From bcce3d60a665e775b4d37f4dd0eaf74c51dbc78c Mon Sep 17 00:00:00 2001 From: Miguel Nogueira Date: Tue, 21 May 2024 09:49:50 +0100 Subject: [PATCH] docs: update CONTRIBUTING.md to clarify guidelines Signed-off-by: Miguel Nogueira --- CONTRIBUTING.md | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0bd0377..0eb4e7c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,12 +3,15 @@ ## Table of Contents - [Code of Conduct](#code-of-conduct) - [How to Contribute](#how-to-contribute) - - [Sign your Work](#sign-your-work) - [Commit Structure](#commit-structure) - - [Pull Request Guidelines](#prs-and-commits) + - [PRs and Commits](#prs-and-commits) + - [Sign your Work](#sign-your-work) + - [All that bureaucracy...](#all-that-bureaucracy) + - [Software versions](#software-versions) - [License](#license) - [Contact](#contact) - [Responsible disclosure](#responsible-disclosure) +- [Use of this CONTRIBUTING.md file](#use-of-this-contributingmd-file) ## Code of Conduct @@ -20,10 +23,6 @@ Any and all contributions will need to abide by our community contribution guide Contributions are welcome. Simply register for a free account at [Webvoke Studio's Gitea instance](https://code.webvokestudio.pt/user/sign_up) to start contributing. To get started quickly, feel free to sign up with your existing GitHub account. -### Sign your work - -**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively. - ### Commit Structure We follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) commit structure; this is both human and machine-friendly, ensuring clean and uniform commit messages across the board. @@ -51,6 +50,25 @@ The main branch is protected; For new features, bug fixes, or improvements, fork You should then be able to create a PR to merge your branch into main. Make sure the PR is as descriptive as possible. *DON'T FORGET TO SIGN YOUR WORK*. +### Sign your work + +**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively. + + +Also, including ``Signed-off-by [Your Name] `` is a requirement for everyone submitting PRs and commits. + +Signing off your work is as simple as including the ``--signoff`` git command option. This lets us easily track who did what and provides additional protection for our project. + +By signing off your work, you agree to the [Developer Certificate of Origin](https://developercertificate.org). + +### All that bureaucracy... + +You might think that these contribution requirements present a high barrier to entry, and you'd be right! Signing your commits with your key as well as signing them off is a no-brainer once everything is configured and automated. You don't need to do this manually every commit! Creating a key is also pretty simple given that you can follow the guides GitHub published. + +These requirements help fend off spam contributions and keep everyone accountable and on the same page. They're useful for any project, big and small, learning adventure or production software. + +## Software versions + **Ruby version** We're using Ruby 3.2.3 for this project. @@ -73,4 +91,10 @@ Please add your name here; Email is not necessary unless you've already configur While this is mostly a hobby/learning project written during a Programming class, it's still important to fix any possible vulnerabilities in the code; Especially because beginner developers might expose themselves to external risk and threats if they deploy this code to production. -As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``. \ No newline at end of file +As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``. + +## Use of this CONTRIBUTING.md file + +This file may be used as a template for any open source projects along with its accompanying files, excluding LICENSE.md, as long as you include this message with due credit. + +If you do decide to use this file as a template, make sure to edit the necessary bits, such as the contact section, disclosure section, etc, in order to fit your needs. \ No newline at end of file