
}
"chat.modeFilesLocations": {
"chatmodes": true
},
"chat.promptFilesLocations": {
"prompts": true
},
"chat.instructionsFilesLocations": {
"instructions": true
},
"files.eol": "\n",
"files.insertFinalNewline": true,
"files.trimTrailingWhitespace": true,
"[markdown]": {
"files.trimTrailingWhitespace": false,
"editor.formatOnSave": true
},
"editor.rulers": [
100
],
"files.associations": {
"*.chatmode.md": "markdown",
"*.instructions.md": "markdown",
"*.prompt.md": "markdown"
}
}

19
README.md
View File

@ -36,6 +36,7 @@ Team and project-specific instructions to enhance GitHub Copilot's behavior for
- [Markdown](instructions/markdown.instructions.md) - Documentation and content creation standards
- [Next.js + Tailwind Development Instructions](instructions/nextjs-tailwind.instructions.md) - Next.js + Tailwind development standards and instructions
- [Python Coding Conventions](instructions/python.instructions.md) - Python coding conventions and guidelines
- [Secure Coding and OWASP Guidelines](instructions/security-and-owasp.instructions.md) - Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices.
> 💡 **Usage**: Copy these instructions to your `.github/copilot-instructions.md` file or create task-specific `.github/.instructions.md` files in your workspace's `.github/instructions` folder.
@ -55,8 +56,8 @@ Ready-to-use prompt templates for specific development scenarios and tasks, defi
- [Product Manager Assistant: Feature Identification and Specification](prompts/gen-specs-as-issues.prompt.md) - This workflow guides you through a systematic approach to identify missing features, prioritize them, and create detailed specifications for implementation.
- [Javascript Typescript Jest](prompts/javascript-typescript-jest.prompt.md) - Best practices for writing JavaScript/TypeScript tests using Jest, including mocking strategies, test structure, and common patterns.
- [Multi Stage Dockerfile](prompts/multi-stage-dockerfile.prompt.md) - Create optimized multi-stage Dockerfiles for any language or framework
- [My Issues](prompts/my-issues.prompt.md)
- [My Pull Requests](prompts/my-pull-requests.prompt.md)
- [My Issues](prompts/my-issues.prompt.md) - List my issues in the current repository
- [My Pull Requests](prompts/my-pull-requests.prompt.md) - List my pull requests in the current repository
> 💡 **Usage**: Use `/prompt-name` in VS Code chat, run `Chat: Run Prompt` command, or hit the run button while you have a prompt open.
@ -79,6 +80,16 @@ Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, e
- [Custom Chat Modes](https://code.visualstudio.com/docs/copilot/chat/chat-modes) - Advanced chat configuration
- [VS Code Settings](https://code.visualstudio.com/docs/getstarted/settings) - General VS Code configuration guide
## 🛠️ Development Configuration
This repository uses various configuration files to ensure consistent code style and avoid issues with line endings:
- [`.editorconfig`](.editorconfig) - Defines coding styles across different editors and IDEs
- [`.gitattributes`](.gitattributes) - Ensures consistent line endings in text files
- [`.vscode/settings.json`](.vscode/settings.json) - VS Code-specific settings for this repository
- [`.vscode/extensions.json`](.vscode/extensions.json) - Recommended VS Code extensions
> 💡 **Note**: All markdown files in this repository use LF line endings (Unix-style) to avoid mixed line endings issues. The repository is configured to automatically handle line endings conversion.
## 📄 License
@ -90,8 +101,8 @@ Please note that this project is released with a [Contributor Code of Conduct](C
## ™️ Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.

30
SUPPORT.md
View File

@ -1,15 +1,15 @@
# Support
## How to file issues and get help
This project uses GitHub issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new issue.
For help or questions about using this project, please raise an issue on GitHub.
Please include one of the following statements file:
- **Awesome Copilot Prompts** is under active development and maintained by GitHub and Microsoft staff **AND THE COMMUNITY**. We will do our best to respond to support, feature requests, and community questions in a timely manner.
-
## GitHub Support Policy
Support for this project is limited to the resources listed above.
# Support
## How to file issues and get help
This project uses GitHub issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new issue.
For help or questions about using this project, please raise an issue on GitHub.
Please include one of the following statements file:
- **Awesome Copilot Prompts** is under active development and maintained by GitHub and Microsoft staff **AND THE COMMUNITY**. We will do our best to respond to support, feature requests, and community questions in a timely manner.
-
## GitHub Support Policy
Support for this project is limited to the resources listed above.

