1# Contribute to this repository
2
3This page contains information about reporting issues as well as some tips and
4guidelines useful to experienced open source contributors.
5
6## Reporting security issues
7
8The project maintainers take security seriously. If you discover a security
9issue, please bring it to their attention right away!
10
11**Please _DO NOT_ file a public issue**, instead send your report privately to
12[security@docker.com](mailto:security@docker.com).
13
14Security reports are greatly appreciated and we will publicly thank you for it.
15We also like to send gifts—if you're into schwag, make sure to let
16us know. We currently do not offer a paid security bounty program, but are not
17ruling it out in the future.
18
19
20## Reporting other issues
21
22A great way to contribute to the project is to send a detailed report when you
23encounter an issue. We always appreciate a well-written, thorough bug report,
24and will thank you for it!
25
26Check that [the issue database](https://github.com/docker/docker-credential-helpers/issues)
27doesn't already include that problem or suggestion before submitting an issue.
28If you find a match, you can use the "subscribe" button to get notified on
29updates. Do *not* leave random "+1" or "I have this too" comments, as they
30only clutter the discussion, and don't help resolving it. However, if you
31have ways to reproduce the issue or have additional information that may help
32resolving the issue, please leave a comment.
33
34Include the steps required to reproduce the problem if possible and applicable.
35This information will help us review and fix your issue faster. When sending
36lengthy log-files, consider posting them as an attachment, instead of posting
37inline.
38
39**Do not forget to remove sensitive data from your logfiles before submitting**
40 (you can replace those parts with "REDACTED").
41
42### Pull requests are always welcome
43
44Not sure if that typo is worth a pull request? Found a bug and know how to fix
45it? Do it! We will appreciate it.
46
47If your pull request is not accepted on the first try, don't be discouraged! If
48there's a problem with the implementation, hopefully you received feedback on
49what to improve.
50
51We're trying very hard to keep this project lean and focused. We don't want it to
52do everything for everybody. This means that we might decide against
53incorporating a new feature. However, there might be a way to implement that
54feature *on top of* code in this project.
55
56### Design and cleanup proposals
57
58You can propose new designs for existing features. You can also design
59entirely new features. We really appreciate contributors who want to refactor or
60otherwise cleanup our project.
61
62### Sign your work
63
64The sign-off is a simple line at the end of the explanation for the patch. Your
65signature certifies that you wrote the patch or otherwise have the right to pass
66it on as an open-source patch. The rules are pretty simple: if you can certify
67the below (from [developercertificate.org](https://developercertificate.org)):
68
69```
70Developer Certificate of Origin
71Version 1.1
72
73Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
74
75Everyone is permitted to copy and distribute verbatim copies of this
76license document, but changing it is not allowed.
77
78
79Developer's Certificate of Origin 1.1
80
81By making a contribution to this project, I certify that:
82
83(a) The contribution was created in whole or in part by me and I
84 have the right to submit it under the open source license
85 indicated in the file; or
86
87(b) The contribution is based upon previous work that, to the best
88 of my knowledge, is covered under an appropriate open source
89 license and I have the right under that license to submit that
90 work with modifications, whether created in whole or in part
91 by me, under the same open source license (unless I am
92 permitted to submit under a different license), as indicated
93 in the file; or
94
95(c) The contribution was provided directly to me by some other
96 person who certified (a), (b) or (c) and I have not modified
97 it.
98
99(d) I understand and agree that this project and the contribution
100 are public and that a record of the contribution (including all
101 personal information I submit with it, including my sign-off) is
102 maintained indefinitely and may be redistributed consistent with
103 this project or the open source license(s) involved.
104```
105
106Then you just add a line to every git commit message:
107
108 Signed-off-by: Joe Smith <joe.smith@email.com>
109
110**Use your real name** (sorry, no pseudonyms or anonymous contributions.)
111
112If you set your `user.name` and `user.email` git configs, you can sign your
113commit automatically with `git commit -s`.
114
115### Run the unit- and integration-tests
116
117To validate PRs before submitting them you should run:
118
119```bash
120$ make validate
121```
122
123To run the tests:
124
125```bash
126$ make test
127```
128
129To generate new vendored files with go modules run:
130
131```bash
132$ make vendor
133```
134
135
136### Conventions
137
138- Fork the repository and make changes on your fork in a feature branch
139- Submit tests for your changes. See [run the unit- and integration-tests](#run-the-unit--and-integration-tests)
140 for details.
141- [Sign your work](#sign-your-work)
142
143Write clean code. Universally formatted code promotes ease of writing, reading,
144and maintenance. Always run `gofmt -s -w file.go` on each changed file before
145committing your changes. Most editors have plug-ins that do this automatically.
146
147Pull request descriptions should be as clear as possible and include a
148reference to all the issues that they address. Be sure that the [commit
149messages](#commit-messages) also contain the relevant information.
150
151### Successful Changes
152
153Before contributing large or high impact changes, make the effort to coordinate
154with the maintainers of the project before submitting a pull request. This
155prevents you from doing extra work that may or may not be merged.
156
157Large PRs that are just submitted without any prior communication are unlikely
158to be successful.
159
160While pull requests are the methodology for submitting changes to code, changes
161are much more likely to be accepted if they are accompanied by additional
162engineering work. While we don't define this explicitly, most of these goals
163are accomplished through communication of the design goals and subsequent
164solutions. Often times, it helps to first state the problem before presenting
165solutions.
