docs: update CONTRIBUTING.md to clarify guidelines
Signed-off-by: Miguel Nogueira <me@nogueira.codes>
This commit is contained in:
parent
6dc6f998d2
commit
bcce3d60a6
@ -3,12 +3,15 @@
|
||||
## Table of Contents
|
||||
- [Code of Conduct](#code-of-conduct)
|
||||
- [How to Contribute](#how-to-contribute)
|
||||
- [Sign your Work](#sign-your-work)
|
||||
- [Commit Structure](#commit-structure)
|
||||
- [Pull Request Guidelines](#prs-and-commits)
|
||||
- [PRs and Commits](#prs-and-commits)
|
||||
- [Sign your Work](#sign-your-work)
|
||||
- [All that bureaucracy...](#all-that-bureaucracy)
|
||||
- [Software versions](#software-versions)
|
||||
- [License](#license)
|
||||
- [Contact](#contact)
|
||||
- [Responsible disclosure](#responsible-disclosure)
|
||||
- [Use of this CONTRIBUTING.md file](#use-of-this-contributingmd-file)
|
||||
|
||||
## Code of Conduct
|
||||
|
||||
@ -20,10 +23,6 @@ Any and all contributions will need to abide by our community contribution guide
|
||||
|
||||
Contributions are welcome. Simply register for a free account at [Webvoke Studio's Gitea instance](https://code.webvokestudio.pt/user/sign_up) to start contributing. To get started quickly, feel free to sign up with your existing GitHub account.
|
||||
|
||||
### Sign your work
|
||||
|
||||
**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively.
|
||||
|
||||
### Commit Structure
|
||||
|
||||
We follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) commit structure; this is both human and machine-friendly, ensuring clean and uniform commit messages across the board.
|
||||
@ -51,6 +50,25 @@ The main branch is protected; For new features, bug fixes, or improvements, fork
|
||||
|
||||
You should then be able to create a PR to merge your branch into main. Make sure the PR is as descriptive as possible. *DON'T FORGET TO SIGN YOUR WORK*.
|
||||
|
||||
### Sign your work
|
||||
|
||||
**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively.
|
||||
|
||||
|
||||
Also, including ``Signed-off-by [Your Name] <you@email.com>`` is a requirement for everyone submitting PRs and commits.
|
||||
|
||||
Signing off your work is as simple as including the ``--signoff`` git command option. This lets us easily track who did what and provides additional protection for our project.
|
||||
|
||||
By signing off your work, you agree to the [Developer Certificate of Origin](https://developercertificate.org).
|
||||
|
||||
### All that bureaucracy...
|
||||
|
||||
You might think that these contribution requirements present a high barrier to entry, and you'd be right! Signing your commits with your key as well as signing them off is a no-brainer once everything is configured and automated. You don't need to do this manually every commit! Creating a key is also pretty simple given that you can follow the guides GitHub published.
|
||||
|
||||
These requirements help fend off spam contributions and keep everyone accountable and on the same page. They're useful for any project, big and small, learning adventure or production software.
|
||||
|
||||
## Software versions
|
||||
|
||||
**Ruby version**
|
||||
|
||||
We're using Ruby 3.2.3 for this project.
|
||||
@ -73,4 +91,10 @@ Please add your name here; Email is not necessary unless you've already configur
|
||||
|
||||
While this is mostly a hobby/learning project written during a Programming class, it's still important to fix any possible vulnerabilities in the code; Especially because beginner developers might expose themselves to external risk and threats if they deploy this code to production.
|
||||
|
||||
As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``.
|
||||
As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``.
|
||||
|
||||
## Use of this CONTRIBUTING.md file
|
||||
|
||||
This file may be used as a template for any open source projects along with its accompanying files, excluding LICENSE.md, as long as you include this message with due credit.
|
||||
|
||||
If you do decide to use this file as a template, make sure to edit the necessary bits, such as the contact section, disclosure section, etc, in order to fit your needs.
|
Loading…
Reference in New Issue
Block a user