[#3] Add SECURITY.md and CONTRIBUTING.md templates
Signed-off-by: George Bartolomey <george@bh4.ru>
This commit is contained in:
parent
f0376ee1e3
commit
29496e10a2
2 changed files with 184 additions and 0 deletions
156
CONTRIBUTING.md
Normal file
156
CONTRIBUTING.md
Normal file
|
@ -0,0 +1,156 @@
|
||||||
|
# Contribution guide
|
||||||
|
|
||||||
|
First, thank you for contributing! We love and encourage pull requests from
|
||||||
|
everyone. Please follow the guidelines:
|
||||||
|
|
||||||
|
- Check the open [issues](https://git.frostfs.info/TrueCloudLab/basic/issues) and
|
||||||
|
[pull requests](https://git.frostfs.info/TrueCloudLab/basic/pulls) for existing
|
||||||
|
discussions.
|
||||||
|
|
||||||
|
- Open an issue first, to discuss a new feature or enhancement.
|
||||||
|
|
||||||
|
- Write tests, and make sure the test suite passes locally and on CI.
|
||||||
|
|
||||||
|
- Open a pull request, and reference the relevant issue(s).
|
||||||
|
|
||||||
|
- Make sure your commits are logically separated and have good comments
|
||||||
|
explaining the details of your change.
|
||||||
|
|
||||||
|
- After receiving feedback, amend your commits or add new ones as
|
||||||
|
appropriate.
|
||||||
|
|
||||||
|
- **Have fun!**
|
||||||
|
|
||||||
|
## Development Workflow
|
||||||
|
|
||||||
|
Start by forking the `basic` repository, make changes in a branch and then
|
||||||
|
send a pull request. We encourage pull requests to discuss code changes. Here
|
||||||
|
are the steps in details:
|
||||||
|
|
||||||
|
### Set up your Forgejo repository
|
||||||
|
Fork [FrostFS node upstream](https://git.frostfs.info/TrueCloudLab/basic) source
|
||||||
|
repository to your own personal repository. Copy the URL of your fork (you will
|
||||||
|
need it for the `git clone` command below).
|
||||||
|
|
||||||
|
```sh
|
||||||
|
$ git clone https://git.frostfs.info/TrueCloudLab/basic
|
||||||
|
```
|
||||||
|
|
||||||
|
### Set up git remote as ``upstream``
|
||||||
|
```sh
|
||||||
|
$ cd basic
|
||||||
|
$ git remote add upstream https://git.frostfs.info/TrueCloudLab/basic
|
||||||
|
$ git fetch upstream
|
||||||
|
$ git merge upstream/master
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
### Create your feature branch
|
||||||
|
Before making code changes, make sure you create a separate branch for these
|
||||||
|
changes. Maybe you will find it convenient to name branch in
|
||||||
|
`<type>/<Issue>-<changes_topic>` format.
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git checkout -b feature/123-something_awesome
|
||||||
|
```
|
||||||
|
|
||||||
|
### Test your changes
|
||||||
|
After your code changes, make sure
|
||||||
|
|
||||||
|
- To add test cases for the new code.
|
||||||
|
- To run `make lint` and `make staticcheck-run`
|
||||||
|
- To squash your commits into a single commit or a series of logically separated
|
||||||
|
commits run `git rebase -i`. It's okay to force update your pull request.
|
||||||
|
- To run `make test` and `make all` completes.
|
||||||
|
|
||||||
|
### Commit changes
|
||||||
|
After verification, commit your changes. This is a [great
|
||||||
|
post](https://chris.beams.io/posts/git-commit/) on how to write useful commit
|
||||||
|
messages. Try following this template:
|
||||||
|
|
||||||
|
```
|
||||||
|
[#Issue] <component> Summary
|
||||||
|
|
||||||
|
Description
|
||||||
|
|
||||||
|
<Macros>
|
||||||
|
|
||||||
|
<Sign-Off>
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git commit -sam '[#123] Add some feature'
|
||||||
|
```
|
||||||
|
|
||||||
|
### Push to the branch
|
||||||
|
Push your locally committed changes to the remote origin (your fork)
|
||||||
|
```
|
||||||
|
$ git push origin feature/123-something_awesome
|
||||||
|
```
|
||||||
|
|
||||||
|
### Create a Pull Request
|
||||||
|
Pull requests can be created via Forgejo. Refer to [this
|
||||||
|
document](https://docs.codeberg.org/collaborating/pull-requests-and-git-flow/) for
|
||||||
|
detailed steps on how to create a pull request. After a Pull Request gets peer
|
||||||
|
reviewed and approved, it will be merged.
