This is Horusec contributing guide. Please read the following sections to learn how to ask questions and how to work on something.
1.1. Code of Conduct
1.2. Legal
2.2. Code Review
2.3. Issues
2.3.1. Check the issue tracker
2.4. Pull Requests
3.2. First contribution
4. Community
Please follow the Code of Conduct in all your interactions with our project.
-
Horusec is licensed over ASF - Apache License, version 2, so new files must have the ASF version 2 header. For more information, please check out Apache license.
-
All contributions are subject to the Developer Certificate of Origin (DCO). When you commit, use the
**-s**
option to include the Signed-off-by line at the end of the commit log message.
Check out the requisites before contributing to Horusec:
This is a security layer for the project and for the developers. It is mandatory.
Follow one of these two methods to add DCO to your commits:
1. Command line Follow the steps: Step 1: Configure your local git environment adding the same name and e-mail configured at your GitHub account. It helps to sign commits manually during reviews and suggestions.
git config --global user.name “Name”
git config --global user.email “[email protected]”
Step 2: Add the Signed-off-by line with the '-s'
flag in the git commit command:
$ git commit -s -m "This is my commit message"
2. GitHub website
You can also manually sign your commits during GitHub reviews and suggestions, follow the steps below:
Step 1: When the commit changes box opens, manually type or paste your signature in the comment box, see the example:
Signed-off-by: Name < e-mail address >
For this method, your name and e-mail must be the same registered on your GitHub account.
- All your submissions needs a review.
If you have a bug or an idea, check out the following sections before submitting your contribution.
All our issues are centralized in our main repository, it is quite likely that you will find a topic that is being discussed. Check the open issues, another good way to start is good first issues.
Use the GitHub's search filter to help you. For example:
- Test related issues:
is:open is:issue label:kind/tests
- Issues that need extra attention:
is:open is:issue label:"help wanted"
- Issues related to a bug:
is:issue is:open label:kind/bug
Writing a good issue will help our team better analyze and manage your contributions, therefore, follow the standards and best practices below:
With the title:
Project:Scope - Title Description
Project: Name of the project or repository you want to contribute to.
Scope: Add what your issue refers to:
-
Bug report: Create a report to help us improve
-
Feature request: Suggest a new feature for a project
-
Improvement: Suggest a improvement for a project
-
Support request: Support request or question relating to Horusec
Example: Horusec-cli:Improvement - Suggestion for CLI installation experience
With the issue description:
Try to explain the scenario to us by following these tips:
- Context: explain the conditions which led you to write this issue.
- Problem or idea: the context should lead to something, an idea or a problem that you’re facing.
- Solution or next step: this where you move forward. You can engage others (request feedback), assign somebody else to the issue, or simply leave it for further investigation, but you absolutely need to propose a next step towards solving the issue.
When you open a Pull Request, follow the requirements below:
- Add a title with the following pattern:
- feature: PR refers to a new activity.
- bugfix: PR refers to corrections for the next release.
- hotfix: PR refers to corrections where you will need a cherry-pick and the update of the minor version.
- chore: PR refers to changes for the next release, but it was only maintenance without an activity impact.
Example: start:bugfix - fix bug when Horusec haven't read the new flag of authorization
- Answer the questions about what you did, how to verify it and a short description for the changelog, see an example below:
See the guidelines to submit your changes:
To start contributing with Horusec, you need to install Go. The minimal version required to build is 1.17. GNU Make is also required to development.
After installing Go you can build using make build-dev
.
Horusec has a suite of unit and end-to-end tests you can run them using the following commands.
make test
make test-e2e
Make sure all the tests pass before you commit and push :)
You can get the test coverage using the following command.
make coverage
go tool cover -html=coverage.out # Open coverage status in your browser
Horusec has other repositories, check them below:
Contributing to a new feature is only allowed in the main repository.
Before contributing to this repository, please discuss the changes you wish to make via e-mail or forum.
If you want to add an improvement, a new feature or bug fix, follow the steps to contribute:
Step 1: Make sure your branch is based on main;
Step 2: When opening an issue, choose a template to answer the questions regarding what you want to contribute:
Step 3: Make your changes and open a GitHub pull request;
Step 4: Make sure to write a title describing what you have done;
Step 5: Fill in the template in the PR, here you need to write what you did and how the team can verify it;
Step 6: You must commit to comply with the DCO rules. It will need to be signed-off and verified. Example: git commit -s --amend
.
Your pull request is approved when:
- 2 code owners approve it.
- Pass all GitHub actions checking process (lint, test, coverage, license, build, e2e, security, dco).
- If it is a bug fix, the team will perform the changes and there will be a new release.
- If it is a feature, it will be in the next release.
- Do you have any question about Horusec? Send to our mailing list.
- Let's chat in our forum.
Thank you for your contribution, you rock! 🚀
Horusec team