|
| 1 | +--- |
| 2 | +title: Contributing |
| 3 | +--- |
| 4 | + |
| 5 | +Welcome! We are very happy to accept community contributions to the project, whether through [filing issues](#contributing-issues) or [code](#contributing-code) in the form of [Pull Requests](#pull-requests). Please note that by participating in this project, you agree to abide by the [Code of Conduct](./code-of-conduct.md), as well as the terms of the [Developer Certificate of Origin](#developer-certificate-of-origin-dco). |
| 6 | + |
| 7 | +## Bi-Weekly Community Meeting |
| 8 | + |
| 9 | +A great way to get started is to join our bi-weekly community meeting. The meeting is held every other Monday from 1:30pm PT - 2:15pm PT. You can find the agenda and links to join [here](https://docs.google.com/document/d/1QdskbeCtgKcdWYHI6EXkLFxyzTCyVT6e8MgB3CaAhWI/edit?usp=sharing) |
| 10 | + |
| 11 | +## Slack |
| 12 | + |
| 13 | +To discuss issues with Copa, features, or development, you can join the [`#copacetic`](https://cloud-native.slack.com/archives/C071UU5QDKJ) channel on the [CNCF Slack](https://communityinviter.com/apps/cloud-native/cncf). |
| 14 | + |
| 15 | +## Contributor Ladder |
| 16 | + |
| 17 | +We have a contributor ladder that outlines the different contributor roles within the project, along with the responsibilities and privileges that come with them. Community members generally start at the first levels of the "ladder" and advance up it as their involvement in the project grows. |
| 18 | + |
| 19 | +For detailed information about contributor roles (Contributor, Reviewer, Maintainer) and how to advance through them, please see our [Contributor Ladder](https://github.com/project-copacetic/copacetic/blob/main/CONTRIBUTOR_LADDER.md). |
| 20 | + |
| 21 | +## Contributing Issues |
| 22 | + |
| 23 | +Before opening any new issues, please search our [existing GitHub issues](https://github.com/project-copacetic/copacetic/issues) to check if your bug or suggestion has already been filed. If such an issue already exists, we recommend adding your comments and perspective to that existing issue instead. |
| 24 | + |
| 25 | +When opening an issue, please select the most appropriate template for what you're contributing: |
| 26 | + |
| 27 | +- **Bug Report:** If you would like to report the project or tool behaving in unexpected ways. |
| 28 | +- **Documentation Improvement:** If you have corrections or improvements to the project's documents, be they typos, factual errors, or missing content. |
| 29 | +- **Request:** If you have a feature request, suggestion, or a even a design proposal to review. |
| 30 | +- **Question:** If you would like to ask the maintainers a question about the project. |
| 31 | + |
| 32 | +## Contributing Code |
| 33 | + |
| 34 | +### Getting Started |
| 35 | + |
| 36 | +Follow the instructions to set up your dev environment to build Copacetic. |
| 37 | + |
| 38 | +For an overview of the project components, refer to the [Copa design](./design.md) document. |
| 39 | + |
| 40 | +### IDE Setup |
| 41 | + |
| 42 | +Copacetic is written in Go, so any IDE that supports Go may be used. If you have an IDE you prefer, simply search for a guide to set it up with Go. If you don't have a preferred IDE or if you're a new developer, some popular options are listed below: |
| 43 | + |
| 44 | +- [GoLand](https://www.jetbrains.com/help/go/quick-start-guide-goland.html) |
| 45 | +- [VSCode](https://code.visualstudio.com/docs/languages/go) |
| 46 | +- [Vim](https://github.com/fatih/vim-go) |
| 47 | +- [Zed](https://zed.dev/docs/languages/go) |
| 48 | + |
| 49 | +After choosing your IDE, we should install [gofumpt](https://github.com/mvdan/gofumpt). It's a stricter formatter than `gofmt` which Copacetic requires to pass all tests. Once installed, you may optionally set it up to run in your IDE of choice by following the instructions about halfway down the page. |
| 50 | + |
| 51 | +### Docker Setup |
| 52 | + |
| 53 | +Copacetic requires Docker for patching images. To install Docker, follow the [Docker installation guide](https://docs.docker.com/engine/install/). |
| 54 | + |
| 55 | +### Tests |
| 56 | + |
| 57 | +Once you can successfully `make` the project, any code contributions should also successfully: |
| 58 | + |
| 59 | +- Pass unit tests via `make test`. |
| 60 | +- Lint cleanly via `make lint`. |
| 61 | +- Be formatted with `gofumpt`. |
| 62 | + |
| 63 | +Pull requests will also be expected to pass the PR functional tests specified by `.github/workflows/build.yml`. |
| 64 | + |
| 65 | +### Pull Requests |
| 66 | + |
| 67 | +If you'd like to start contributing code to the project, you can search for [issues with the `good first issue` label](https://github.com/project-copacetic/copacetic/labels/good%20first%20issue). Other kinds of PR contributions we would look for include: |
| 68 | + |
| 69 | +- Fixes for bugs and other correctness issues. |
| 70 | +- Docs and other content improvements (e.g. samples). |
| 71 | +- Extensions to support parsing new scanning report formats. |
