GitHub-JetBrains
/
compose-jb
mirror of https://github.com/JetBrains/compose-jb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add contribution guidelines (#5495) 

Fixes [CMP-81](https://youtrack.jetbrains.com/issue/CMP-81) Check
Compose repositories for following JetBrains rules
Fixes [CMP-82](https://youtrack.jetbrains.com/issue/CMP-82) Make a
contribution guide for Compose repositories

## Release Notes
N/A

---------

Co-authored-by: Igor Demin <igordmn@users.noreply.github.com>
pull/5499/head
Victor Kropp 2 weeks ago committed by GitHub
parent
57a9a61043
commit
8c50bcbf16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 100 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      CODE_OF_CONDUCT.md
  2. 68
      CONTRIBUTING.md
  3. 1
      README.md
  4. 26
      SECURITY.md

5
CODE_OF_CONDUCT.md
Unescape View File

@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
## Code of Conduct
This project and the corresponding community are governed by the [JetBrains Open Source and Community Code of Conduct](https://github.com/jetbrains#code-of-conduct).
Please make sure you read it.

68
CONTRIBUTING.md
Unescape View File

@ -0,0 +1,68 @@ @@ -0,0 +1,68 @@
# What this repository is
This repository contains sources of Compose Multiplatform supporting projects (Gradle plugin, Resources, samples, templates, etc.).
# What this repository is not
The main codebase for Compose Multiplatform is located in a [separate repository](https://github.com/JetBrains/compose-multiplatform-core),
which is a fork of [AOSP](https://github.com/androidx/androidx).
Contributions that affect Android or common code of the main codebase should be submitted in AndroidX repository.
# Contributing
We love contributions!
If you want to find some issues to start off with,
try [this query](https://youtrack.jetbrains.com/issues/CMP?q=tag:%20%7BUp%20For%20Grabs%7D%20%23Unresolved) which should find all open Compose Multiplatform issues that are marked as "up-for-grabs".
If you'd like to fix a bug or add a feature, [create a YouTrack issue](https://youtrack.jetbrains.com/newIssue?project=CMP) for it first.
You'll then be able to discuss the proposed change with maintainers.
It would help to avoid situations when the change conflicts with some other feature or help discover potential edge cases.
Currently only committers can assign issues to themselves so just add a comment if you're starting work on it.
If you are working on the [compose-multiplatform-core](https://github.com/JetBrains/compose-multiplatform-core) repo, make sure to follow the [development guide](https://github.com/JetBrains/compose-multiplatform-core/blob/jb-main/MULTIPLATFORM.md) for local set up.
## Submitting patches
The best way to submit a patch is to [fork the project on GitHub](https://help.github.com/articles/fork-a-repo/) and then send us a
[pull request](https://help.github.com/articles/creating-a-pull-request/) to the `master` branch via [GitHub](https://github.com).
If you create your own fork, it might help to enable rebase by default
when you pull by executing
``` bash
git config --global pull.rebase true
```
This will avoid your local repo having too many merge commits
which will help keep your pull request simple and easy to apply.
## Rules for commit messages
Most of these rules are originated from the [How to Write a Git Commit Message](https://chris.beams.io/posts/git-commit/)
article, and it's highly recommended to read it.
### Rules on pull requests' description
1. Explain what and why vs. how
* Please make an extra effort to explain why changes are needed for every non-trivial modification.
* Describe how you tested your changes
* Add Release Notes
* Follow the [PR template](https://github.com/JetBrains/compose-multiplatform/blob/master/.github/PULL_REQUEST_TEMPLATE.md)
2. Mention relevant [YouTrack](https://youtrack.jetbrains.com/issues/CMP) issues in their messages
3. Commit changes together with the corresponding tests, unless the resulting commit becomes too unwieldy to grasp
### Rules on PR messages style/formatting
1. Capitalize the title
2. Do not end the title with a period
3. Use the imperative mood in the title
## Checklist
Before submitting the pull request, make sure that you can say "YES" to each point in this short checklist:
- You provided the link to the related issue(s) from YouTrack
- You made a reasonable amount of changes related only to the provided issues
- You can explain changes made in the pull request
- You ran the build locally and verified new functionality
- You ran related tests locally and they passed
- You do not have merge commits in the pull request

1
README.md
Unescape View File

@ -79,6 +79,7 @@ for creating web user interfaces with HTML and CSS. @@ -79,6 +79,7 @@ for creating web user interfaces with HTML and CSS.
* [Tutorials](tutorials/README.md)
* [Compatibility and versioning](https://jb.gg/cmp-versioning)
* [Changelog](CHANGELOG.md)
* [Contibution guide](CONTRIBUTING.md)
## Get help

26
SECURITY.md
Unescape View File

@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
## Security
We do our best to make sure our products are free of security vulnerabilities. To reduce the risk of introducing a vulnerability,
you can follow these best practices:
* Always use the latest release. For security purposes, we sign our releases published on Maven Central
with these PGP keys:
* Key ID: **compose@jetbrains.com**
* Fingerprint: **2072 3A63 99BC 0601 5428 3B37 CFAE 163B 64AC 9189**
* Key type: **ed25519**
* Follow the Gradle [Dependency Verification Guide](https://docs.gradle.org/current/userguide/dependency_verification.html)
to set up continuous verification or learn how to [manually verify a dependency](https://docs.gradle.org/current/userguide/dependency_verification.html#sec:manual-checking-dependency).
* Use the latest versions of your application's dependencies. If you need to use a specific version of a dependency,
periodically check if any new security vulnerabilities have been discovered. You can follow
[the guidelines from GitHub](https://docs.github.com/en/code-security)
or browse known vulnerabilities in the [CVE base](https://www.cve.org/CVERecord/).
We are very eager and grateful to hear about any security issues you find.
To report vulnerabilities that you discover in Compose Multiplatform,
please post a message directly to our [issue tracker](https://youtrack.jetbrains.com/newIssue?project=CMP&c=Type%20Security%20Problem) or send us an [email](mailto:security@jetbrains.org).
For more information on how our responsible disclosure process works, please check the [JetBrains Coordinated Disclosure Policy](https://www.jetbrains.com/legal/docs/terms/coordinated-disclosure/).
Write Preview
Loading…
Cancel
Save