@@ -15,13 +15,54 @@ review. Our review process typically involves performing unit tests, development
1515tests, integration tests, and security scans.
1616
1717## Pull Request Requirement
18- All contributions (PRs) must be accompanied by passing unit and/or integration
19- tests, following our [ testing philosophy] ( ./docs/user/TestingPhilosophy.md ) . If you are unfamiliar with this process,
20- we are happy to help you navigate it by providing continuous collaboration within the pull request.
21- All pull requests must also pass our linter analysis checks. Contributions might
22- be subjected to security scans before they can be accepted.
18+
19+ ### Automated Tests
20+ All contributors are expected to include appropriate tests to ensure code quality
21+ and maintainability. This may include unit and/or integration tests as applicable
22+ to the scope of the changes. We have a developed a Golang testing framework using
23+ [ Terratest] ( https://terratest.gruntwork.io/ ) for unit tests and are in the process
24+ of developing integration tests. Please refer to our [ Testing Philosopy] ( ./docs/user/TestingPhilosophy.md )
25+ documentation for more information on our testing framework. If you need additional
26+ help and guidance, we are happy to help you navigate it by providing continuous
27+ collaboration within the pull request.
28+
29+ ### Conventional Commits
30+ All pull requests must follow the [ Conventional Commit] ( https://www.conventionalcommits.org/en/v1.0.0/ )
31+ standard for commit messages. This helps maintain a consistent and meaningful
32+ commit history. Pull requests with commits that do not follow the Conventional
33+ Commit format will not be merged.
34+
35+ ### Developer Certificate of Origin Sign-Off
36+ This project requires all commits to be signed off in accordance with the [ Developer Certificate of Origin (DCO)] ( https://developercertificate.org/ ) .
37+ By signing off your commits, you certify that you have the right to submit the
38+ contribution under the open source license used by this project.
39+
40+ To sign off your commits, use the --signoff flag with git commit:
41+
42+ ``` bash
43+ git commit --signoff -m " Your commit message"
44+ ```
45+
46+ This will add a Signed-off-by line to your commit message, e.g.:
47+
48+ ``` bash
49+ Signed-off-by: You Name < your.email@example.com>
50+ ```
51+
52+ For more information, please refer to https://probot.github.io/apps/dco/
53+
54+ ### Linter Analysis Checks
55+ All pull requests must pass our automated analysis checks before they can be
56+ merged. These checks include:
57+
58+ - ** Hadolint** – for Dockerfile best practices
59+ - ** ShellCheck** – for shell script issues
60+ - ** TFLint** – for Terraform code quality
61+ - ** Gitleaks** – for detecting hardcoded secrets and sensitive information
2362
2463## Security Scans
25- To ensure that all submissions meet our security and quality standards, we perform security
26- scans using internal SAS infrastructure. Reporting of any Common Vulnerabilities and Exposures
27- (CVEs) that are detected is not available in this project at this time.
64+ To ensure that all submissions meet our security and quality standards, we perform
65+ security scans using internal SAS infrastructure. Contributions might be subjected
66+ to security scans before they can be accepted. Reporting of any Common Vulnerabilities
67+ and Exposures (CVEs) that are detected is not available in this project at this
68+ time.
0 commit comments