docs: update CONTRIBUTING.md to clarify guidelines

Signed-off-by: Miguel Nogueira <me@nogueira.codes>
This commit is contained in:
Miguel Nogueira 2024-05-21 09:49:50 +01:00
parent 6dc6f998d2
commit bcce3d60a6
Signed by: miguel456
GPG Key ID: 43EF15DB0CC86DDD
1 changed files with 31 additions and 7 deletions

View File

@ -3,12 +3,15 @@
## Table of Contents ## Table of Contents
- [Code of Conduct](#code-of-conduct) - [Code of Conduct](#code-of-conduct)
- [How to Contribute](#how-to-contribute) - [How to Contribute](#how-to-contribute)
- [Sign your Work](#sign-your-work)
- [Commit Structure](#commit-structure) - [Commit Structure](#commit-structure)
- [Pull Request Guidelines](#prs-and-commits) - [PRs and Commits](#prs-and-commits)
- [Sign your Work](#sign-your-work)
- [All that bureaucracy...](#all-that-bureaucracy)
- [Software versions](#software-versions)
- [License](#license) - [License](#license)
- [Contact](#contact) - [Contact](#contact)
- [Responsible disclosure](#responsible-disclosure) - [Responsible disclosure](#responsible-disclosure)
- [Use of this CONTRIBUTING.md file](#use-of-this-contributingmd-file)
## Code of Conduct ## Code of Conduct
@ -20,10 +23,6 @@ Any and all contributions will need to abide by our community contribution guide
Contributions are welcome. Simply register for a free account at [Webvoke Studio's Gitea instance](https://code.webvokestudio.pt/user/sign_up) to start contributing. To get started quickly, feel free to sign up with your existing GitHub account. Contributions are welcome. Simply register for a free account at [Webvoke Studio's Gitea instance](https://code.webvokestudio.pt/user/sign_up) to start contributing. To get started quickly, feel free to sign up with your existing GitHub account.
### Sign your work
**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively.
### Commit Structure ### Commit Structure
We follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) commit structure; this is both human and machine-friendly, ensuring clean and uniform commit messages across the board. We follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) commit structure; this is both human and machine-friendly, ensuring clean and uniform commit messages across the board.
@ -51,6 +50,25 @@ The main branch is protected; For new features, bug fixes, or improvements, fork
You should then be able to create a PR to merge your branch into main. Make sure the PR is as descriptive as possible. *DON'T FORGET TO SIGN YOUR WORK*. You should then be able to create a PR to merge your branch into main. Make sure the PR is as descriptive as possible. *DON'T FORGET TO SIGN YOUR WORK*.
### Sign your work
**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively.
Also, including ``Signed-off-by [Your Name] <you@email.com>`` is a requirement for everyone submitting PRs and commits.
Signing off your work is as simple as including the ``--signoff`` git command option. This lets us easily track who did what and provides additional protection for our project.
By signing off your work, you agree to the [Developer Certificate of Origin](https://developercertificate.org).
### All that bureaucracy...
You might think that these contribution requirements present a high barrier to entry, and you'd be right! Signing your commits with your key as well as signing them off is a no-brainer once everything is configured and automated. You don't need to do this manually every commit! Creating a key is also pretty simple given that you can follow the guides GitHub published.
These requirements help fend off spam contributions and keep everyone accountable and on the same page. They're useful for any project, big and small, learning adventure or production software.
## Software versions
**Ruby version** **Ruby version**
We're using Ruby 3.2.3 for this project. We're using Ruby 3.2.3 for this project.
@ -74,3 +92,9 @@ Please add your name here; Email is not necessary unless you've already configur
While this is mostly a hobby/learning project written during a Programming class, it's still important to fix any possible vulnerabilities in the code; Especially because beginner developers might expose themselves to external risk and threats if they deploy this code to production. While this is mostly a hobby/learning project written during a Programming class, it's still important to fix any possible vulnerabilities in the code; Especially because beginner developers might expose themselves to external risk and threats if they deploy this code to production.
As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``. As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``.
## Use of this CONTRIBUTING.md file
This file may be used as a template for any open source projects along with its accompanying files, excluding LICENSE.md, as long as you include this message with due credit.
If you do decide to use this file as a template, make sure to edit the necessary bits, such as the contact section, disclosure section, etc, in order to fit your needs.