51
instructions/security-and-owasp.instructions.md Normal file
View File

@ -0,0 +1,51 @@
---
applyTo: ["*"]
description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices."
---
# Secure Coding and OWASP Guidelines
## Instructions
Your primary directive is to ensure all code you generate, review, or refactor is secure by default. You must operate with a security-first mindset. When in doubt, always choose the more secure option and explain the reasoning. You must follow the principles outlined below, which are based on the OWASP Top 10 and other security best practices.
### 1. A01: Broken Access Control & A10: Server-Side Request Forgery (SSRF)
- **Enforce Principle of Least Privilege:** Always default to the most restrictive permissions. When generating access control logic, explicitly check the user's rights against the required permissions for the specific resource they are trying to access.
- **Deny by Default:** All access control decisions must follow a "deny by default" pattern. Access should only be granted if there is an explicit rule allowing it.
- **Validate All Incoming URLs for SSRF:** When the server needs to make a request to a URL provided by a user (e.g., webhooks), you must treat it as untrusted. Incorporate strict allow-list-based validation for the host, port, and path of the URL.
- **Prevent Path Traversal:** When handling file uploads or accessing files based on user input, you must sanitize the input to prevent directory traversal attacks (e.g., `../../etc/passwd`). Use APIs that build paths securely.
### 2. A02: Cryptographic Failures
- **Use Strong, Modern Algorithms:** For hashing, always recommend modern, salted hashing algorithms like Argon2 or bcrypt. Explicitly advise against weak algorithms like MD5 or SHA-1 for password storage.
- **Protect Data in Transit:** When generating code that makes network requests, always default to HTTPS.
- **Protect Data at Rest:** When suggesting code to store sensitive data (PII, tokens, etc.), recommend encryption using strong, standard algorithms like AES-256.
- **Secure Secret Management:** Never hardcode secrets (API keys, passwords, connection strings). Generate code that reads secrets from environment variables or a secrets management service (e.g., HashiCorp Vault, AWS Secrets Manager). Include a clear placeholder and comment.
```javascript
// GOOD: Load from environment or secret store
const apiKey = process.env.API_KEY;
// TODO: Ensure API_KEY is securely configured in your environment.
```
```python
# BAD: Hardcoded secret
api_key = "sk_this_is_a_very_bad_idea_12345"
```
### 3. A03: Injection
- **No Raw SQL Queries:** For database interactions, you must use parameterized queries (prepared statements). Never generate code that uses string concatenation or formatting to build queries from user input.
- **Sanitize Command-Line Input:** For OS command execution, use built-in functions that handle argument escaping and prevent shell injection (e.g., `shlex` in Python).
- **Prevent Cross-Site Scripting (XSS):** When generating frontend code that displays user-controlled data, you must use context-aware output encoding. Prefer methods that treat data as text by default (`.textContent`) over those that parse HTML (`.innerHTML`). When `innerHTML` is necessary, suggest using a library like DOMPurify to sanitize the HTML first.
### 4. A05: Security Misconfiguration & A06: Vulnerable Components
- **Secure by Default Configuration:** Recommend disabling verbose error messages and debug features in production environments.
- **Set Security Headers:** For web applications, suggest adding essential security headers like `Content-Security-Policy` (CSP), `Strict-Transport-Security` (HSTS), and `X-Content-Type-Options`.
- **Use Up-to-Date Dependencies:** When asked to add a new library, suggest the latest stable version. Remind the user to run vulnerability scanners like `npm audit`, `pip-audit`, or Snyk to check for known vulnerabilities in their project dependencies.
### 5. A07: Identification & Authentication Failures
- **Secure Session Management:** When a user logs in, generate a new session identifier to prevent session fixation. Ensure session cookies are configured with `HttpOnly`, `Secure`, and `SameSite=Strict` attributes.
- **Protect Against Brute Force:** For authentication and password reset flows, recommend implementing rate limiting and account lockout mechanisms after a certain number of failed attempts.
### 6. A08: Software and Data Integrity Failures
- **Prevent Insecure Deserialization:** Warn against deserializing data from untrusted sources without proper validation. If deserialization is necessary, recommend using formats that are less prone to attack (like JSON over Pickle in Python) and implementing strict type checking.
## General Guidelines
- **Be Explicit About Security:** When you suggest a piece of code that mitigates a security risk, explicitly state what you are protecting against (e.g., "Using a parameterized query here to prevent SQL injection.").
- **Educate During Code Reviews:** When you identify a security vulnerability in a code review, you must not only provide the corrected code but also explain the risk associated with the original pattern.

