|
1 | | -# Contributing to the Web Security Track |
| 1 | +# Contributing to Web Security Resources |
2 | 2 |
|
3 | | -We welcome contributions to the content and source code of the Web Security Track. |
4 | | -You may contribute by: |
| 3 | +These are recommendations when contributing to the contents of the Web Security repository. |
| 4 | +They consider contributions to both actual content (mostly Markdown) and support code made via Git. |
5 | 5 |
|
6 | | -- opening [issues](https://github.com/security-summer-school/web/issues) |
7 | | -- taking part in [discussions](https://github.com/security-summer-school/web/discussions) |
8 | | -- creating [pull requests](https://github.com/security-summer-school/web//pulls) to update the content |
| 6 | +## First Steps |
9 | 7 |
|
10 | | -Before you make any contribution, make sure it follows the [community guide](https://github.com/security-summer-school/meta/blob/master/docs/contributing.md). |
| 8 | +Some good first steps and best practices when using Git are explained here: |
| 9 | + |
| 10 | +- the Git Immersion tutorial: <https://gitimmersion.com/> |
| 11 | +- the Atlassian tutorial: <https://www.atlassian.com/git/tutorials/learn-git-with-bitbucket-cloud> |
| 12 | +- this blog post on the `ROSEdu Techblog`: <https://techblog.rosedu.org/git-good-practices.html> |
| 13 | + |
| 14 | +## Language |
| 15 | + |
| 16 | +All of our content is developed in English. |
| 17 | +This means we use English for content, support code, commit messages, pull requests, issues, comments, everything. |
| 18 | + |
| 19 | +## Content Writing Style |
| 20 | + |
| 21 | +This section addresses the development of session content and other Markdown files. |
| 22 | + |
| 23 | +Write each sentence on a new line. |
| 24 | +This way, changing one sentence only affects one line in the source code. |
| 25 | + |
| 26 | +Use the **first person plural** when writing documentation and tutorials. |
| 27 | +Use phrases like "we run the command / app", "we look at the source code", "we find the flag". |
| 28 | + |
| 29 | +Use the second person for challenges and other individual activities. |
| 30 | +Use phrases like "find the flag", "run this command", "download the tool". |
| 31 | + |
| 32 | +## Images |
| 33 | + |
| 34 | +Use [draw.io](https://app.diagrams.net/) to create diagrams. |
| 35 | +If using external images / diagram, make sure they use a CC BY-SA license and give credits (mention author and / or add link to the image source). |
| 36 | + |
| 37 | +## Slides |
| 38 | + |
| 39 | +Slides are to be written in Markdown, using [`reveal-md`](https://github.com/webpro/reveal-md), itself based on [`reveal-js`](https://revealjs.com/). |
| 40 | +Use `reveal-md` and `reveal-js` specifics to split information in slides. |
| 41 | +Aim to make slides attractive, sleek and simple to follow. |
| 42 | + |
| 43 | +Images and diagrams would ideally be animated on slides. |
| 44 | +Aim to use `reveal.js` features to animate drawing of diagrams. |
| 45 | + |
| 46 | +If `reveal.js` drawing is difficult, use [draw.io](https://app.diagrams.net/) to create diagrams. |
| 47 | +Ideally you would "animate" those diagrams by creating multiple incremental versions of the diagram and adding each to a slide; |
| 48 | +when browsing slides pieces of these diagrams will "appear" and complete the final image, rendering an animation-like effect. |
| 49 | + |
| 50 | +## Issues |
| 51 | + |
| 52 | +When opening an issue, please clearly state the problem. |
| 53 | +Make sure it's reproducible. |
| 54 | +Add images if required. |
| 55 | +Also, if relevant, detail the environment you used (OS, software versions). |
| 56 | +Ideally, if the issue is something you could fix, open a pull request with the fix. |
| 57 | + |
| 58 | +## Discussions |
| 59 | + |
| 60 | +Use GitHub discussions for bringing up ideas on content, new chapters, new sections. |
| 61 | +Provide support to others asking questions and take part in suggestions brought by others. |
| 62 | +Please be civil when taking part in discussions. |
| 63 | + |
| 64 | +## Pull Requests |
| 65 | + |
| 66 | +For pull requests, please follow the [GitHub flow](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork): create a fork of the repository, create your own branch, do commits, push changes to your branch, do a pull request (PR). |
| 67 | +The destination branch of pull requests is the default `master` branch. |
| 68 | + |
| 69 | +Make sure each commit corresponds to **one** code / content change only. |
| 70 | +If there are multiple commits belonging to a given change, please squash the commits. |
| 71 | + |
| 72 | +Also make sure one pull request covers only **one** topic. |
| 73 | + |
| 74 | +### Commits |
| 75 | + |
| 76 | +Before making a commit, configure your name and email locally using: |
| 77 | + |
| 78 | +```bash |
| 79 | +git config --global user.name "Your Name" |
| 80 | +git config --global user.email "your.email@example.com" |
| 81 | +``` |
| 82 | + |
| 83 | +Then make sure the email you've just configured corresponds to the one you have [set on GitHub](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/adding-an-email-address-to-your-github-account). |
| 84 | + |
| 85 | +After this, make your changes, `git add` them and then commit them using `git commit -s`. |
| 86 | +Always sign your commits using the `-s` / `--signoff` arguments to `git commit`. |
| 87 | +This will add the following line at the end of the commit message: |
| 88 | + |
| 89 | +```text |
| 90 | +Signed-off-by: Your Name <your.email@example.com> |
| 91 | +``` |
| 92 | + |
| 93 | +Notice that the details above are the name and email that you configured earlier. |
| 94 | + |
| 95 | +Now the `git commit` command will open your default editor and ask you to write a commit message. |
| 96 | +Prefix each commit message name with the chapter and content type it belongs to, e.g. `TODO-chapter/reading`, `TODO-chapter/slides`, `TODO-chapter/drills`. |
| 97 | +Following the prefix, write a short and expressive title on the first line. |
| 98 | +Use commit messages with verbs at imperative mood: "Add README", "Update contents", "Introduce feature". |
| 99 | + |
| 100 | +Leave an empty line, then add a relevant description of the changes made in that commit. |
| 101 | +This description should include why that change is needed (fixes a bug, improves something that was inefficient, etc.). |
| 102 | +Wrap the lines of this description to 75 characters. |
| 103 | +How a good commit message should look like: <https://cbea.ms/git-commit/> |
| 104 | +Below is an example of a good commit message: |
| 105 | + |
| 106 | +```text |
| 107 | +template-chapter/drills: Fix Makefile `CFLAGS` error |
| 108 | +
|
| 109 | +`CFLAGS` was incorrectly set to optimise the code to the `-O3` level. This |
| 110 | +caused the function `vulnerable_func()` to be inlined into the caller |
| 111 | +`main()`, making it impossible to overwrite `main()`'s return address with |
| 112 | +that of `vulnerable_func()`. This commit fixes the issue by forcing the |
| 113 | +compiler to not optimise the code by replacing `-O3` with `-O0` in `CFLAGS` |
| 114 | +
|
| 115 | +Signed-off-by: Your Name <your.name@example.com> |
| 116 | +``` |
0 commit comments