|
| 1 | += Contributing to Spring Security |
| 2 | + |
| 3 | +First off, thank you for taking the time to contribute! :+1: :tada: |
| 4 | + |
| 5 | +== Table of Contents |
| 6 | + |
| 7 | +* <<code-of-conduct>> |
| 8 | +* <<how-to-contribute>> |
| 9 | +* <<ask-questions>> |
| 10 | +* <<find-an-issue>> |
| 11 | +* <<create-an-issue>> |
| 12 | +* <<issue-lifecycle>> |
| 13 | +* <<submit-a-pull-request>> |
| 14 | +* <<build-from-source>> |
| 15 | +* <<code-style>> |
| 16 | + |
| 17 | +[[code-of-conduct]] |
| 18 | +== Code of Conduct |
| 19 | + |
| 20 | +This project is governed by the https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[Spring code of conduct]. |
| 21 | +By participating you are expected to uphold this code. |
| 22 | +Please report unacceptable behavior to [email protected]. |
| 23 | + |
| 24 | +[[how-to-contribute]] |
| 25 | +== How to Contribute |
| 26 | + |
| 27 | +[[ask-questions]] |
| 28 | +=== Ask Questions |
| 29 | + |
| 30 | +If you have a question, check Stack Overflow using |
| 31 | +https://stackoverflow.com/questions/tagged/spring-security+or+spring-ldap+or+spring-authorization-server+or+spring-session?tab=Newest[this list of tags]. |
| 32 | +Find an existing discussion, or start a new one if necessary. |
| 33 | + |
| 34 | +If you believe there is an issue, search through https://github.com/spring-projects/spring-ldap/issues[existing issues] trying a few different ways to find discussions, past or current, that are related to the issue. |
| 35 | +Reading those discussions helps you to learn about the issue, and helps us to make a decision. |
| 36 | + |
| 37 | +[[find-an-issue]] |
| 38 | +=== Find an Existing Issue |
| 39 | + |
| 40 | +There are issues in Spring LDAP with the labels https://github.com/spring-projects/spring-ldap/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+ideal-for-contribution%22[`ideal-for-contribution`] or https://github.com/spring-projects/spring-ldap/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+first-timers-only%22[`first-timers-only`] that are a great way to contribute to a discussion or <<submit-a-pull-request,to a PR>>. |
| 41 | +You can volunteer by commenting on these tickets, and we will assign them to you. |
| 42 | + |
| 43 | +[[create-an-issue]] |
| 44 | +=== Create an Issue |
| 45 | + |
| 46 | +Reporting an issue or making a feature request is a great way to contribute. |
| 47 | +Your feedback and the conversations that result from it provide a continuous flow of ideas. |
| 48 | +However, before creating a ticket, please take the time to <<ask-questions,ask and research>> first. |
| 49 | + |
| 50 | +If you create an issue after a discussion on Stack Overflow, please provide a description in the issue instead of simply referring to Stack Overflow. |
| 51 | +The issue tracker is an important place of record for design discussions and should be self-sufficient. |
| 52 | + |
| 53 | +Once you're ready, create an issue on https://github.com/spring-projects/spring-ldap/issues[GitHub]. |
| 54 | + |
| 55 | +Many issues are caused by subtle behavior, typos, and unintended configuration. |
| 56 | +Creating a https://stackoverflow.com/help/minimal-reproducible-example[Minimal Reproducible Example] (starting with https://start.spring.io for example) of the problem helps the team quickly triage your issue and get to the core of the problem. |
| 57 | + |
| 58 | +We love contributors, and we may ask you to <<submit-a-pull-request,submit a PR with a fix>>. |
| 59 | + |
| 60 | +[[issue-lifecycle]] |
| 61 | +=== Issue Lifecycle |
| 62 | + |
| 63 | +When an issue is first created, it is flagged `waiting-for-triage` waiting for a team member to triage it. |
| 64 | +Once the issue has been reviewed, the team may ask for further information if needed, and based on the findings, the issue is either assigned a target branch (or no branch if a feature) or is closed with a specific status. |
| 65 | +The target branch is https://spring.io/projects/spring-ldap#support[the earliest supported branch] where <<choose-a-branch,the change will be applied>>. |
| 66 | + |
| 67 | +When a fix is ready, the issue is closed and may still be re-opened until the fix is released. |
| 68 | +After that the issue will typically no longer be reopened. |
| 69 | +In rare cases if the issue was not at all fixed, the issue may be re-opened. |
| 70 | +In most cases however any follow-up reports will need to be created as new issues with a fresh description. |
| 71 | + |
| 72 | +[[build-from-source]] |
| 73 | +=== Build from Source |
| 74 | + |
| 75 | +See https://github.com/spring-projects/spring-security/tree/main#building-from-source[Build from Source] for instructions on how to check out, build, and import the Spring Security source code into your IDE. |
| 76 | + |
| 77 | +[[code-style]] |
| 78 | +=== Source Code Style |
| 79 | + |
| 80 | +The wiki pages https://github.com/spring-projects/spring-framework/wiki/Code-Style[Code Style] and https://github.com/spring-projects/spring-framework/wiki/IntelliJ-IDEA-Editor-Settings[IntelliJ IDEA Editor Settings] define the source file coding standards we use along with some IDEA editor settings we customize. |