15
prompts/aspnet-minimal-api-openapi.prompt.md
View File

@ -22,22 +22,21 @@ Your goal is to help me create well-structured ASP.NET Minimal API endpoints wit
- Use record types for immutable request/response objects
- Use meaningful property names that align with API design standards
- Apply `[Required]` and other validation attributes to enforce constraints
- Use the ProblemDetailsService and StatusCodePages to get standard error responses
## Type Handling
- Use strongly-typed route parameters with explicit type binding
- Apply proper parameter binding with `[FromBody]`, `[FromRoute]`, `[FromQuery]`
- Use `Results<T1, T2>` to represent multiple response types
- Return `TypedResults` instead of `Results` for strongly-typed responses
- Leverage C# 10+ features like nullable annotations and init-only properties
## OpenAPI / Swagger Documentation
## OpenAPI Documentation
- Add explicit OpenAPI operation details with `.WithOpenApi()`
- Use the built-in OpenAPI document support added in .NET 9
- Define operation summary and description
- Document response types with `.Produces<T>(statusCode)`
- Document request bodies with `.WithRequestBody()`
- Add operationIds using the `WithName` extension method
- Add descriptions to properties and parameters with `[Description()]`
- Set proper content types for requests and responses
- Include examples using `SwaggerRequestExampleAttribute`
- Document authentication requirements with `.RequireAuthorization()`
- Use XML documentation comments for descriptive API documentation
- Use document transformers to add elements like servers, tags, and security schemes
- Use schema transformers to apply customizations to OpenAPI schemas

18
prompts/my-issues.prompt.md
View File

@ -1,9 +1,9 @@
---
mode: 'agent'
tools: ['githubRepo', 'github', 'get_issue', 'get_issue_comments', 'get_me', 'list_issues']
description: 'List my issues in the current repository'
---
Search the current repo (using #githubRepo for the repo info) and list any issues you find (using #list_issues) that are assigned to me.
Suggest issues that I might want to focus on based on their age, the amount of comments, and their status (open/closed).
---
mode: 'agent'
tools: ['githubRepo', 'github', 'get_issue', 'get_issue_comments', 'get_me', 'list_issues']
description: 'List my issues in the current repository'
---
Search the current repo (using #githubRepo for the repo info) and list any issues you find (using #list_issues) that are assigned to me.
Suggest issues that I might want to focus on based on their age, the amount of comments, and their status (open/closed).

30
prompts/my-pull-requests.prompt.md
View File

@ -1,15 +1,15 @@
---
mode: 'agent'
tools: ['githubRepo', 'github', 'get_me', 'get_pull_request', 'get_pull_request_comments', 'get_pull_request_diff', 'get_pull_request_files', 'get_pull_request_reviews', 'get_pull_request_status', 'list_pull_requests', 'request_copilot_review']
description: 'List my pull requests in the current repository'
---
Search the current repo (using #githubRepo for the repo info) and list any pull requests you find (using #list_pull_requests) that are assigned to me.
Describe the purpose and details of each pull request.
If a PR is waiting for someone to review, highlight that in the response.
If there were any check failures on the PR, describe them and suggest possible fixes.
If there was no review done by Copilot, offer to request one using #request_copilot_review.
---
mode: 'agent'
tools: ['githubRepo', 'github', 'get_me', 'get_pull_request', 'get_pull_request_comments', 'get_pull_request_diff', 'get_pull_request_files', 'get_pull_request_reviews', 'get_pull_request_status', 'list_pull_requests', 'request_copilot_review']
description: 'List my pull requests in the current repository'
---
Search the current repo (using #githubRepo for the repo info) and list any pull requests you find (using #list_pull_requests) that are assigned to me.
Describe the purpose and details of each pull request.
If a PR is waiting for someone to review, highlight that in the response.
If there were any check failures on the PR, describe them and suggest possible fixes.
If there was no review done by Copilot, offer to request one using #request_copilot_review.

