Skip to content

Latest commit

 

History

History
82 lines (51 loc) · 2.65 KB

CONTRIBUTING.md

File metadata and controls

82 lines (51 loc) · 2.65 KB

Contributing to Package Analysis

Hello new contributor! Thank you for contributing your time and expertise to the Package Analysis project. We're delighted to have you on board.

This document describes the contribution guidelines for the project.

Ways to get in touch

If you have any contribution-related questions, please get in touch! Here are some ways to reach current contributors

  1. Open a new issue (strongly preferred)
  2. Via the OpenSSF Securing Critical Projects Working Group mailing list or Slack channel

Note: for minor changes (typos, documentation improvements), feel free to open a pull request directly.

Note: Before you start contributing, you must read and abide by our Code of Conduct.

Contributing code

Getting started

  1. Create a GitHub account
  2. Set up your development environment

Environment Setup

You must install these tools:

  1. git: For source control.
  2. go: For running code.
  3. make: For running development commands

For running/testing locally, the following additional tools are required:

  1. docker: The external container
  2. podman: The internal container
  3. docker-compose for end-to-end testing

Then clone the repository, e.g:

$ git clone git@github.com:khulnasoft-lab/package-analysis.git
$ cd package-analysis

Notes on style

Commit style

Prefer smaller PRs to make reviewing easier. Larger changes can be split into smaller PRs by branching off previous (unmerged) branches rather than main.

Code style

We generally follow the Google Go Style Guide.

Warnings

Some things that are OK:

  • not handling the error when defer close() on an HTTP response body

Comments

Follow official Go comment style: https://tip.golang.org/doc/comment. In particular, all exported (capitalised) types and functions should have a comment explaining what they do. The comment should start with the type/function name.

Imports

  • stdlib imports grouped first, then 3rd party packages, then local imports
  • each group separated by a blank line and ordered alphabetically
on IntelliJ
  • Remove redundant import aliases: yes
  • Sorting type: gofmt
  • Move all imports into a single declaration: yes
  • Group stdlib imports: yes
  • Move all stdlib imports in a single group: yes
  • Group: yes, current project packages