Contributing
Code contributions
We accept anything that benefits the community, thanks for sharing your work with the world. We can discuss implementation details here.
Guidelines
- Write your idea: here
- Fork Makes on GitHub
- Git-clone your fork
- Hack as much as you like!
- Git-commit your changes.
- Git-push changes to your fork
- Create a Pull Request from your fork to Makes
Testing your local changes
You can run local changes by simply running m . <job>
.
If you're adding new files, make sure to git add
them first.
Adding documentation
- All changes must be documented in the same PR.
- You can run
m . /docs/dev
to serve the docs site on localhost.
Adding tests
- Tests are located under
tests
. - Make sure to add new tests to the GitHub Actions pipelines as well.
Adding yourself to the mailmap
You must add yourself to the
.mailmap file.
Make sure to test it with m . /lintGitMailMap
.
Writing a valid commit message
- Your commit message must follow this syntax.
- You must sign your commits by adding a
Signed-off-by
line at the end of your commit message. - You can take a look at other commits here.
- Make sure to test it with
m . /tests/commitlint
.
Other PR rules
A PR must:
- Only be one commit ahead of main.
- Have a title and body equal to its commmit message.
Examples
- feat(build): #262 lint git mailmap
- feat(build): #232 lint terraform
- feat(build): #232 test terraform
- feat(build): #232 deploy terraform
- feat(build): #252 aws secrets from env
- feat(build): #232 make parallel utils
The legal side of contributions
All of the code that you submit to our code repository will be licensed under the MIT license.
Please add a Signed-off-by: Full Name <email>
to your commits as explained here
to signal that you agree
to the terms of the following
Developer Certificate of Origin.
Thank you!
Review process
Once a pull request is opened in the repository, a maintainer must follow the following steps to review it:
- Check that the proposed change has an associated issue, enough discussion has happened on it, and there is consensus in the implementation details, and if we agree that implement it is a good idea.
- Check if the change modifies the Architecture in any way, and that it has been updated.
- Check if the implementation follows the Secure Design Principles, and documents there any new interactions, or updates the documentation accordingly.
- Check if the implementation introduces new threats, or changes/removes an existing threat, and if the Threat Model documentation has been updated to reflect it.
- Check if the change adds or modifies an existing security property of the system, and if the Software Assurance documentation has been updated to reflect it.
- Check if the CI/CD succeeded. No job should fail unless something unrelated to the pull request happened.
- The Developer Certificate of Origin was accepted, normally through checking that the job in the CI/CD that verifies it succeeded.
- The steps mentioned in the sections above were followed, particularly check if the code is readable, maintainable, proper tests were added or updated, the corresponding docs were added or updated, and the architecture and design seems to be of good quality.