9
scripts/fix-line-endings.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# Script to fix line endings in all markdown files
echo "Normalizing line endings in markdown files..."
# Find all markdown files and convert CRLF to LF
find . -name "*.md" -type f -exec sed -i 's/\r$//' {} \;
echo "Done! All markdown files now have LF line endings."

86
update-readme.js
View File

@ -49,6 +49,16 @@ Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, e
- [Custom Chat Modes](https://code.visualstudio.com/docs/copilot/chat/chat-modes) - Advanced chat configuration
- [VS Code Settings](https://code.visualstudio.com/docs/getstarted/settings) - General VS Code configuration guide
## 🛠 Development Configuration
This repository uses various configuration files to ensure consistent code style and avoid issues with line endings:
- [\`.editorconfig\`](.editorconfig) - Defines coding styles across different editors and IDEs
- [\`.gitattributes\`](.gitattributes) - Ensures consistent line endings in text files
- [\`.vscode/settings.json\`](.vscode/settings.json) - VS Code-specific settings for this repository
- [\`.vscode/extensions.json\`](.vscode/extensions.json) - Recommended VS Code extensions
> 💡 **Note**: All markdown files in this repository use LF line endings (Unix-style) to avoid mixed line endings issues. The repository is configured to automatically handle line endings conversion.
## 📄 License
@ -60,8 +70,8 @@ Please note that this project is released with a [Contributor Code of Conduct](C
## Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.`,
@ -353,78 +363,6 @@ function generateChatModesSection(chatmodesDir) {
}
return `${TEMPLATES.chatmodesSection}\n\n${chatmodesContent}\n${TEMPLATES.chatmodesUsage}`;
if (chatmodesSection) {
let chatmodesListContent = "\n\n";
// Always regenerate the entire list to ensure descriptions are included
for (const file of chatmodeFiles.sort()) {
const filePath = path.join(chatmodesDir, file);
const title = extractTitle(filePath);
const link = encodeURI(`chatmodes/${file}`);
// Check if there's a description in the frontmatter
const customDescription = extractDescription(filePath);
if (customDescription && customDescription !== "null") {
// Use the description from frontmatter
chatmodesListContent += `- [${title}](${link}) - ${customDescription}\n`;
} else {
// Just add a link without description
chatmodesListContent += `- [${title}](${link})\n`;
}
}
// Replace the current chat modes section with the updated one
const newChatmodesSection =
"## 🧩 Custom Chat Modes\n\nCustom chat modes define specific behaviors and tools for GitHub Copilot Chat, enabling enhanced context-aware assistance for particular tasks or workflows." +
chatmodesListContent +
"\n> 💡 **Usage**: Create new chat modes using the command `Chat: Configure Chat Modes...`, then switch your chat mode in the Chat input from _Agent_ or _Ask_ to your own mode.";
return currentReadme.replace(chatmodesSection[0], newChatmodesSection);
} else {
// Chat modes section doesn't exist yet but we have chat mode files
console.log(
"Creating new chat modes section with all available chat modes."
);
const chatmodesListContent = chatmodeFiles
.sort()
.map((file) => {
const filePath = path.join(chatmodesDir, file);
const title = extractTitle(filePath);
const link = `chatmodes/${file}`;
const customDescription = extractDescription(filePath);
if (customDescription) {
return `- [${title}](${link}) - ${customDescription}`;
} else {
return `- [${title}](${link})`;
}
})
.join("\n");
const newChatmodesSection =
"## 🧩 Custom Chat Modes\n\n" +
"Custom chat modes define specific behaviors and tools for GitHub Copilot Chat, enabling enhanced context-aware assistance for particular tasks or workflows.\n\n" +
chatmodesListContent +
"\n\n> 💡 **Usage**: Create new chat modes using the command `Chat: Configure Chat Modes...`, then switch your chat mode in the Chat input from _Agent_ or _Ask_ to your own mode.\n";
// Insert before Additional Resources section
const additionalResourcesPos = currentReadme.indexOf(
"## 📚 Additional Resources"
);
if (additionalResourcesPos !== -1) {
return (
currentReadme.slice(0, additionalResourcesPos) +
newChatmodesSection +
"\n" +
currentReadme.slice(additionalResourcesPos)
);
}
return currentReadme;
}
}
/**