Skip to content

CONTRIBUTING.md

Latest commit

 

History

History
131 lines (83 loc) · 3.79 KB

CONTRIBUTING.md

File metadata and controls

131 lines (83 loc) · 3.79 KB

How to contribute

We'd love for you to contribute and welcome your help. Here are some guidelines to follow:

Did you find a issue?

  • Ensure the bug was not already reported by searching on GitHub under Issues

  • If you're unable to find an open issue addressing the problem, open a new one

Did you write a patch that fixes a bug?

Open a new GitHub pull request with the patch following the steps outlined below. Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.

Before you submit your pull request consider the following guidelines:

  • Search Pull Requests for an open or closed Pull Request that relates to your submission. You don't want to duplicate effort.

Submitting a Pull Request

Please follow these steps for all pull requests. These steps are derived from the GitHub flow.

Step 1: Fork

Fork the current repository and clone your fork locally.

git clone https://github.com/solacecommunity/<github-repo>

Step 2: Branch

Make your changes on a new git branch in your fork of the repository.

git checkout -b my-fix-branch master

Step 2.5: Security Checks

Before committing your changes, run these security checks:

# Check for known vulnerabilities
yarn audit

# Ensure dependencies are up to date
yarn outdated

# Verify lockfile integrity (install without modifying lockfile)
yarn install --frozen-lockfile

If adding new dependencies:

# Always specify exact versions to prevent typosquatting
yarn add package@1.2.3

# Then commit both files
git add package.json yarn.lock

If yarn audit reports vulnerabilities:

  • For high/critical vulnerabilities in direct dependencies: update the package
  • For vulnerabilities in transitive dependencies: check if updating the direct dependency resolves it
  • Document any accepted risks in your pull request

Important: Never use version ranges (^, ~). Always use exact version pinning.

Step 3: Commit

Commit your changes using a descriptive commit message.

git commit -a -m "Your Commit Message"

Note: the optional commit -a command line option will automatically "add" and "rm" edited files.

Step 4: Rebase (if possible)

Assuming you have not yet pushed your branch to origin, use git rebase (not git merge) to synchronize your work with the main repository.

$ git fetch upstream
$ git rebase upstream/master

If you have not set the upstream, do so as follows:

$ git remote add upstream https://github.com/solacecommunity/<github-repo>

If you have already pushed your fork, then do not rebase. Instead merge any changes from master that are not already part of your branch.

Step 5: Push

Push your branch to your fork in GitHub:

git push origin my-fix-branch

Step 6: Pull Request

In GitHub, send a pull request to <github-repo>:master.

When fixing an existing issue, use the commit message keywords to close the associated GitHub issue.

  • If we suggest changes then:
    • Make the required updates.
    • Commit these changes to your branch (ex: my-fix-branch)

That's it! Thank you for your contribution!

Do you have an ideas for a new feature or a change to an existing one?

  • Open a GitHub issue and label it as an enhancement and describe the new functionality.

Do you have questions about the source code?

  • Ask any question about the code or how to use Solace technologies in the Solace community.