You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+44-9Lines changed: 44 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -6,14 +6,49 @@ We just ask that you follow our contribution guidelines when you do.
6
6
Contributions to this project must be accompanied by a signed [Contributor Agreement](ContributorAgreement.txt).
7
7
You (or your employer) retain the copyright to your contribution; this simply grants us permission to use and redistribute your contributions as part of the project.
8
8
9
-
## Code reviews
10
-
All submissions to this project—including submissions from project members—require review.
11
-
Our review process typically involves performing unit tests, development tests, integration tests, and security scans using internal SAS infrastructure.
12
-
For this reason, we don’t often merge pull requests directly from GitHub.
9
+
## Code Reviews
10
+
All submissions to this project—including submissions from project members—require
11
+
review. Our review process typically involves performing unit tests, development
12
+
tests, integration tests, and security scans.
13
13
14
-
Instead, we work with submissions internally first, vetting them to ensure they meet our security and quality standards.
15
-
We’ll do our best to work with contributors in public issues and pull requests; however, to ensure our code meets our internal compliance standards, we may need to incorporate your submission into a solution we push ourselves.
14
+
## Pull Request Requirement
16
15
17
-
This does not mean we don’t value or appreciate your contribution.
18
-
We simply need to review your code internally before merging it.
19
-
We work to ensure all contributors receive appropriate recognition for their contributions, at least by acknowledging them in our release notes.
16
+
### Conventional Commits
17
+
All pull requests must follow the [Conventional Commit](https://www.conventionalcommits.org/en/v1.0.0/)
18
+
standard for commit messages. This helps maintain a consistent and meaningful
19
+
commit history. Pull requests with commits that do not follow the Conventional
20
+
Commit format will not be merged.
21
+
22
+
### Developer Certificate of Origin Sign-Off
23
+
This project requires all commits to be signed off in accordance with the [Developer Certificate of Origin (DCO)](https://developercertificate.org/).
24
+
By signing off your commits, you certify that you have the right to submit the
25
+
contribution under the open source license used by this project.
26
+
27
+
To sign off your commits, use the --signoff flag with git commit:
28
+
29
+
```bash
30
+
git commit --signoff -m "Your commit message"
31
+
```
32
+
33
+
This will add a Signed-off-by line to your commit message, e.g.:
34
+
35
+
```bash
36
+
Signed-off-by: You Name <your.email@example.com>
37
+
```
38
+
39
+
For more information, please refer to https://probot.github.io/apps/dco/
40
+
41
+
### Linter Analysis Checks
42
+
All pull requests must pass our automated analysis checks before they can be
43
+
merged. These checks include:
44
+
45
+
-**Hadolint** – for Dockerfile best practices
46
+
-**ShellCheck** – for shell script issues
47
+
-**Ansible-lint** – for Ansible playbook and role validation
48
+
49
+
## Security Scans
50
+
To ensure that all submissions meet our security and quality standards, we perform
51
+
security scans using internal SAS infrastructure. Contributions might be subjected
52
+
to security scans before they can be accepted. Reporting of any Common Vulnerabilities
53
+
and Exposures (CVEs) that are detected is not available in this project at this
0 commit comments