| 72 | +- Extensions to support patching images based on new distros or using new package managers. |
| 73 | + |
| 74 | +For any changes that may involve significant refactoring or development effort, we suggest that you file an issue to discuss the proposal with the maintainers first as it is unlikely that we will accept large PRs without prior discussion that have: |
| 75 | + |
| 76 | +- Architectural changes (e.g. breaking interfaces or violations of [this project's design tenets](./design.md#design-tenets)). |
| 77 | +- Unsolicited features that significantly expand the functional scope of the tool. |
| 78 | + |
| 79 | +Pull requests should be submitted from your fork of the project with the PR template filled out. This project uses the [Angular commit message format](https://github.com/angular/angular/blob/main/CONTRIBUTING.md#-commit-message-format) for automated changelog generation, so it's helpful to be familiar with it as the maintainers will need to ensure adherence to it on accepting PRs. |
| 80 | + |
| 81 | +We suggest: |
| 82 | + |
| 83 | +- Use the standard header format of `"<type>: <short summary>"` where the `<type>` is one of the following: |
| 84 | + - **build:** Changes that affect the build system or external dependencies |
| 85 | + - **ci:** Changes to the GitHub workflows and configurations |
| 86 | + - **docs:** Documentation only changes |
| 87 | + - **feat:** A new feature |
| 88 | + - **fix:** A bug fix |
| 89 | + - **perf:** A code change that improves performance |
| 90 | + - **refactor:** A code change that neither fixes a bug nor adds a feature |
| 91 | + - **test:** Adding missing tests or correcting existing tests |
| 92 | +- Use a [concise, imperative description](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) of the changes included in the `<short summary>` of the header, the body of the PR, and generally in your commit messages. |
| 93 | +- Use [GitHub keywords](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests) in the footer of your PR description, such as `closes` to automatically close issues the PR intends to address. |
| 94 | + |
| 95 | +## Developer Certificate of Origin (DCO) |
| 96 | + |
| 97 | +The [Developer Certificate of Origin](https://wiki.linuxfoundation.org/dco) (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the [full text of the DCO](https://developercertificate.org/), reformatted for readability: |
| 98 | + |
| 99 | +> By making a contribution to this project, I certify that: |
| 100 | +> |
| 101 | +> (a) The contribution was created in whole or in part by me and I |
| 102 | +> have the right to submit it under the open source license |
| 103 | +> indicated in the file; or |
| 104 | +> |
| 105 | +> (b) The contribution is based upon previous work that, to the best |
| 106 | +> of my knowledge, is covered under an appropriate open source |
| 107 | +> license and I have the right under that license to submit that |
| 108 | +> work with modifications, whether created in whole or in part |
| 109 | +> by me, under the same open source license (unless I am |
| 110 | +> permitted to submit under a different license), as indicated |
| 111 | +> in the file; or |
| 112 | +> |
| 113 | +> (c) The contribution was provided directly to me by some other |
| 114 | +> person who certified (a), (b) or (c) and I have not modified |
| 115 | +> it. |
| 116 | +> |
| 117 | +> (d) I understand and agree that this project and the contribution |
| 118 | +> are public and that a record of the contribution (including all |
| 119 | +> personal information I submit with it, including my sign-off) is |
| 120 | +> maintained indefinitely and may be redistributed consistent with |
| 121 | +> this project or the open source license(s) involved. |
| 122 | +
|
| 123 | +Contributors _sign-off_ that they adhere to these requirements by adding a `Signed-off-by` line to commit messages. |
| 124 | + |
| 125 | +```text |
| 126 | +This is my commit message |
| 127 | +
|
| 128 | +Signed-off-by: Random J Developer <random@developer.example.org> |
| 129 | +``` |
| 130 | + |
| 131 | +Git even has a `-s` command line option to append this automatically to your commit message: |
| 132 | + |
| 133 | +```bash |
| 134 | +git commit -s -m 'This is my commit message' |
| 135 | +``` |
| 136 | + |
| 137 | +Pull requests that do not contain a valid `Signed-off-by` line cannot be merged. |
| 138 | + |
| 139 | +### I didn't sign my commit, now what? |
| 140 | + |
| 141 | +No worries - You can easily amend your commit with a sign-off and force push the change to your submitting branch: |
| 142 | + |
| 143 | +```bash |
| 144 | +git switch <branch-name> |
| 145 | +git commit --amend --no-edit --signoff |
| 146 | +git push --force-with-lease <remote-name> <branch-name> |
| 147 | +``` |
| 148 | + |
| 149 | +## Code of Conduct |
| 150 | + |
| 151 | +This project has adopted the [CNCF Code of Conduct](./code-of-conduct.md) |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments