Also use affect, not effect, as appropriate.
12 KiB
Contributing
Your contributions are always welcome!
Process
Environment
For development with git-secret
you should have these tools:
- git
- bash
- bundler
- gawk
- gnupg (or gnupg2), see below if not packaged by your distribution/OS (i.e. MacOS)
- ruby
- sha256sum (on freebsd and MacOS
shasum
is used instead) - shellcheck
To test git-secret
using test-kitchen, you will also need:
- docker
- test-kitchen
- aspell, to check your changes for spelling errors
These are only required if dealing with manuals, gh-pages
or releases:
- ruby, ruby-dev
Environment MacOS
- install Homebrew
- install gnupg2 with
brew install gnupg2
For docker/test-kitchen
-
install Docker for Mac
-
install Chef Developer Kit (?)
-
install ruby2.4 and kitchen dependencies with
brew install rbenv ruby-build rbenv-vars; rbenv install 2.4.4; rbenv rehash; rbenv global 2.4.4; gem install bundler kitchen-ansible serverspec kitchen-docker kitchen-verifier-serverspec;
Getting started
-
Create your own or pick an opened issue from the tracker. Take a look at the
help-wanted
tag -
Fork and clone your repository:
git clone https://github.com/${YOUR_NAME}/git-secret.git
-
Make sure that everything works on the current platform by running
make test
. You can also try the experimentalSECRETS_TEST_VERBOSE=1 make test
. Note that 'experimental' features may change or be removed in a future version ofgit-secret
. -
Run local CI tests to verify functionality on supported platforms
bundle exec kitchen verify --test-base-path="$PWD/.ci/integration"
.
Code style
New features and changes should aim to be as clear, concise, simple, and consistent
-
clear: make it as obvious as possible what the code is doing
-
concise: your PR should be as few characters (not just lines) of changes as reasonable. However, generally choose clarity over being concise.
Clarity and conciseness can be in conflict with each other. But it's more important for the code to be understandable than for it to be small. Therefore favor writing clear code over making shorter diffs in your PRs. -
simple: this dovetails with the previous two items. git-secret is a security product, so it's best to have the code be easy to understand. This also aids future development and helps minimize bugs.
-
consistent: Write code that is consistent with the surrounding code and the rest of the git-secret code base. Every code base has its own conventions and style that develop and accrete over time.
Consistency also means that the inputs and outputs of git-secret should be as consistent as reasonable with related unix and git tools, and follow the 'rule of least surprise', also known as the 'principle of least astonishment': https://en.wikipedia.org/wiki/Principle_of_least_astonishment
We wrote this to clarify our thinking about how git-secret should be written. Of course, these are philosophical goals, not necessities for releasing code, so balancing these four ideals perfectly is both unwarranted and impossible.
Writing PRs
If you're planning a large change to git-secret
(for example, a lot of lines/characters of diffs, affecting multiple commands,
changing/adding a lot of behavior, or adding multiple command-line options), it's best to discuss the changes in an Issue first.
Also it's often best to implement larger or complex changes as a series of planned-out, smaller PRs,
each making a small set of specific changes. This facilitates discussions of implementation, which often come to light
only after seeing the actual code used to perform a task.
As mentioned above, we seek to be consistent with surrounding git and unix tools, so when writing changes to git-secret, think about the input, output, and command-line options that similar unix commands use.
Our favor toward traditional unix and git command-style inputs and outputs can also mean it's appropriate to lean heavily on git and widely-used unix command features instead of re-implementing them in code.
Development Process
-
Firstly, you should need to setup development git hooks with
make install-hooks
This will copy the git-secret development hooks from utils/hooks into .git/hooks/pre-commit and .git/hooks/post-commit -
Make changes to the git secret files that need to be changed
-
When making changes to any files inside
src/
, for changes to take effect you will need to rebuild thegit-secret
script withmake clean && make build
-
Run
shellcheck
against all your changes withmake lint
. You should also check your changes for spelling errors using 'aspell -c filename'. -
Add an entry to CHANGELOG.md, referring to the related issue # if appropriate
-
Change the .ronn file(s) in man/man1 and man/man7 to document your changes if appropriate
-
Now, add all your files to the commit with
git add --all
and commit changes withgit commit
. Write a good commit message which explains your work -
When running
git commit
the tests will run automatically, your commit will be canceled if they fail. You can run the tests manually withmake clean build test
. -
Push to your repository, and make a pull-request against
master
branch. It's ideal to have one commit per pull-request; otherwise PRs will probably besquashed
into one commit when merged.
