Thank you for your interest in contributing to SecureBuild! Please review our Code of Conduct before participating.
- Bug reports and feature requests — Open an issue.
- Security vulnerabilities — See SECURITY.md for responsible disclosure.
- Code and documentation — Open a pull request (see Submitting Changes below).
The project uses a Nix flake for the development environment (Go, Node, SchemaHero, apko, melange, syft, Dagger, vunnel, etc.).
You need a container runtime for building and running images:
- Docker or a Docker-compatible daemon (Docker Desktop, Colima/Lima on macOS)
- OrbStack — a lightweight Docker-compatible runtime, especially common on macOS
- Run
nix develop, or - Use direnv with
use flakein.envrcso the environment loads automatically.
make help- Build worker:
make build-worker(builds worker with embedded builder binaries). - Run services:
make run-worker,make run-oci-proxy,make run-apk-proxy(each builds first if needed).
- Install:
cd securebuild-app && npm install. - Dev server:
npm run dev(app on port 3000).
- Migrations:
make migrate(runs SchemaHero-based migrations).
- Unit tests (all):
make test-unit— runs Go unit tests plus securebuild-app tests. - Go unit tests only:
make test-unit-go. - Integration tests:
make test-integration-oci-proxymake test-integration-apk-proxymake test-integration-worker
CI runs tests on pull requests; run the relevant targets locally before submitting.
- Fork the repository and create a branch from
main. - Make your changes and add tests where applicable.
- Run the relevant test targets locally (see Testing above).
- Open a pull request against
mainwith a clear description of the change and the problem it solves.
For more details, see the Development Setup and Contributing pages in the documentation.