👍🎉 First off, thanks for taking the time to contribute! 🎉👍
badrobot is Apache 2.0 licensed and accepts contributions via GitHub pull requests.
The following is a set of guidelines for contributing to badrobot. We generally have stricter rules as it's a security tool but don't let that discourage you from creating your PR, it can be incrementally fixed to fit the rules. Also feel free to propose changes to this document in a pull request.
- Contributing to badrobot
This project and everyone participating are governed by the Code of Conduct. By participating, you are expected to uphold this code. Please report unacceptable behaviour to [email protected].
We have an official message board with a detailed FAQ and where the community chimes in with helpful advice if you have questions.
We also have an issue template for questions here.
The acceptance tests require some dependencies fetched via submodules. You can either clone the repo with --recurse-submodules
or when running make test/make test-acceptance it will automatically fetch them if they're missing.
This section guides you through submitting a bug report for badrobot. Following these guidelines helps maintainers and the community understand your report, reproduce the behaviour, and find related reports.
Before creating bug reports, please check this list as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible. Fill out the issue template for bugs, the information it asks for helps us resolve issues faster.
Note: If you find a Closed issue that seems like it is the same thing that you're experiencing, open a new issue and include a link to the original issue in the body of your new one.
- Perform a cursory search to see if the problem has already been reported. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one
Bugs are tracked as GitHub issues. Create an issue on that repository and provide the following information by filling in the issue template here.
Explain the problem and include additional details to help maintainers reproduce the problem:
- Use a clear and descriptive title for the issue to identify the problem
- Describe the exact steps which reproduce the problem in as many details as possible. For example, start by explaining
- Provide specific examples to demonstrate the steps. Include links to files or GitHub projects, or copy/pasteable snippets, which you use in those examples. If you're providing snippets in the issue, use Markdown code blocks
- Describe the behaviour you observed after following the steps and point out what exactly is the problem with that behaviour
- Explain which behaviour you expected to see instead and why.
Provide more context by answering these questions:
- Did the problem start happening recently (e.g. after updating to a new version of badrobot) or was this always a problem?
- If the problem started happening recently, can you reproduce the problem in an older version of badrobot? What's the most recent version in which the problem doesn't happen? You can download older versions of badrobot from the releases page
- Can you reliably reproduce the issue? If not, provide details about how often the problem happens and under which conditions it normally happens
- If the problem is related to scanning files, does the problem happen for all files and projects or only some? Is there anything else special about the files you are using? Please include them in your report, censor any sensitive information but ensure the issue still exists with the censored file
This section guides you through submitting an enhancement suggestion for badrobot, including completely new features and minor improvements to existing functionality. Following these guidelines helps maintainers and the community understand your suggestion and find related suggestions.
Before creating enhancement suggestions, please check this list as you might find out that you don't need to create one. When you are creating an enhancement suggestion, please include as many details as possible. Fill in the template feature request template, including the steps that you imagine you would take if the feature you're requesting existed.
- Perform a cursory search to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one
Enhancement suggestions are tracked as GitHub issues. Create an issue on this repository and provide the following information:
- Use a clear and descriptive title for the issue to identify the suggestion
- Provide a step-by-step description of the suggested enhancement in as many details as possible
- Provide specific examples to demonstrate the steps. Include copy/pasteable snippets which you use in those examples, as Markdown code blocks
- Describe the current behaviour and explain which behaviour you expected to see instead and why
- Explain why this enhancement would be useful to most badrobot users and isn't something that can or should be implemented as a separate community project
- List some other tools where this enhancement exists.
- Specify which version of badrobot you're using. You can get the exact version by running
badrobot versionin your terminal - Specify the name and version of the OS you're using.
Unsure where to begin contributing to badrobot? You can start by looking through these Good First Issue and Help Wanted
issues:
- Good First Issue issues - issues which should only require a few lines of code, and a test or two
- Help wanted issues - issues which should be a bit more involved than
Good First Issueissues
Both issue lists are sorted by total number of comments. While not perfect, number of comments is a reasonable proxy for impact a given change will have.
To build the project you can use make build. The resulting binary will be in ./dist.
To test the project you can run make test for unit and command-line acceptance testing. For http testing also run make test-remote.
The process described here has several goals:
- Maintain badrobot's quality
- Fix problems that are important to users
- Engage the community in working toward the best possible badrobot
- Enable a sustainable system for badrobot's maintainers to review contributions
Please follow these steps to have your contribution considered by the maintainers:
- Follow all instructions in the template
- Follow the style guides
- After you submit your pull request, verify that all status checks
are passing
What if the status checks are failing?
If a status check is failing, and you believe that the failure is unrelated to your change, please leave a comment on the pull request explaining why you believe the failure is unrelated. A maintainer will re-run the status check for you. If we conclude that the failure was a false positive, then we will open an issue to track that problem with our status check suite.
While the prerequisites above must be satisfied prior to having your pull request reviewed, the reviewer(s) may ask you to complete additional tests, or other changes before your pull request can be ultimately accepted.
- It's strongly preferred you GPG Verify your commits if you can
- Follow Conventional Commits
- Use the present tense ("add feature" not "added feature")
- Use the imperative mood ("move cursor to..." not "moves cursor to...")
- Limit the first line to 72 characters or less
- Reference issues and pull requests liberally after the first line
Look at installing an .editorconfig plugin or configure your editor to match the .editorconfig file in the root of the
repository.
All Go code is linted with golangci-lint.
For formatting rely on gofmt to handle styling.
We follow the Google Shell Style Guide. All bash/bats code is linted with shellcheck. In the future it will also be formatted with shfmt.
All markdown code is linted with markdownlint-cli.