Thank you for your interest in contributing to the GitHub App Authentication extension for GitHub CLI!
- Go 1.19 or later
- GitHub CLI (
gh) installed and configured - Git
-
Clone and setup:
git clone https://github.com/AmadeusITGroup/gh-app-auth.git cd gh-app-auth go mod download -
Build the extension:
go build -o gh-app-auth . -
Install locally for testing:
gh extension install . -
Run tests:
go test ./...
gh-app-auth/
├── cmd/ # CLI commands
│ ├── root.go # Root command and CLI setup
│ ├── setup.go # Setup command implementation
│ ├── list.go # List command implementation
│ ├── remove.go # Remove command implementation
│ ├── test.go # Test command implementation
│ └── git-credential.go # Git credential helper
├── pkg/ # Core packages
│ ├── auth/ # Authentication logic
│ ├── cache/ # Token caching
│ ├── config/ # Configuration management
│ ├── jwt/ # JWT token generation
│ └── matcher/ # Repository pattern matching
├── docs/ # Documentation
└── scripts/ # Build and utility scripts
- Follow standard Go conventions
- Use
gofmtfor formatting - Add comprehensive tests for new functionality
- Include documentation for public APIs
- Write unit tests for all packages
- Include integration tests for CLI commands
- Test security-critical code paths thoroughly
- Use table-driven tests where appropriate
- Never log or expose private keys or tokens
- Validate file permissions for private key files
- Use secure temporary directories for testing
- Follow principle of least privilege
- Create command file in
cmd/directory - Implement cobra.Command with appropriate flags
- Add command to root.go
- Write comprehensive tests
- Update documentation
- Design the feature with security in mind
- Implement in appropriate package
- Add configuration options if needed
- Write tests covering all code paths
- Update documentation and examples
- Write a test that reproduces the bug
- Implement the fix
- Verify the test passes
- Consider if documentation needs updates
- Fork and branch: Create a feature branch from main
- Implement: Make your changes following the guidelines
- Test: Ensure all tests pass and add new tests
- Document: Update relevant documentation
- Submit: Create a pull request with:
- Clear description of the change
- Reference to any related issues
- Test evidence (screenshots, test output)
- Code follows project style guidelines
- Tests added for new functionality
- All tests pass
- Documentation updated
- Security considerations addressed
- Breaking changes clearly documented
- Commit messages follow conventional commits format
We use Conventional Commits specification for all commit messages. This enables automated changelog generation and helps maintain a clear project history.
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
| Type | Description | Example |
|---|---|---|
feat |
New feature for the user | feat(auth): add JWT token caching |
fix |
Bug fix for the user | fix(config): handle missing config file |
docs |
Documentation changes | docs: update installation instructions |
style |
Code style changes (formatting, etc.) | style: fix gofmt issues |
refactor |
Code refactoring without feature changes | refactor(jwt): simplify token generation |
perf |
Performance improvements | perf(cache): optimize token storage |
test |
Adding or fixing tests | test(auth): add integration tests |
build |
Build system or dependency changes | build: update go version to 1.21 |
ci |
CI/CD configuration changes | ci: add security scanning workflow |
chore |
Other changes (maintenance, etc.) | chore: update dependencies |
revert |
Reverting previous commits | revert: "feat: add experimental feature" |
Scopes provide additional context about the area of change:
auth- Authentication and JWT handlingconfig- Configuration managementcli- Command-line interfacecache- Token caching functionalitysecurity- Security-related changesdocs- Documentationci- Continuous integrationdeps- Dependencies
# New feature with scope
feat(auth): implement GitHub App authentication with JWT
# Bug fix with detailed description
fix(config): resolve panic when config file is missing
Add proper error handling for missing configuration files
instead of panicking. Now returns a user-friendly error
message and suggests running the setup command.
Fixes #42
# Documentation update
docs: add security best practices section
# Breaking change
feat(cli)!: change setup command flag from --app to --app-id
BREAKING CHANGE: The --app flag has been renamed to --app-id
for consistency with GitHub API terminology. Users should
update their scripts accordingly.
# Multiple types in one commit (avoid this)
# ❌ BAD: feat(auth): add caching and fix JWT bug
# ✅ GOOD: Split into separate commits# Too vague
fix: stuff
# Missing type
update readme
# Not descriptive enough
feat: improvements
# Mixed concerns (should be separate commits)
feat: add caching and fix config bug- Use the imperative mood: "Add feature" not "Added feature"
- Keep the subject line under 72 characters
- Capitalize the subject line
- Don't end the subject line with a period
- Use the body to explain what and why, not how
- Reference issues and pull requests when relevant
For breaking changes, use one of these formats:
# Method 1: ! after type/scope
feat(cli)!: change setup command interface
# Method 2: BREAKING CHANGE footer
feat(auth): improve token validation
BREAKING CHANGE: Token validation now requires additional
permissions. Users must regenerate their GitHub App tokens.Create a commit template to remind yourself of the format:
# Create template file
cat > ~/.gitmessage << 'EOF'
# <type>[optional scope]: <description>
#
# [optional body]
#
# [optional footer(s)]
#
# Types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert
# Scopes: auth, config, cli, cache, security, docs, ci, deps
# Remember: use imperative mood, keep subject under 72 chars
EOF
# Configure git to use the template
git config --global commit.template ~/.gitmessage- commitizen: Interactive commit message tool
- conventional-changelog: Generates changelogs from commits
- semantic-release: Automates releases based on commit messages
# Install commitizen globally
npm install -g commitizen cz-conventional-changelog
# Use in project
npx czOur automated workflows rely on conventional commits for:
- Automated Changelog: Generated from commit messages
- Semantic Versioning: Version bumps based on commit types
- Release Notes: Formatted release descriptions
- PR Labeling: Automatic labels based on commit types
Our CI pipeline validates commit messages. If your commit doesn't follow the conventional format, the build may fail. To fix this:
- For the last commit:
git commit --amend - For multiple commits:
git rebase -i HEAD~n(where n is the number of commits) - Force push:
git push --force-with-lease origin your-branch
Note: Only force push to your own feature branches, never to main/develop.
All submissions require code review. Please:
- Be responsive to feedback
- Keep changes focused and atomic
- Write clear commit messages
- Rebase rather than merge when updating PRs
Releases are automated through GitHub Actions:
- Tag a release with semantic versioning (e.g., v1.2.3)
- GitHub Actions builds cross-platform binaries
- Release is published to GitHub marketplace
- Issues: Open GitHub issues for bugs and feature requests
- Discussions: Use GitHub Discussions for questions
- Security: Report security issues via GitHub Security Advisories