| 81 | + |
| 82 | +To format the code as well as check the style, run `./gradlew format check`. |
| 83 | + |
| 84 | +[[submit-a-pull-request]] |
| 85 | +=== Submit a Pull Request |
| 86 | + |
| 87 | +We are excited for your pull request! :heart: |
| 88 | + |
| 89 | +Please do your best to follow these steps. |
| 90 | +Don't worry if you don't get them all correct the first time, we will help you. |
| 91 | + |
| 92 | +[[sign-cla]] |
| 93 | +1. All commits must include a __Signed-off-by__ trailer at the end of each commit message to indicate that the contributor agrees to the Developer Certificate of Origin. |
| 94 | + For additional details, please refer to the blog post https://spring.io/blog/2025/01/06/hello-dco-goodbye-cla-simplifying-contributions-to-spring[Hello DCO, Goodbye CLA: Simplifying Contributions to Spring]. |
| 95 | + [[create-an-issue]] |
| 96 | +1. Must you https://github.com/spring-projects/spring-security/issues/new/choose[create an issue] first? No, but it is recommended for features and larger bug fixes. It's easier discuss with the team first to determine the right fix or enhancement. |
| 97 | + For typos and straightforward bug fixes, starting with a pull request is encouraged. |
| 98 | + Please include a description for context and motivation. |
| 99 | + Note that the team may close your pull request if it's not a fit for the project. |
| 100 | + [[choose-a-branch]] |
| 101 | +1. Always check out the branch indicated in the milestone and submit pull requests against it (for example, for milestone `5.8.3` use the `5.8.x` branch). |
| 102 | + If there is no milestone, choose `main`. |
| 103 | + Once merged, the fix will be forwarded-ported to applicable branches including `main`. |
| 104 | + [[create-a-local-branch]] |
| 105 | +1. Create a local branch |
| 106 | + If this is for an issue, consider a branch name with the issue number, like `gh-22276`. |
| 107 | + [[write-tests]] |
| 108 | +1. Add documentation and JUnit Tests for your changes. |
| 109 | + [[update-copyright]] |
| 110 | +1. In all files you edited, if the copyright header is of the form 2002-20xx, update the final copyright year to the current year. |
| 111 | + [[add-since]] |
| 112 | +1. If on `main`, add `@since` JavaDoc attributes to new public APIs that your PR adds |
| 113 | + [[change-rnc]] |
| 114 | +1. If you are updating the XSD, please instead update the RNC file and then run `./gradlew :spring-security-config:rncToXsd`. |
| 115 | + [[format-code]] |
| 116 | +1. For each commit, build the code using `./gradlew format check`. |
| 117 | + This command ensures the code meets most of <<code-style,the style guide>>; a notable exception is import order. |
| 118 | + [[commit-atomically]] |
| 119 | +1. Choose the granularity of your commits consciously and squash commits that represent |
| 120 | + multiple edits or corrections of the same logical change. |
| 121 | + See https://git-scm.com/book/en/Git-Tools-Rewriting-History[Rewriting History section of Pro Git] for an overview of streamlining the commit history. |
| 122 | + [[format-commit-messages]] |
| 123 | +1. Format commit messages using 55 characters for the subject line, 72 characters per line |
| 124 | + for the description, followed by the issue fixed, for example, `Closes gh-22276`. |
| 125 | + See the https://git-scm.com/book/en/Distributed-Git-Contributing-to-a-Project#Commit-Guidelines[Commit Guidelines section of Pro Git] for best practices around commit messages, and use `git log` to see some examples. |
| 126 | + Present tense is preferred. |
| 127 | ++ |
| 128 | +[indent=0] |
| 129 | +---- |
| 130 | +Address NullPointerException |
| 131 | +
|
| 132 | +Closes gh-22276 |
| 133 | +---- |
| 134 | +[[reference-issue]] |
| 135 | +1. If there is a prior issue, reference the GitHub issue number in the description of the pull request. |
| 136 | ++ |
| 137 | +[indent=0] |
| 138 | +---- |
| 139 | +Closes gh-22276 |
| 140 | +---- |
| 141 | + |
| 142 | +If accepted, your contribution may be heavily modified as needed prior to merging. |
| 143 | +You will likely retain author attribution for your Git commits granted that the bulk of your changes remain intact. |
| 144 | +You may also be asked to rework the submission. |
| 145 | + |
| 146 | +If asked to make corrections, simply push the changes against the same branch, and your pull request will be updated. |
| 147 | +In other words, you do not need to create a new pull request when asked to make changes. |
| 148 | +When it is time to merge, you'll be asked to squash your commits. |
| 149 | + |
| 150 | +==== Participate in Reviews |
| 151 | + |
| 152 | +Helping to review pull requests is another great way to contribute. |
| 153 | +Your feedback can help to shape the implementation of new features. |
| 154 | +When reviewing pull requests, however, please refrain from approving or rejecting a PR unless you are a core committer for Spring Security. |
0 commit comments