github.com/defensepoint-snyk-test/helm-new@v0.0.0-20211130153739-c57ea64d6603/CONTRIBUTING.md (about) 1 # Contributing Guidelines 2 3 The Kubernetes Helm project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted. 4 5 ## Reporting a Security Issue 6 7 Most of the time, when you find a bug in Helm, it should be reported 8 using [GitHub issues](https://github.com/helm/helm/issues). However, if 9 you are reporting a _security vulnerability_, please email a report to 10 [cncf-kubernetes-helm-security@lists.cncf.io](mailto:cncf-kubernetes-helm-security@lists.cncf.io). This will give 11 us a chance to try to fix the issue before it is exploited in the wild. 12 13 ## Sign Your Work 14 15 The sign-off is a simple line at the end of the explanation for a commit. All 16 commits needs to be signed. Your signature certifies that you wrote the patch or 17 otherwise have the right to contribute the material. The rules are pretty simple, 18 if you can certify the below (from [developercertificate.org](http://developercertificate.org/)): 19 20 ``` 21 Developer Certificate of Origin 22 Version 1.1 23 24 Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 25 1 Letterman Drive 26 Suite D4700 27 San Francisco, CA, 94129 28 29 Everyone is permitted to copy and distribute verbatim copies of this 30 license document, but changing it is not allowed. 31 32 Developer's Certificate of Origin 1.1 33 34 By making a contribution to this project, I certify that: 35 36 (a) The contribution was created in whole or in part by me and I 37 have the right to submit it under the open source license 38 indicated in the file; or 39 40 (b) The contribution is based upon previous work that, to the best 41 of my knowledge, is covered under an appropriate open source 42 license and I have the right under that license to submit that 43 work with modifications, whether created in whole or in part 44 by me, under the same open source license (unless I am 45 permitted to submit under a different license), as indicated 46 in the file; or 47 48 (c) The contribution was provided directly to me by some other 49 person who certified (a), (b) or (c) and I have not modified 50 it. 51 52 (d) I understand and agree that this project and the contribution 53 are public and that a record of the contribution (including all 54 personal information I submit with it, including my sign-off) is 55 maintained indefinitely and may be redistributed consistent with 56 this project or the open source license(s) involved. 57 ``` 58 59 Then you just add a line to every git commit message: 60 61 Signed-off-by: Joe Smith <joe.smith@example.com> 62 63 Use your real name (sorry, no pseudonyms or anonymous contributions.) 64 65 If you set your `user.name` and `user.email` git configs, you can sign your 66 commit automatically with `git commit -s`. 67 68 Note: If your git config information is set properly then viewing the 69 `git log` information for your commit will look something like this: 70 71 ``` 72 Author: Joe Smith <joe.smith@example.com> 73 Date: Thu Feb 2 11:41:15 2018 -0800 74 75 Update README 76 77 Signed-off-by: Joe Smith <joe.smith@example.com> 78 ``` 79 80 Notice the `Author` and `Signed-off-by` lines match. If they don't 81 your PR will be rejected by the automated DCO check. 82 83 ## Support Channels 84 85 Whether you are a user or contributor, official support channels include: 86 87 - GitHub [issues](https://github.com/helm/helm/issues/new) 88 - Slack [Kubernetes Slack](http://slack.kubernetes.io/): 89 - User: #helm-users 90 - Contributor: #helm-dev 91 92 Before opening a new issue or submitting a new pull request, it's helpful to search the project - it's likely that another user has already reported the issue you're facing, or it's a known issue that we're already aware of. 93 94 ## Milestones 95 96 We use milestones to track progress of releases. There are also 2 special milestones 97 used for helping us keep work organized: `Upcoming - Minor` and `Upcoming - Major` 98 99 `Upcoming - Minor` is used for keeping track of issues that aren't assigned to a specific 100 release but could easily be addressed in a minor release. `Upcoming - Major` keeps track 101 of issues that will need to be addressed in a major release. For example, if the current 102 version is `2.2.0` an issue/PR could fall in to one of 4 different active milestones: 103 `2.2.1`, `2.3.0`, `Upcoming - Minor`, or `Upcoming - Major`. If an issue pertains to a 104 specific upcoming bug or minor release, it would go into `2.2.1` or `2.3.0`. If the issue/PR 105 does not have a specific milestone yet, but it is likely that it will land in a `2.X` release, 106 it should go into `Upcoming - Minor`. If the issue/PR is a large functionality add or change 107 and/or it breaks compatibility, then it should be added to the `Upcoming - Major` milestone. 108 An issue that we are not sure we will be doing will not be added to any milestone. 109 110 A milestone (and hence release) is considered done when all outstanding issues/PRs have been closed or moved to another milestone. 111 112 ## Semantic Versioning 113 114 Helm maintains a strong commitment to backward compatibility. All of our changes to protocols and formats are backward compatible from Helm 2.0 until Helm 3.0. No features, flags, or commands are removed or substantially modified (other than bug fixes). 115 116 We also try very hard to not change publicly accessible Go library definitions inside of the `pkg/` directory of our source code. 117 118 For a quick summary of our backward compatibility guidelines for releases between 2.0 and 3.0: 119 120 - Protobuf and gRPC changes MUST be backward compatible. 