This is Horusec contributing guide. Please read the following sections to learn how to ask questions and how to work on something.
1.1. Code of Conduct
1.2. Legal
2.2. Code Review
2.3. Pull Requests
3.2. First contribution
4. Community
Please follow the Code of Conduct in all your interactions with our project.
-
Horusec is licensed over ASF - Apache License, version 2, so new files must have the ASF version 2 header. For more information, please check out Apache license.
-
All contributions are subject to the Developer Certificate of Origin (DCO). When you commit, use the
**-s**
option to include the Signed-off-by line at the end of the commit log message.
Check out the requisites before contributing to Horusec:
This is a security layer for the project and for the developers. It is mandatory.
Follow one of these two methods to add DCO to your commits:
1. Command line Follow the steps: Step 1: Configure your local git environment adding the same name and e-mail configured at your GitHub account. It helps to sign commits manually during reviews and suggestions.
git config --global user.name “Name”
git config --global user.email “[email protected]”
Step 2: Add the Signed-off-by line with the '-s'
flag in the git commit command:
$ git commit -s -m "This is my commit message"
2. GitHub website
You can also manually sign your commits during GitHub reviews and suggestions, follow the steps below:
Step 1: When the commit changes box opens, manually type or paste your signature in the comment box, see the example:
Signed-off-by: Name < e-mail address >
For this method, your name and e-mail must be the same registered on your GitHub account.
- All your submissions needs a review.
When you open a Pull Request, follow the requirements below:
- Add a title with the following pattern:
- FEATURE: PR refers to a new activity.
- BUGFIX: PR refers to corrections for the next release.
- HOTFIX: PR refers to corrections where you will need a cherry-pick and the update of the minor version.
- CHORE: PR refers to changes for the next release, but it was only maintenance without an activity impact.
Example: [start][bugfix]: Fix bug when Horusec haven't read the new flag of authorization
- Answer the questions about what you did, how to verify it and a short description for the changelog, see an example below:
See the guidelines to submit your changes:
To start contributing with Horusec, you need to install Go. The minimal version required to build is 1.17. GNU Make is also required to development.
After installing Go you can build using make build-dev
.
Horusec has a suite of unit and end-to-end tests you can run them using the following commands.
make test
make test-e2e
Make sure all the tests pass before you commit and push :)
You can get the test coverage using the following command.
make coverage
go tool cover -html=coverage.out # Open coverage status in your browser
Horusec has other repositories and you can check the README for each one of them:
Contributing to a new feature is only allowed in the main repository.
Before contributing to this repository, please discuss the changes you wish to make via e-mail or forum.
If you want to add an improvement, a new feature or bugfix, follow the steps to contribute:
Step 1: Make sure your branch is based on main;
Step 2: When opening an issue, choose a template to answer the questions regarding what you want to contribute:
Step 3: Make your changes and open a GitHub pull request;
Step 4: Make sure to write a title describing what you have done;
Step 5: Fill in the template in the PR, here you need to write what you did and how the team can verify it;
Step 6: You must commit to comply with the DCO rules. It will need to be signed-off and verified. Example: git commit -s --amend
.
Your pull request is approved when:
- 2 code owners approve it.
- Pass all GitHub actions checking process (lint, test, coverage, license, build, e2e, security, dco).
- If it is a bug fix, the team will perform the changes and there will be a new release.
- If it is a feature, it will be in the next release.
- Do you have any question about Horusec? Send to our e-mail [email protected].
- Let's chat in our forum.
Thank you for your contribution, you rock! 🚀
Horusec team