Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated readme.md and contributing.md #102

Merged
merged 1 commit into from
Oct 5, 2021
Merged

Updated readme.md and contributing.md #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
173 changes: 105 additions & 68 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,91 +1,128 @@
# Contributing
# **Contributing Guide**

This is Horusec contributing guide. Please read the following sections to learn how to ask questions and how to work on something.

## **Table of contents**
1. [**Getting Started**](#Getting-started)
1. [**Before you contribute**](#Before-you-contribute)
2. [**Code of Conduct**](#Code-of-Conduct)
3. [**Legal**](#Legal)
2. [**Prerequisites**](#Prerequisites)
1. [**Developer Certificate of Origin**](#Developer-Certificate-of-Origin)
2. [**Code Review**](#Code-Review)
3. [**Pull Requests**](#Pull-Requests)
3. [**How to contribute?**](#How-to-contribute?)
1. [**Prepare your development environment**](#Using-Docker)
2. [**First contribution**](#First-contribution)
4. [**Add new feature, bugfixing or improvement**](#Add-new-feature-bugfixing-or-improvement)
5. [**Pull Request's approval**](#Pull-Request's-approval)
6. [**After your pull request's approval**](#After-your-pull-request's-approval)
4. [**Community**](#Community)

When contributing to this repository, please first discuss the change you wish to make via issue,
email, or any other method with the owners of this repository before making a change.
## **Getting started**

Please note we have a code of conduct, please follow it in all your interactions with the project.
### **Before you contribute**

## Pull Request Process
### **Code of Conduct**
Please follow the [**Code of Conduct**](https://github.com/ZupIT/horusec/blob/main/CODE_OF_CONDUCT.md) in all your interactions with our project.

1. Ensure any install or build dependencies are removed before the end of the layer when doing a
build.
2. Update the README.md with details of changes to the interface, this includes new environment
variables, exposed ports, useful file locations and container parameters.
3. Everyone must commit to complying with the DCO rules. It will need to be [signed-off](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) and [verified](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/about-commit-signature-verification). Example: ` git commit -s --amend`.
4. You may merge the Pull Request in once you have the sign-off of two other developers, or if you
do not have permission to do that, you may request the second reviewer to merge it for you.
### **Legal**
- Horusec is licensed over [**ASL - Apache License**](https://github.com/ZupIT/charlescd/blob/main/LICENSE), version 2, so new files must have the ASL version 2 header, for more information, please check out [**Apache license**](https://www.apache.org/licenses/LICENSE-2.0).

## Code of Conduct
- All contributions are subject to the [**Developer Certificate of Origin (DCO)**](https://developercertificate.org).
When you commit, use the ```**-s** ``` option to include the Signed-off-by line at the end of the commit log message.

### Our Pledge
## **Prerequisites**
Check out the requisites before contributing to Horusec:

In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of experience,
nationality, personal appearance, race, religion, or sexual identity and
orientation.
### **Developer Certificate of Origin - DCO**

### Our Standards
This is a security layer for the project and for the developers. It is mandatory.

There are two ways to use DCO, see them below:

**1. Command line**
Follow the steps:
**Step 1:** Check out your local git:

Examples of behavior that contributes to creating a positive environment
include:
```
git config --global user.name “Name”
git config --global user.email “email@domain.com.br”
```
**Step 2:** When you commit, add the sigoff via `-s` flag:

* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
```
$ git commit -s -m "This is my commit message"
```
**2. GitHub website**

Examples of unacceptable behavior by participants include:
**Step 1:** When the commit changes box opens, add
```
$ git commit -m “My signed commit” Signed-off-by: username <email address>
```
Note: For this option, your e-mail must be the same in registered in GitHub.

* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
### **Code Review**
- All your submissions needs a review.

### Our Responsibilities
### **Pull Requests**
When opening a PR:
- You need to add a title describing the issue.
- Fill in the template, describe why you are opening the PR.

Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
## **How to contribute?**
See the guidelines to submit your changes:

Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
### **Prepare your development environment**
Horusec has other repositories and you can check the README for each one of them:

### Scope
- [**Admin**](https://github.com/ZupIT/horusec-admin)
- [**Charts**](https://github.com/ZupIT/charlescd/tree/main/circle-matcher)
- [**Devkit**](https://github.com/ZupIT/horusec-devkit)
- [**Jenkins**](https://github.com/ZupIT/horusec-jenkins-sharedlib)
- [**Platform**](https://github.com/ZupIT/horusec-platform)
- [**VSCode plugin**](https://github.com/ZupIT/horusec-vscode-plugin)
- [**Kotlin**](https://github.com/ZupIT/horusec-tree-sitter-kotlin)
- [**Vulnerabilities**](https://github.com/ZupIT/horusec-examples-vulnerabilities)

This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
### **First contribution**
Contributing to a new feature is only allowed in the [**main repository**](https://github.com/ZupIT/horusec).

### Enforcement
Before contributing to this repository, please discuss the changes you wish to make via email or [**forum**](https://forum.zup.com.br/c/en/horusec/14).

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at "channel will be created and inserted here". All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
### **Add new feature, bugfixing or improvement**
If you want to add an improvement, a new feature or bugfix, follow the steps to contribute:

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
**Step 1:** Make sure your branch is based on main;
**Step 2:** When opening an issue, choose a template to answer the questions regarding the what you want to contribute:
- [**Bug Report**](https://github.com/ZupIT/horusec/blob/main/.github/ISSUE_TEMPLATE/bug_report.md)
- [**Feature request**](https://github.com/ZupIT/horusec/blob/main/.github/ISSUE_TEMPLATE/feature_request.md)
- [**Improvement**](https://github.com/ZupIT/horusec/blob/main/.github/ISSUE_TEMPLATE/improvement.md)
- [**Support request**](https://github.com/ZupIT/horusec/blob/main/.github/ISSUE_TEMPLATE/support_request.md)

### Attribution
**Step 3:** Make your changes and open a GitHub pull request;

This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at [http://contributor-covenant.org/version/1/4][version]
**Step 4:** Make sure to write a title describing what you have done;

[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/
**Step 5:** Fill in the template in the PR, here you need to write what you did and how the team can verify it;

**Step 6:** You must commit to comply with the DCO rules. It will need to be [**signed-off**](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) and [**verified**](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/about-commit-signature-verification). Example: ` git commit -s --amend`.


### **Pull Request's approval**
Your pull request is approved when:
- 2 code owners approve it.
- Pass all GitHub actions checking process (lint, test, coverage, license, build, e2e, security, dco).

### **After your pull request's approval**
- If it is a bugfix, the team will perform the changes and there will be a new release.
- If it is a feature, it will be in the next release.

## **Community**

- Do you have any question about Horusec in our [**mailing list**](horusec@zup.com.br)
- Let's chat in our [**forum**](https://forum.zup.com.br/c/en/horusec/14).

Thank you for your contribution, you rock! 🚀

**Horusec team**
Loading