Contributing
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
How to Contribute
1. Create an issue
Report problems or suggest improvements by creating an issue.
2. Fork the project
Fork the repository to your GitHub account.
3. Make changes
Clone your fork locally and make the necessary changes:
git clone git@github.com:YOURNAMESPACE/megalinter.git
4. Test your changes
4.1 Gitpod
Use Gitpod for a cloud-based development environment:
- Sign up for Gitpod: https://gitpod.io
- Fork the
megalinter
repository - Open your fork in Gitpod:
https://gitpod.io/#https://github.com/username/megalinter
- Create a new branch:
git checkout -b my-feature-branch
- Make your changes and commit:
git add .
andgit commit -m "chore: description of changes"
- Test all :
make tests
ormake tests-fast
for TDD mode - Test with megalinter:
make megalinter-tests
- Push your changes:
git push origin my-feature-branch
- Create a pull request on GitHub
- Wait for a review
Keep your Gitpod workspace synced with the main repository.
4.2 Desktop
Install make, Python3.11, venv, docker and nodejs.
Run make
for Makefile help. Initialize virtualenv and install dependencies with make reinitialization
or make bootstrap
. Test your changes with make tests
or make tests-fast
.
You can lint with make megalinter
(Incoming)
If you need to run build.sh
commands manually you need to run source .venv/bin/activate
first.
5. Submit a pull request
Create a pull request and refer to the issue number using #123, where 123 is the issue number.
6. Wait
Your pull request will be reviewed, and you'll receive feedback. Thanks for contributing!
Consider sponsoring the maintainer via GitHub.
With write access
- Clone the repository (only if you have write access)
- Create a new branch:
git checkout -b my-branch-name
- Make your change
- Update CHANGELOG.md (the root one, not the one in /docs)
- Run
bash build.sh
to regenerate dockerfile from updated sources (runbash build.sh --doc
if you want to also regenerate documentation) - Push and submit a pull request
- Pat yourself on the back and wait for your pull request to be reviewed and merged.
Maintainers with write access can also comment on pull requests with a command to run the build script on the PR, for example:
/build
Available commands can be listed with the help command by posting the following comment:
/help
Which returns:
Command Description /build Updates the Dockerfile, documentation, and other files from the yml descriptors /build [ref=…] Same as /build, but executes workflow in any branch using the ref named argument. The reference can be a branch, tag, or a commit SHA. This can be useful to test workflows in PR branches before merging. /help Returns this help message
Without write access
- Fork and clone the repository
- Create a new branch:
git checkout -b my-branch-name
- Make your change
- Update CHANGELOG.md (the root one, not the one in /docs)
- Run
bash build.sh
to regenerate dockerfile from updated sources (runbash build.sh --doc
if you want to also regenerate documentation) - Push to your fork and submit a pull request
- Pat your self on the back and wait for your pull request to be reviewed and merged.
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
- Keep your change as focused as possible. If there are multiple changes you would like to make that aren't dependent upon each other, consider submitting them as separate pull requests.
- Write good commit messages.
- Update CHANGELOG.md to briefly describe your changes
Draft pull requests are also welcome to get feedback early on, or if there is something blocking you.
- Create a branch with a name that identifies the user and nature of the changes (similar to
user/branch-purpose
) - Open a pull request
Update Dockerfile base image
/Dockerfile
file has to be updated- Run
bash build.sh
, and it will automatically propagate to all the other Dockerfiles
Improve documentation
Apart from the descriptors, it will usually involve modifying files such as .automation/build.py
In order to be able to run locally a server that serves all the documentation and make the testing as real as possible you should setup a virtual environment.
Commands to execute (only one time):
pip install pipx
pipx install hatch
hatch shell
Commands to run every time you want to build the docs and run the server:
hatch run build:serve
By default it listens on http://127.0.0.1:8000/
.
Every time a change is made to a .md
file it will automatically update if the server is up.
Once you think everything is correct run bash build.sh --doc
and it will generate all the rest!
Add a new linter
Each linter must:
- Be defined in a descriptor file. Few properties are required (see json schema documentation), but please think to input doc URLs and
ide
section for documentation - Have two test files in
.automation/test
: one for success and one for failure
Then run bash build.sh
and it will generate all the rest!
- Documentation (markdown)
- Dockerfile (main and flavors)
- Test classes
- Configuration JSON schema
- Online documentation menus
Execute the tests locally (Visual Studio Code)
- Install Test Explorer UI extension
- Install Python Test Explorer for Visual Studio Code extension
- Execute or debug tests via the side menu
Execute linter tests inside the container
If you are creating a linter or making changes to a linter, you may want to run the tests to check that none of them fail.
When running them, you may encounter several problems:
- it's not installed on the machine locally and you don't want to install it.
- The OS doesn't allow the installation of the linter because it's not cross-platform.
- The behavior between running it on the local machine (host) and the container is different.
For those cases, it's important to have the possibility to run the tests inside the container. To do so:
- Run
bash build.sh
to update the Dockerfile files of each linter. - Execute the following commands in a *.sh script. Example:
docker buildx build -f linters/spell_misspell/Dockerfile . --tag spell_misspell
TEST_KEYWORDS_TO_USE="spell_misspell"
docker run -e TEST_CASE_RUN=true -e OUTPUT_DETAIL=detailed -e TEST_KEYWORDS="${TEST_KEYWORDS_TO_USE}" -e MEGALINTER_VOLUME_ROOT="." -v "/var/run/docker.sock:/var/run/docker.sock:rw" -v $(pwd):/tmp/lint spell_misspell
In the above example, it builds the misspell linter image and then runs its tests. To do the same for another linter you would have to:
- Change the path to the Dockerfile to the appropriate Dockerfile
- Change the tag in the 2 places (docker buildx build and docker run)
- Change the value of TEST_KEYWORDS_TO_USE which is the one that's responsible for finding the tests of the particular linter
CI/CT/CD
The MegaLinter has CI/CT/CD configured utilizing GitHub Actions.
- When a branch is created and code is pushed, a GitHub Action is triggered for building the new Docker container with the new codebase
- To test your updates during your development, you may have to create a draft Pull Request to trigger CI on the main repo
- During development, if all you updated is python code, you can write
quick build
in the commit message body to benefit from a quicker build (about 15 minutes): only python files are copied over oxsecurity/megalinter:test-YOURUSERNAME-YOURBRANCH or oxsecurity/megalinter:latest if a previous full run has not been performed yet - You can filter the performed tests by writing
TEST_KEYWORDS=my keywords
in the commit message body. Example:TEST_KEYWORDS=kubernetes_kubeval_test
- The last commit before the validation of a Pull Request must be a full build with all tests (about 45 minutes)
- The Docker container is then ran against the test cases to validate all code sanity
.automation/test
contains all test cases for each language that should be validated
- These GitHub Actions utilize the Checks API and Protected Branches to help follow the SDLC
- When the Pull Request is merged to main, the MegaLinter Docker container is then updated and deployed with the new codebase
- Note: The branch's Docker container is also removed from DockerHub to cleanup after itself
Releasing
If you are the current maintainer of this action:
- If a major version number change: Update
README.md
and the wiki to reflect new version number in the example workflow file sections - Draft Releases are created automatically. They just need to be checked over for accuracy before making it official.
- Ensure you check the box for publishing to the marketplace
- A GitHub Action will Publish the Docker image to GitHub Package Registry once a Release is created
- A GitHub Action will Publish the Docker image to Docker Hub once a Release is created
- Look for approval from CODEOWNERS