121 - Command line commands, flags, and arguments MUST be backward compatible 122 - File formats (such as Chart.yaml, repositories.yaml, and requirements.yaml) MUST be backward compatible 123 - Any chart that worked on a previous version of Helm MUST work on a new version of Helm (barring the cases where (a) Kubernetes itself changed, and (b) the chart worked because it exploited a bug) 124 - Chart repository functionality MUST be backward compatible 125 - Go libraries inside of `pkg/` SHOULD remain backward compatible (though code inside of `cmd/` may be changed from release to release without notice). 126 127 ## Issues 128 129 Issues are used as the primary method for tracking anything to do with the Helm project. 130 131 ### Issue Types 132 133 There are 4 types of issues (each with their own corresponding [label](#labels)): 134 - Question: These are support or functionality inquiries that we want to have a record of for 135 future reference. Generally these are questions that are too complex or large to store in the 136 Slack channel or have particular interest to the community as a whole. Depending on the discussion, 137 these can turn into "Feature" or "Bug" issues. 138 - Proposal: Used for items (like this one) that propose a new ideas or functionality that require 139 a larger community discussion. This allows for feedback from others in the community before a 140 feature is actually developed. This is not needed for small additions. Final word on whether or 141 not a feature needs a proposal is up to the core maintainers. All issues that are proposals should 142 both have a label and an issue title of "Proposal: [the rest of the title]." A proposal can become 143 a "Feature" and does not require a milestone. 144 - Features: These track specific feature requests and ideas until they are complete. They can evolve 145 from a "Proposal" or can be submitted individually depending on the size. 146 - Bugs: These track bugs with the code or problems with the documentation (i.e. missing or incomplete) 147 148 ### Issue Lifecycle 149 150 The issue lifecycle is mainly driven by the core maintainers, but is good information for those 151 contributing to Helm. All issue types follow the same general lifecycle. Differences are noted below. 152 1. Issue creation 153 2. Triage 154 - The maintainer in charge of triaging will apply the proper labels for the issue. This 155 includes labels for priority, type, and metadata (such as "starter"). The only issue 156 priority we will be tracking is whether or not the issue is "critical." If additional 157 levels are needed in the future, we will add them. 158 - (If needed) Clean up the title to succinctly and clearly state the issue. Also ensure 159 that proposals are prefaced with "Proposal". 160 - Add the issue to the correct milestone. If any questions come up, don't worry about 161 adding the issue to a milestone until the questions are answered. 162 - We attempt to do this process at least once per work day. 163 3. Discussion 164 - "Feature" and "Bug" issues should be connected to the PR that resolves it. 165 - Whoever is working on a "Feature" or "Bug" issue (whether a maintainer or someone from 166 the community), should either assign the issue to them self or make a comment in the issue 167 saying that they are taking it. 168 - "Proposal" and "Question" issues should stay open until resolved or if they have not been 169 active for more than 30 days. This will help keep the issue queue to a manageable size and 170 reduce noise. Should the issue need to stay open, the `keep open` label can be added. 171 4. Issue closure 172 173 ## How to Contribute a Patch 174 175 1. Fork the repo, develop and test your code changes. 176 1. Use sign-off when making each of your commits (see [above](#sign-your-work)). 177 If you forgot to sign some commits that are part of the contribution, you can ask [git to rewrite your commit history](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History). 178 1. Submit a pull request. 179 180 Coding conventions and standards are explained in the official developer docs: 181 [Developers Guide](docs/developers.md) 182 183 The next section contains more information on the workflow followed for PRs 184 185 ## Pull Requests 186 187 Like any good open source project, we use Pull Requests to track code changes 188 189 ### PR Lifecycle 190 191 1. PR creation 192 - We more than welcome PRs that are currently in progress. They are a great way to keep track of 193 important work that is in-flight, but useful for others to see. If a PR is a work in progress, 194 it **must** be prefaced with "WIP: [title]". Once the PR is ready for review, remove "WIP" from 195 the title. 196 - It is preferred, but not required, to have a PR tied to a specific issue. 197 2. Triage 198 - The maintainer in charge of triaging will apply the proper labels for the issue. This should 199 include at least a size label, `bug` or `feature`, and `awaiting review` once all labels are applied. 200 See the [Labels section](#labels) for full details on the definitions of labels 201 - Add the PR to the correct milestone. This should be the same as the issue the PR closes. 202 3. Assigning reviews 203 - Once a review has the `awaiting review` label, maintainers will review them as schedule permits. 204 The maintainer who takes the issue should self-request a review. 205 - Reviews from others in the community, especially those who have encountered a bug or have 206 requested a feature, are highly encouraged, but not required. Maintainer reviews **are** required 207 before any merge 208 - Any PR with the `size/large` label requires 2 review approvals from maintainers before it can be 209 merged. Those with `size/medium` are per the judgement of the maintainers 210 4. Reviewing/Discussion 211 - Once a maintainer begins reviewing a PR, they will remove the `awaiting review` label and add 212 the `in progress` label so the person submitting knows that it is being worked on. This is 213 especially helpful when the review may take awhile. 214 - All reviews will be completed using Github review tool. 215 - A "Comment" review should be used when there are questions about the code that should be 216 answered, but that don't involve code changes. This type of review does not count as approval. 217 - A "Changes Requested" review indicates that changes to the code need to be made before they will be merged. 218 - Reviewers should update labels as needed (such as `needs rebase`) 219 5. Address comments by answering questions or changing code 220 6. Merge or close 221 - PRs should stay open until merged or if they have not been active for more than 30 days. 222 This will help keep the PR queue to a manageable size and reduce noise. Should the PR need 223 to stay open (like in the case of a WIP), the `keep open` label can be added. 224 - If the owner of the PR is listed in `OWNERS`, that user **must** merge their own PRs 225 or explicitly request another OWNER do that for them. 226 - If the owner of a PR is _not_ listed in `OWNERS`, any core committer may 227 merge the PR once it is approved. 228 229 #### Documentation PRs 230 231 Documentation PRs will follow the same lifecycle as other PRs. They will also be labeled with the 232 `docs` label. For documentation, special attention will be paid to spelling, grammar, and clarity 233 (whereas those things don't matter *as* much for comments in code). 234 235 ## The Triager 236 237 Each week, one of the core maintainers will serve as the designated "triager" starting after the 238 public standup meetings on Thursday. This person will be in charge triaging new PRs and issues 239 throughout the work week. 240 241 ## Labels 242 243 The following tables define all label types used for Helm. It is split up by category. 244 245 ### Common 246 247 | Label | Description | 248 | ----- | ----------- | 249 | `bug` | Marks an issue as a bug or a PR as a bugfix | 250 | `critical` | Marks an issue or PR as critical. This means that addressing the PR or issue is top priority and will be handled first by maintainers | 251 | `docs` | Indicates the issue or PR is a documentation change | 252 | `duplicate` | Indicates that the issue or PR is a duplicate of another | 253 | `feature` | Marks the issue as a feature request or a PR as a feature implementation | 254 | `keep open` | Denotes that the issue or PR should be kept open past 30 days of inactivity | 255 | `refactor` | Indicates that the issue is a code refactor and is not fixing a bug or adding additional functionality | 256 257 ### Issue Specific 258 259 | Label | Description | 260 | ----- | ----------- | 261 | `help wanted` | This issue is one the core maintainers cannot get to right now and would appreciate help with | 262 | `proposal` | This issue is a proposal | 263 | `question/support` | This issue is a support request or question | 264 | `starter` | This issue is a good for someone new to contributing to Helm | 265 | `wont fix` | The issue has been discussed and will not be implemented (or accepted in the case of a proposal) | 266 267 ### PR Specific 268 269 | Label | Description | 270 | ----- | ----------- | 271 | `awaiting review` | The PR has been triaged and is ready for someone to review | 272 | `breaking` | The PR has breaking changes (such as API changes) | 273 | `in progress` | Indicates that a maintainer is looking at the PR, even if no review has been posted yet | 274 | `needs pick` | Indicates that the PR needs to be picked into a feature branch (generally bugfix branches). Once it has been, the `picked` label should be applied and this one removed | 275 | `needs rebase` | A helper label used to indicate that the PR needs to be rebased before it can be merged. Used for easy filtering | 276 | `picked` | This PR has been picked into a feature branch | 277 278 #### Size labels 279 280 Size labels are used to indicate how "dangerous" a PR is. The guidelines below are used to assign the 281 labels, but ultimately this can be changed by the maintainers. For example, even if a PR only makes 282 30 lines of changes in 1 file, but it changes key functionality, it will likely be labeled as `size/large` 283 because it requires sign off from multiple people. Conversely, a PR that adds a small feature, but requires 284 another 150 lines of tests to cover all cases, could be labeled as `size/small` even though the number 285 lines is greater than defined below. 286 287 | Label | Description | 288 | ----- | ----------- | 289 | `size/small` | Anything less than or equal to 4 files and 150 lines. Only small amounts of manual testing may be required | 290 | `size/medium` | Anything greater than `size/small` and less than or equal to 8 files and 300 lines. Manual validation should be required. | 291 | `size/large` | Anything greater than `size/medium`. This should be thoroughly tested before merging and always requires 2 approvals. This also should be applied to anything that is a significant logic change. |