ivuorinen/f2b
1
0
Fork 0
mirror of https://github.com/ivuorinen/f2b.git synced 2026-03-07 13:58:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
26c4188f29e2bf499951e3a8e8014b0f6bb09d8b
f2b/CONTRIBUTING.md
Ismo Vuorinen 98b53d84b5 fix: repair Renovate config, convert Makefile to go run, update GitHub Actions (#120) 
* fix: repair Renovate config and convert Makefile to go run (#117)

- Remove non-existent `github>renovatebot/presets:golang` preset that
  broke Renovate PR creation
- Replace deprecated `fileMatch` with `managerFilePatterns` in
  customManagers
- Rewrite regex to match new Makefile pattern (renovate comment above
  version variable assignment)
- Fix `matchFileNames` glob pattern (`*.mk` -> `**/*.mk`)
- Convert all tool invocations from `go install` + global binary to
  `go run tool@version` for reproducible builds
- Convert npm global tools to `npx --yes` invocations
- Remove `dev-deps` and `check-deps` targets (tools auto-download)
- Add mdformat pre-commit hook with GFM support and config
- Add `fmt-md` Makefile target for manual markdown formatting
- Update local golangci-lint pre-commit hook to use `go run`
- Apply golangci-lint v2.10.1 auto-fixes (fmt.Fprintf optimization)
- Add nolint:gosec annotations for legitimate exec.Command usage
- Exclude .serena/ from mdformat and megalinter
- Add markdown indent_size=unset in .editorconfig for CommonMark compat

* chore(deps): update GitHub Actions to latest versions

- anthropics/claude-code-action: v1.0.34 -> v1.0.64
- actions/setup-go: v6.2.0 -> v6.3.0
- actions/upload-artifact: v6.0.0 -> v7.0.0
- goreleaser/goreleaser-action: v6.4.0 -> v7.0.0
- docker/login-action: v3.6.0 -> v3.7.0
- ivuorinen/actions: v2026.01.21 -> v2026.02.24

* fix: address code review feedback

- Fix issue template YAML frontmatter (replace underscore separators
  with proper --- delimiters); exclude templates from mdformat
- Replace string(rune(n)) with strconv.Itoa(n) in test files to produce
  deterministic numeric directory names instead of Unicode characters
- Remove stale `make dev-deps` reference in README, replace with
  `make dev-setup`
- Extract ban/unban format strings into shared.MetricsFmtBanOperations
  and shared.MetricsFmtUnbanOperations constants
- Replace hardcoded coverage percentages in README with evergreen
  phrasing

* fix: address round 2 code review feedback for PR #120

- Fix corrupted path traversal example in docs/security.md
- Fix Renovate .mk regex to match nested paths (.*\.mk$)
- Update checkmake pre-commit hook to v0.3.2 to match Makefile
- Add sync.WaitGroup to unsynchronized goroutines in security tests
- Fix fmt-md target to use pre-commit run mdformat
- Pin markdownlint-cli2 to v0.21.0 in lint-md target
- Standardize //nolint:gosec to // #nosec annotations for gosec CLI

* fix(ci): install PyYAML dependency for PR lint workflow

The pr-lint workflow uses ivuorinen/actions/pr-lint which internally
calls validate-inputs running a Python script that imports yaml.
Python was set up but PyYAML was never installed, causing
ModuleNotFoundError at runtime.

* fix: address round 3 code review feedback for PR #120

- Wrap Windows-style path traversal example in backtick code span so
  backslashes render literally in docs/security.md
- Add Renovate-managed MARKDOWNLINT_CLI2_VERSION variable in Makefile
  to match the pattern used by all other tool versions
2026-03-01 19:09:17 +02:00

105 lines
3.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Contributing to f2b
Thank you for your interest in contributing to **f2b**! Your help is appreciated,
whether you are fixing bugs, adding features, improving documentation, or helping others.
______________________________________________________________________
## How to Contribute
### 1. Open an Issue
- **Bugs:** Please include steps to reproduce, expected vs. actual behavior, and your environment.
- **Feature Requests:** Describe the problem you want to solve and your proposed solution.
- **Questions:** If youre unsure about something, open an issue for discussion.
### 2. Fork and Branch
- Fork the repository to your own GitHub account.
- Create a new branch for your change:
`git checkout -b my-feature-branch`
### 3. Make Your Changes
- Follow the existing code style and structure.
- Use dependency injection and interfaces for testability.
- Validate all user input and avoid shell string concatenation.
- Handle sudo privileges appropriately - use mocks for testing.
- Add or update tests for your changes, including privilege scenarios.
- Update documentation and usage examples as needed.
### 4. Run Tests
- Ensure all tests pass before submitting:
```bash
go test ./...
```
### 5. Commit and Push
- Write clear, descriptive commit messages.
- Keep commits focused and atomic.
- Push your branch to your fork.
### 6. Open a Pull Request
- Go to the main repo and open a PR from your branch.
- Describe your changes, reference related issues, and explain any design decisions.
- Be ready to discuss and revise your code based on feedback.
______________________________________________________________________
## Code Style
- Follow idiomatic Go style as described in the [Effective Go][effective_go] guidelines.
- Prefer tabs for Go code (see `.editorconfig`).
- Employ structured logging (`logrus`) together with the project's output helpers.
- Validate all user input, especially IP addresses and jail names.
- Prefer explicit error handling and error wrapping (`fmt.Errorf("...: %w", err)`).
- Add GoDoc comments to all exported functions, types, and interfaces.
- Handle sudo privileges securely - validate before escalation, use mocks in tests.
- Use argument arrays for command execution, never shell string concatenation.
______________________________________________________________________
## Security & Testing Guidelines
**Key Requirements:**
- **Never execute real sudo commands in tests** - always use mocks
- **Validate all input** before privilege escalation
- **Use secure command execution** - argument arrays, not shell strings
- **Test both privilege scenarios** - privileged and unprivileged users
For comprehensive security guidelines, testing patterns, and examples, see:
- [docs/security.md](docs/security.md) - Security practices and threat model
- [docs/testing.md](docs/testing.md) - Testing strategies and mock patterns
- [AGENTS.md](AGENTS.md) - AI/LLM contributor guidelines
______________________________________________________________________
## Communication
- Be respectful and constructive in all discussions.
- Review the [Code of Conduct](CODE_OF_CONDUCT.md).
- For large or breaking changes, open an issue to discuss your approach before submitting a PR.
______________________________________________________________________
## Additional Notes
- All contributions require review and approval before merging.
- Security-related changes require extra scrutiny and testing.
- If you are an AI/LLM agent, please see [AGENTS.md](AGENTS.md) for additional guidelines.
- By contributing, you agree that your contributions will be licensed under the MIT License.
______________________________________________________________________
Thank you for helping make **f2b** better!
[contributing](CONTRIBUTING.md)
[effective_go]: https://golang.org/doc/effective_go.html
Reference in New Issue View Git Blame Copy Permalink