Hi there! We are thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. The following is a set of guidelines for contributing to Security Requirement Analysis GitHub Action which is hosted in the VeriDevOps Organization on GitHub.
This project and everyone participating in it is governed by the Security Requirement Analysis GitHub Action Code of Conduct. By participating, you agree to abide by its terms. Please report unacceptable behavior to r.talalaeva@innopolis.university.
-
Ensure the bug was not already reported by searching on GitHub under Issues.
-
If you're unable to find an open issue addressing the problem, open a new one and choose
Bug reporttype. Be sure to include a title and clear description, as much relevant information as possible, and a workflow code sample or an executable test case demonstrating the expected and actual behavior. -
Fix bug and submit a PR.
-
Suggest your change via opening a new issue and choose
Feature requesttype. -
Implement a new feature and submit a PR, after acceptance through Issue.
-
Fork and clone the repository.
-
Configure and install the dependencies:
-
Make your change to the code under
src/folder. Try preserve the structure:File name Description index.ts It is a main file. It has a function run()that is responsible for the whole action.apiService.ts Contains functions that are responsible to make API calls to ARQAN model or other services outside the GitHub. github.ts Contains functions that are working with github context. interfaces.ts Contains all interfaces that are used in the code. requirement.ts Contains all logic that is connected with classification Issue as a requirement and suggestion appropriate STIGs to it. rqcode.ts Contains all logic that is connected with RQCODE repository: searching test cases for the list of STIGs, commenting about found tests, opening issues in RQCODE and commenting about opened issues. NOTE: If you add another file for covering your logic, update the table above accordingly, please.
-
If you added new input or output for the action, make sure you have updated the action.yml. See the documentation.
-
Build your code with
npm run prettier && npm run build. -
Push to your fork and submit a pull request. Ensure the PR description clearly describes the problem/new feature and solution. Include the relevant issue number if applicable.
-
Wait for your pull request to be reviewed and merged.
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a good commit message.
This section lists the labels we use to help us track and manage issues and pull requests.
| Label name | VeriDevOps/security-requirement-analysis 🔎 |
Description |
|---|---|---|
enhancement |
search | Feature requests. |
bug |
search | Confirmed bugs or reports that are very likely to be bugs. |
good first issue |
search | Less complex issues which would be good first issues to work on for users who want to contribute to Security Requirement Analysis GitHub Action. |
question |
search | Questions more than bug reports or feature requests (e.g. how do I do X). |
help wanted |
search | The VeriDevOps core team would appreciate help from the community in resolving these issues. |
duplicate |
search | Issues which are duplicates of other issues, i.e. they have been reported before. |
wontfix |
search | The VeriDevOps core team has decided not to fix these issues for now, either because they're working as intended or for some other reason. |
dependencies |
search | Label for dependabot Pull Requests or for users updates on dependencies. |
security |
search | Label for classifying Issues that are Security Requirements. |
testing |
search | Label used for classifying Issues that are opened for the test purposes. |