|
||||||
|
|
||||||
|
## DCO Sign off
|
||||||
|
|
||||||
|
All authors to the project retain copyright to their work. However, to ensure
|
||||||
|
that they are only submitting work that they have rights to, we are requiring
|
||||||
|
everyone to acknowledge this by signing their work.
|
||||||
|
|
||||||
|
Any copyright notices in this repository should specify the authors as "the
|
||||||
|
contributors".
|
||||||
|
|
||||||
|
To sign your work, just add a line like this at the end of your commit message:
|
||||||
|
|
||||||
|
```
|
||||||
|
Signed-off-by: Samii Sakisaka <samii@ivunojikan.co.jp>
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
This can easily be done with the `--signoff` option to `git commit`.
|
||||||
|
|
||||||
|
By doing this you state that you can certify the following (from [The Developer
|
||||||
|
Certificate of Origin](https://developercertificate.org/)):
|
||||||
|
|
||||||
|
```
|
||||||
|
Developer Certificate of Origin
|
||||||
|
Version 1.1
|
||||||
|
|
||||||
|
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
|
||||||
|
1 Letterman Drive
|
||||||
|
Suite D4700
|
||||||
|
San Francisco, CA, 94129
|
||||||
|
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies of this
|
||||||
|
license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
|
||||||
|
Developer's Certificate of Origin 1.1
|
||||||
|
|
||||||
|
By making a contribution to this project, I certify that:
|
||||||
|
|
||||||
|
(a) The contribution was created in whole or in part by me and I
|
||||||
|
have the right to submit it under the open source license
|
||||||
|
indicated in the file; or
|
||||||
|
|
||||||
|
(b) The contribution is based upon previous work that, to the best
|
||||||
|
of my knowledge, is covered under an appropriate open source
|
||||||
|
license and I have the right under that license to submit that
|
||||||
|
work with modifications, whether created in whole or in part
|
||||||
|
by me, under the same open source license (unless I am
|
||||||
|
permitted to submit under a different license), as indicated
|
||||||
|
in the file; or
|
||||||
|
|
||||||
|
(c) The contribution was provided directly to me by some other
|
||||||
|
person who certified (a), (b) or (c) and I have not modified
|
||||||
|
it.
|
||||||
|
|
||||||
|
(d) I understand and agree that this project and the contribution
|
||||||
|
are public and that a record of the contribution (including all
|
||||||
|
personal information I submit with it, including my sign-off) is
|
||||||
|
maintained indefinitely and may be redistributed consistent with
|
||||||
|
this project or the open source license(s) involved.
|
||||||
|
```
|
28
SECURITY.md
Normal file
28
SECURITY.md
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
|
||||||
|
## How To Report a Vulnerability
|
||||||
|
|
||||||
|
If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.
|
||||||
|
|
||||||
|
**Please do not report security vulnerabilities through public issues, discussions, or change requests.**
|
||||||
|
|
||||||
|
Instead, you can report it using one of the following ways:
|
||||||
|
|
||||||
|
* Contact the [TrueCloudLab Security Team](mailto:security@frostfs.info) via email
|
||||||
|
|
||||||
|
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
|
||||||
|
|
||||||
|
* The type of issue (e.g., buffer overflow, or cross-site scripting)
|
||||||
|
* Affected version(s)
|
||||||
|
* Impact of the issue, including how an attacker might exploit the issue
|
||||||
|
* Step-by-step instructions to reproduce the issue
|
||||||
|
* The location of the affected source code (tag/branch/commit or direct URL)
|
||||||
|
* Full paths of source file(s) related to the manifestation of the issue
|
||||||
|
* Any special configuration required to reproduce the issue
|
||||||
|
* Any log files that are related to this issue (if possible)
|
||||||
|
* Proof-of-concept or exploit code (if possible)
|
||||||
|
|
||||||
|
This information will help us triage your report more quickly.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue