Skip to content

Commit

Permalink
chore: Adds Contribution and security guidelines
Browse files Browse the repository at this point in the history
  • Loading branch information
@davelosert
davelosert committed Aug 7, 2024
1 parent 70d0e63 commit 33dcd6f
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 11 deletions.
63 changes: 63 additions & 0 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Contributing

Hi there! I'm thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. So first of all: Thank you!

## Contributions how to

If you'd like to contribute in any shape or form, be it by either reporting or fixing a bug, requesting or implementing a new feature or just generally improving this project, please follow the process outlined below.

Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [MIT License](LICENSE).

Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.

> [!NOTE]
> Found a security vulnerability? Please follow the process outlined in [SECURITY.md](SECURITY.md).
### 1. Searching and/or Creating an Issue

Do this step in any case - be it that you just want to report something, or if you want to implement a feature or fix yourself.

1. [Search the existing issues][issues] to see if someone else didn't already beat you to it. If you find a similar issue, you can upvote it with a 👍 reaction or add your comment.
2. If no issue exists, [create a new Issue][create-issue] to discuss the bug or feature with the community and me. Even if you would like to fix/implement it yourself, this is a good idea to avoid any unnecessary work on your side (in case I already implemented it or have some initial feedback about it).

If I ask you for a pull request, continue with the next steps.

### 2. Submitting a pull request

#### Prerequisites for running and testing code

You need to install [NodeJS & NPM](https://nodejs.org/en) to be able to test your changes locally as part of the pull request (PR) submission process.

#### Making and proposing changes

1. [Fork][fork] and clone the repository.
2. Create a new branch: `git checkout -b my-branch-name`.
3. Configure and install the dependencies: `npm install`.
4. Make sure the tests pass on your machine: `npm run test`.
5. Make sure linter passes on your machine: `npm run lint` (powered by [biome.js][biome]).
6. Make your change(s), add tests, and make sure the tests and linter still pass.
6.1. In case the linters fail, use `npm run lint:write` to automatically fix all automatically fixable issues. Fix the rest manually.
7. Push to your fork and [submit a pull request][pr].
8. Pat your self on the back and wait for your pull request to be reviewed and merged.

#### Coding Guidelines

Here are a few things you can do that will increase the likelihood of your pull request being accepted:

- Write tests.
- Keep the formatting in line with the [biome.js][biome] rules. (Tip: You can run `npm run lint:ci` to check the formatting and `npm run lint:write` to automatically fix all automatically fixable issue.)
- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
- Don't introduce any unnecessary dependencies. I try to keep this repository as free from dependencies as possible to avoid entering maintenance-hell as well as unnecessarily introducing supply-chain security-threats.

## Resources

- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
- [GitHub Help](https://help.github.com)

[fork]: https://github.com/davelosert/vitest-coverage-report-action/fork
[pr]: https://github.com/davelosert/vitest-coverage-report-action/compare
[issues]: https://github.com/davelosert/vitest-coverage-report-action/issues
[create-issue]: https://github.com/davelosert/vitest-coverage-report-action/issues/new
[biome]: https://biomejs.dev/
24 changes: 13 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ This GitHub Action reports [vitest](https://vitest.dev/) coverage results as a G

The action generates a high-level coverage summary for all coverage categories, as well as a detailed, file-based report. The report includes links to the files themselves and the uncovered lines for easy reference.

Want to contribute? Check out the [Contributing Guidelines](./CONTRIBUTING.md).

## Usage

To use this action, you need to configure `vitest` to create a coverage report with the following reporters:
Expand Down Expand Up @@ -75,17 +77,17 @@ This action requires the `pull-request: write` permission to add a comment to yo

### Options

| Option | Description | Default |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- |
| `working-directory` | The main path to search for coverage- and configuration files (adjusting this is especially useful in monorepos). | `./` |
| `json-summary-path` | The path to the json summary file. | `${working-directory}/coverage/coverage-summary.json` |
| `json-final-path` | The path to the json final file. | `${working-directory}/coverage/coverage-final.json` |
| `vite-config-path` | The path to the vite config file. Will check the same paths as vite and vitest | Checks pattern `${working-directory}/vite[st].{config|workspace}.{t\|mt\|ct\|j\|mj\|cj}s` |
| `github-token` | A GitHub access token with permissions to write to issues (defaults to `secrets.GITHUB_TOKEN`). | `${{ github.token }}` |
| `file-coverage-mode` | Defines how file-based coverage is reported. Possible values are `all`, `changes` or `none`. | `changes` |
| `name` | Give the report a custom name. This is useful if you want multiple reports for different test suites within the same PR. Needs to be unique. | '' |
| `json-summary-compare-path` | The path to the json summary file to compare against. If given, will display a trend indicator and the difference in the summary. Respects the `working-directory` option. | undefined |
| `pr-number` | The number of the PR to post a comment to (if any) | If in the context of a PR, the number of that PR.<br/> If in the context of a triggered workflow, the PR of the triggering workflow. <br/>If no PR context is found, it defaults to `undefined` |
| Option | Description | Default |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `working-directory` | The main path to search for coverage- and configuration files (adjusting this is especially useful in monorepos). | `./` |
| `json-summary-path` | The path to the json summary file. | `${working-directory}/coverage/coverage-summary.json` |
| `json-final-path` | The path to the json final file. | `${working-directory}/coverage/coverage-final.json` |
| `vite-config-path` | The path to the vite config file. Will check the same paths as vite and vitest | Checks pattern `${working-directory}/vite[st].{config | workspace}.{t\|mt\|ct\|j\|mj\|cj}s` |
| `github-token` | A GitHub access token with permissions to write to issues (defaults to `secrets.GITHUB_TOKEN`). | `${{ github.token }}` |
| `file-coverage-mode` | Defines how file-based coverage is reported. Possible values are `all`, `changes` or `none`. | `changes` |
| `name` | Give the report a custom name. This is useful if you want multiple reports for different test suites within the same PR. Needs to be unique. | '' |
| `json-summary-compare-path` | The path to the json summary file to compare against. If given, will display a trend indicator and the difference in the summary. Respects the `working-directory` option. | undefined |
| `pr-number` | The number of the PR to post a comment to (if any) | If in the context of a PR, the number of that PR.<br/> If in the context of a triggered workflow, the PR of the triggering workflow. <br/>If no PR context is found, it defaults to `undefined` |

#### File Coverage Mode

Expand Down
9 changes: 9 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Security Policy

I am using all of [GitHub's security features](https://docs.github.com/en/code-security) to manage security vulnerabilities in this project as best as I can. But well, we all know that things might slip through.

So I am happy for any vulnerability reports, and I will do my best to fix them as soon as possible.

## Reporting a Vulnerability

If you think you found a vulnerability, please report it by [opening a Draft Security Advisory](https://github.com/davelosert/vitest-coverage-report-action/security/advisories/new) (you can manually navigate to it by clicking on the "Security" tab in the repository, then on "Advisories" and then hit the green Button that says "New draft security advisory").

0 comments on commit 33dcd6f

Please sign in to comment.