From b35967821fe41c4e667f943d62ce566080359411 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 22 Jan 2024 11:52:07 +0200 Subject: [PATCH 1/7] add contribution guide --- CONTRIBUTING.md | 117 ++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 4 +- 2 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..4c1c6c59 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,117 @@ +# Contribution Guide + +## Table of Contents + +- [📖 Guidelines](#-guidelines) +- [🏠🏗️ Local development](#-local-development) +- [🚦 Running Tests](#-running-tests) + +## 📖 Guidelines + +Before submitting the pull request, ensure: + +- Your changes are covered by `unit` and `integration` tests. If not, please add new tests. +- The code compiles, by running `go vet ./...`. +- To format the code, by running `go fmt ./...`. + +When creating the pull request, ensure: + +- The pull request is on the `dev` branch. +- The pull request description describes the changes made. + +
+ +Before merging the pull request + +--- + +Once you have completed your coding changes, it is recommended to push the modifications made to the other modules first. Once these changes are pushed, you can update this project to resolve dependencies from your GitHub fork or branch. + +To achieve this, modify the `go.mod` file to point the dependency to your repository and branch, as shown in the example below: + +``` +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev +``` + +Finally, execute `go mod tidy` to update the Go module files. Please note that Go will automatically update the version in the `go.mod` file. + +--- + +
+ + +## 🏠🏗️ Local Development + +To run a command locally, use the following command template: + +```sh +go run github.com/jfrog/jfrog-cli-security command [options] [arguments...] +``` + +--- + +Please review our [Plugin Contribution](https://github.com/jfrog/jfrog-cli-core/blob/dev/plugins/README.md) guide. + +This project heavily depends on the following modules: + +- [github.com/jfrog/jfrog-client-go](https://github.com/jfrog/jfrog-client-go) +- [github.com/jfrog/jfrog-cli-core](github.com/jfrog/jfrog-cli-core) + +During local development, if you come across code that needs to be modified in one of the mentioned modules, it is advisable to replace the dependency with a local clone of the module. + +To include this local dependency, For instance, let's assume you wish to modify files from `jfrog-cli-core`, modify the `go.mod` file as follows: + +``` +replace github.com/jfrog/jfrog-cli-core/v2 => /local/path/in/your/machine/jfrog-cli-core +``` + +Afterward, execute `go mod tidy` to ensure the Go module files are updated. Note that Go will automatically adjust the version in the `go.mod` file. + +## 🚦 Running Tests + +When running the tests, builds and repositories with timestamps will be created, for example: `cli-rt1-1592990748` and `cli-rt2-1592990748`. +The content of these repositories will be deleted once the tests are completed. + +To run tests, use the following command: + +``` +go test -v github.com/jfrog/jfrog-cli-security [test-types] [flags] +``` + +### The available flags are: + +| Flag | Description | +| ------------------- | ----------------------------------------------------------------------------------------------- | +| `-jfrog.url` | [Default: http://localhost:8081] JFrog platform URL | +| `-jfrog.user` | [Default: admin] JFrog platform username | +| `-jfrog.password` | [Default: password] JFrog platform password | +| `-jfrog.adminToken` | [Optional] JFrog platform admin token | +| `-ci.runId` | [Optional] A unique identifier used as a suffix to create repositories and builds in the tests. | +| `-jfrog.sshKeyPath` | [Optional] Path to the SSH key file. Use this flag only if the Artifactory URL format is `ssh://[domain]:port`. | +| `-jfrog.sshPassphrase` | [Optional] Passphrase for the SSH key. | + +--- + + +### The available test types are: + +| Type | Description | +| -------------------- | ------------------ | +| `-test.security` | [Default: true] Security commands integration tests | +| `-test.dockerScan` | [Optional] Docker scan integration tests | + +### Docker Scan tests + +
+ +#### Requirements + +- Make sure the `RTLIC` environment variable is configured with a valid license. +- Before running the tests, wait for Artifactory to finish booting up in the container. + +| Flag | Description | +| ------------------------- | ----------------------------------- | +| `-test.containerRegistry` | Artifactory Docker registry domain. | + + +