Branches
We have two long-live branches: master
for the git-secret code and man pages, and gh-pages
for the static web site.
Development looks like this:
your-branch
->master
master
branch is protected, so only fully tested code goes there. It is also used to create a newgit
tag and agithub
release
The gh-pages
branch is used for the pages at git-secret.io
. See 'Release Process' below.
Continuous integration
Local CI is done with the help test-kitchen
. test-kitchen
handles multiple test-suites on various platforms.
bundle exec kitchen list
will output the list of test suites to be run against supported platforms.
Cloud CI is done with the help of travis
. travis
handles multiple environments:
Docker
-based jobs or so-called 'integration tests', these tests create a local release, install it with the package manager and then run unit-tests and system checksOSX
jobs, which handle basic unit-tests onMacOS
(Travis still calls MacOS 'OSX')- Native
travis
jobs, which handle basic unit-tests and style checks
Running local ci-tests
- Install required gems with
bundle install
. - Run ci-tests with
bundle exec kitchen verify --test-base-path="$PWD/.ci/integration"
Writing tests
git-secret
uses bats-core for testing.
See the files in tests/ and the bats-core
documentation for details.
Because the output of many commands can be affected by the SECRETS_VERBOSE environment variable (which enables verbosity), it's best not to expect a particular number of lines of output from commands.
Release process
The release process is defined in the git
-hooks and .travis.yml
.
When creating a commit inside the master
branch (it is usually a documentation and changelog update with the version bump inside src/version.sh
) the hooks will trigger three events.
-
the test suite will be run locally
-
new manuals will be created and added to the current commit with
make build-man
onpre-commit
hook. -
after the commit is successfully created it will also trigger
make build-gh-pages
target onpost-commit
hook, which will push new manuals to the git-secret site. And the newgit
tag will be automatically created if the version is changed:
if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then
git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION"
fi
About GnuPG
Here are some links to gnupg documentation that might be useful for those working with git-secret:
Travis releases
After you commit a tag that matches the pattern '^v.*$' and the tests succeed, Travis will publish new deb
and rpm
packages to bintray
.
If you wish to override a previous release (be careful) you will need to add "override": 1
into matrixParams
, see deb-deploy.sh
and rpm-deploy.sh
Manual releases
Releases to brew
are made manually.
Dockerhub releases
Dockerhub
contains Docker
images with different OSes used for testing. It is updated via a github
webhook on commit into master
.
Downstream Packages
There are several distributions and packaging systems that may already have git-secret packaged for your distribution (although sometimes their versions are not the most current, and we recommend all users upgrade to 0.2.5 or above).
Notes to Downstream Packagers (Those who make packages for specific OSes/distributions)
First of all, thank you for packaging git-secret for your platform! We appreciate it.
We also would like to welcome you to collaborate or discuss any issues, ideas or thoughts you have about git-secret by submitting issue report (which can also be feature requests) or pull requests via the git repo at git-secret on github
Please let us know if there are any changes you'd like to see to the source, packaging, testing, documentation, or other aspect of git-secret. We look forward to hearing from you.
Financial contributions
We also welcome financial contributions in full transparency on our open collective. Anyone can file an expense. If the expense makes sense for the development of the community, it will be "merged" in the ledger of our open collective by the core contributors and the person who filed the expense will be reimbursed.
Credits
Contributors
Thank you to all the people who have already contributed to git-secret via commits to our git repository!
Backers
Thank you to all our backers! [Become a backer]
Sponsors
Thank you to all our sponsors! (please ask your company to also support this open source project by becoming a sponsor)