166
167Typically, the best methods of accomplishing this are to submit an issue,
168stating the problem. This issue can include a problem statement and a
169checklist with requirements. If solutions are proposed, alternatives should be
170listed and eliminated. Even if the criteria for elimination of a solution is
171frivolous, say so.
172
173Larger changes typically work best with design documents. These are focused on
174providing context to the design at the time the feature was conceived and can
175inform future documentation contributions.
176
177### Commit Messages
178
179Commit messages must start with a capitalized and short summary (max. 50 chars)
180written in the imperative, followed by an optional, more detailed explanatory
181text which is separated from the summary by an empty line.
182
183Commit messages should follow best practices, including explaining the context
184of the problem and how it was solved, including in caveats or follow up changes
185required. They should tell the story of the change and provide readers
186understanding of what led to it.
187
188If you're lost about what this even means, please see [How to Write a Git
189Commit Message](http://chris.beams.io/posts/git-commit/) for a start.
190
191In practice, the best approach to maintaining a nice commit message is to
192leverage a `git add -p` and `git commit --amend` to formulate a solid
193changeset. This allows one to piece together a change, as information becomes
194available.
195
196If you squash a series of commits, don't just submit that. Re-write the commit
197message, as if the series of commits was a single stroke of brilliance.
198
199That said, there is no requirement to have a single commit for a PR, as long as
200each commit tells the story. For example, if there is a feature that requires a
201package, it might make sense to have the package in a separate commit then have
202a subsequent commit that uses it.
203
204Remember, you're telling part of the story with the commit message. Don't make
205your chapter weird.
206
207### Review
208
209Code review comments may be added to your pull request. Discuss, then make the
210suggested modifications and push additional commits to your feature branch. Post
211a comment after pushing. New commits show up in the pull request automatically,
212but the reviewers are notified only when you comment.
213
214Pull requests must be cleanly rebased on top of master without multiple branches
215mixed into the PR.
216
217> **Git tip**: If your PR no longer merges cleanly, use `rebase master` in your
218> feature branch to update your pull request rather than `merge master`.
219
220Before you make a pull request, squash your commits into logical units of work
221using `git rebase -i` and `git push -f`. A logical unit of work is a consistent
222set of patches that should be reviewed together: for example, upgrading the
223version of a vendored dependency and taking advantage of its now available new
224feature constitute two separate units of work. Implementing a new function and
225calling it in another file constitute a single logical unit of work. The very
226high majority of submissions should have a single commit, so if in doubt: squash
227down to one.
228
229- After every commit, [make sure the test suite passes](#run-the-unit--and-integration-tests).
230 Include documentation changes in the same pull request so that a revert would
231 remove all traces of the feature or fix.
232- Include an issue reference like `closes #XXXX` or `fixes #XXXX` in the PR
233 description that close an issue. Including references automatically closes
234 the issue on a merge.
235- Do not add yourself to the `AUTHORS` file, as it is regenerated regularly
236 from the Git history.
237- See the [Coding Style](#coding-style) for further guidelines.
238
239
240### Merge approval
241
242Project maintainers use LGTM (Looks Good To Me) in comments on the code review to
243indicate acceptance, or use the Github review approval feature.
244
245
246## Coding Style
247
248Unless explicitly stated, we follow all coding guidelines from the Go
249community. While some of these standards may seem arbitrary, they somehow seem
250to result in a solid, consistent codebase.
251
252It is possible that the code base does not currently comply with these
253guidelines. We are not looking for a massive PR that fixes this, since that
254goes against the spirit of the guidelines. All new contributions should make a
255best effort to clean up and make the code base better than they left it.
256Obviously, apply your best judgement. Remember, the goal here is to make the
257code base easier for humans to navigate and understand. Always keep that in
258mind when nudging others to comply.
259
260The rules:
261
2621. All code should be formatted with `gofmt -s`.
2632. All code should pass the default levels of
264 [`golint`](https://github.com/golang/lint).
2653. All code should follow the guidelines covered in [Effective Go](http://golang.org/doc/effective_go.html)
266 and [Go Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments).
2674. Comment the code. Tell us the why, the history and the context.
2685. Document _all_ declarations and methods, even private ones. Declare
269 expectations, caveats and anything else that may be important. If a type
270 gets exported, having the comments already there will ensure it's ready.
2716. Variable name length should be proportional to its context and no longer.
272 `noCommaALongVariableNameLikeThisIsNotMoreClearWhenASimpleCommentWouldDo`.
273 In practice, short methods will have short variable names and globals will
274 have longer names.
2757. No underscores in package names. If you need a compound name, step back,
276 and re-examine why you need a compound name. If you still think you need a
277 compound name, lose the underscore.
2788. No utils or helpers packages. If a function is not general enough to
279 warrant its own package, it has not been written generally enough to be a
280 part of a util package. Just leave it unexported and well-documented.
2819. All tests should run with `go test` and outside tooling should not be
282 required. No, we don't need another unit testing framework. Assertion
283 packages are acceptable if they provide _real_ incremental value.
28410. Even though we call these "rules" above, they are actually just
285 guidelines. Since you've read all the rules, you now know that.
286
287If you are having trouble getting into the mood of idiomatic Go, we recommend
288reading through [Effective Go](https://golang.org/doc/effective_go.html). The
289[Go Blog](https://blog.golang.org) is also a great resource.
View as plain text