diff --git a/README.md b/README.md index 7431da36..d52a47d1 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ ## General -**jfrog-cli-security** is a Go module that encompasses the security commands of [JFrog CLI](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli). This module is an Embedded JFrog CLI Plugins and is referenced as a Go module within the [JFrog CLI codebase](https://github.com/jfrog/jfrog-cli). +**jfrog-cli-security** is a Go module that encompasses the security commands of [JFrog CLI](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli). This module is an Embedded JFrog CLI Plugin and is referenced as a Go module within the [JFrog CLI codebase](https://github.com/jfrog/jfrog-cli). ## 🫱🏻‍🫲🏼 Contributions -We welcome contributions from the community through pull requests. To assist in enhancing this project, please review our [Plugin Contribution](https://github.com/jfrog/jfrog-cli-core/blob/dev/plugins/README.md) guide. +We welcome contributions from the community through pull requests. To assist in enhancing this project, please review our [Contribution](CONTRIBUTING.md) guide. From 2a005425a9bd324c977d259fc9bb9f38380b0207 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 22 Jan 2024 11:56:17 +0200 Subject: [PATCH 2/7] fix link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4c1c6c59..ba4aeb83 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,7 +3,7 @@ ## Table of Contents - [📖 Guidelines](#-guidelines) -- [🏠🏗️ Local development](#-local-development) +- [🏠🏗️ Local development](#--local-development) - [🚦 Running Tests](#-running-tests) ## 📖 Guidelines From 211afcbd683d80ad7bc485aeafe60b81926d9fc7 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 22 Jan 2024 11:56:52 +0200 Subject: [PATCH 3/7] try fix link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ba4aeb83..78689948 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,7 +3,7 @@ ## Table of Contents - [📖 Guidelines](#-guidelines) -- [🏠🏗️ Local development](#--local-development) +- [🏠🏗️ Local development](#🏠🏗️-local-development) - [🚦 Running Tests](#-running-tests) ## 📖 Guidelines From 046ef83d9734a384546edc7354a708c9d266c2f4 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 22 Jan 2024 11:58:21 +0200 Subject: [PATCH 4/7] fix link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 78689948..e2b6a758 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,7 +3,7 @@ ## Table of Contents - [📖 Guidelines](#-guidelines) -- [🏠🏗️ Local development](#🏠🏗️-local-development) +- [🏠🏗️ Local development](#%EF%B8%8F-local-development) - [🚦 Running Tests](#-running-tests) ## 📖 Guidelines From f0e3d1bc8a2e14706fcc9b3efd1e06d5a9e9d007 Mon Sep 17 00:00:00 2001 From: attiasas Date: Tue, 23 Jan 2024 15:52:22 +0200 Subject: [PATCH 5/7] add PR template details for docs --- .github/PULL_REQUEST_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 24485f50..225d158c 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -3,5 +3,6 @@ - [ ] The code has been formatted properly using `go fmt ./...`. - [ ] All [static analysis checks](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) passed. - [ ] All [tests](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml) have passed. If this feature is not already covered by the tests, new tests have been added. +- [ ] All changes are detailed at the description. if not already covered at [JFrog Documentation](https://github.com/jfrog/documentation), new documentation have been added. ----- \ No newline at end of file From c37664bb621eecb8181c0786035c967f1506474f Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 31 Jan 2024 17:19:54 +0200 Subject: [PATCH 6/7] fix main branch test badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d52a47d1..5ebe7c02 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ | Branch | Status | |:------:|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:| -| master | [![Test](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml?query=branch%3Amaster) [![Static Analysis](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml/badge.svg?branch=master)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) | +| main | [![Test](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml?query=branch%main) [![Static Analysis](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml/badge.svg?branch=main)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) | | dev | [![Test](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml/badge.svg?branch=dev)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/test.yml?query=branch%3Adev) [![Static Analysis](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml/badge.svg?branch=dev)](https://github.com/jfrog/jfrog-cli-security/actions/workflows/analysis.yml) | ## General From bc0aeb2a2c151fbdeee19b7b348a66ebf466ebf7 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 1 Feb 2024 10:19:14 +0200 Subject: [PATCH 7/7] improve guide --- CONTRIBUTING.md | 86 +++++++++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 38 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e2b6a758..fd821772 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,43 +1,12 @@ # Contribution Guide +Welcome to the contribution guide for our project! We appreciate your interest in contributing to the development of this project. Below, you will find essential information on local development, running tests, and guidelines for submitting pull requests. + ## Table of Contents -- [📖 Guidelines](#-guidelines) - [🏠🏗️ Local development](#%EF%B8%8F-local-development) - [🚦 Running Tests](#-running-tests) - -## 📖 Guidelines - -Before submitting the pull request, ensure: - -- Your changes are covered by `unit` and `integration` tests. If not, please add new tests. -- The code compiles, by running `go vet ./...`. -- To format the code, by running `go fmt ./...`. - -When creating the pull request, ensure: - -- The pull request is on the `dev` branch. -- The pull request description describes the changes made. - -
- -Before merging the pull request - ---- - -Once you have completed your coding changes, it is recommended to push the modifications made to the other modules first. Once these changes are pushed, you can update this project to resolve dependencies from your GitHub fork or branch. - -To achieve this, modify the `go.mod` file to point the dependency to your repository and branch, as shown in the example below: - -``` -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev -``` - -Finally, execute `go mod tidy` to update the Go module files. Please note that Go will automatically update the version in the `go.mod` file. - ---- - -
+- [📖 Submitting PR Guidelines](#-submitting-pr-guidelines) ## 🏠🏗️ Local Development @@ -50,8 +19,6 @@ go run github.com/jfrog/jfrog-cli-security command [options] [arguments...] --- -Please review our [Plugin Contribution](https://github.com/jfrog/jfrog-cli-core/blob/dev/plugins/README.md) guide. - This project heavily depends on the following modules: - [github.com/jfrog/jfrog-client-go](https://github.com/jfrog/jfrog-client-go) @@ -59,6 +26,11 @@ This project heavily depends on the following modules: During local development, if you come across code that needs to be modified in one of the mentioned modules, it is advisable to replace the dependency with a local clone of the module. +
+Replacing a dependency with a local clone + +--- + To include this local dependency, For instance, let's assume you wish to modify files from `jfrog-cli-core`, modify the `go.mod` file as follows: ``` @@ -67,10 +39,14 @@ replace github.com/jfrog/jfrog-cli-core/v2 => /local/path/in/your/machine/jfrog- Afterward, execute `go mod tidy` to ensure the Go module files are updated. Note that Go will automatically adjust the version in the `go.mod` file. +--- + +
+ + ## 🚦 Running Tests -When running the tests, builds and repositories with timestamps will be created, for example: `cli-rt1-1592990748` and `cli-rt2-1592990748`. -The content of these repositories will be deleted once the tests are completed. +When running tests, builds and repositories with timestamps like `cli-rt1-1592990748` and `cli-rt2-1592990748` will be created. The content of these repositories will be deleted once the tests are completed. To run tests, use the following command: @@ -115,3 +91,37 @@ go test -v github.com/jfrog/jfrog-cli-security [test-types] [flags] + +## 📖 Submitting PR Guidelines + +Once you have completed your coding changes, it is recommended to push the modifications made to the other modules first. Once these changes are pushed, you can update this project to resolve dependencies from your GitHub fork or branch. + +
+ +Resolve dependencies from GitHub fork or branch + +--- + +To achieve this, modify the `go.mod` file to point the dependency to your repository and branch, as shown in the example below: + +``` +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev +``` + +Finally, execute `go mod tidy` to update the Go module files. Please note that Go will automatically update the version in the `go.mod` file. + +--- + +
+ +### Before submitting the pull request, ensure: + +- Your changes are covered by `unit` and `integration` tests. If not, please add new tests. +- The code compiles, by running `go vet ./...`. +- To format the code, by running `go fmt ./...`. +- The documentation covers the changes, if not please add and make changes at [The documentation repository](https://github.com/jfrog/documentation) + +### When creating the pull request, ensure: + +- The pull request is on the `dev` branch. +- The pull request description describes the changes made. \ No newline at end of file