-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Add initial versions of Code of Conduct, Report, Contributing, and Security guides.
- Loading branch information
0 parents
commit 2a26693
Showing
6 changed files
with
214 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| . | ||
| .. | ||
| .idea/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| # Contributor Covenant Code of Conduct | ||
|
|
||
| ## Our Pledge | ||
|
|
||
| In the interest of fostering an open and welcoming environment, we as | ||
| contributors and maintainers pledge to making participation in our project and | ||
| our community a harassment-free experience for everyone, regardless of age, body | ||
| size, disability, ethnicity, sex characteristics, gender identity and expression, | ||
| level of experience, education, socio-economic status, nationality, personal | ||
| appearance, race, religion, or sexual identity and orientation. | ||
|
|
||
| ## Our Standards | ||
|
|
||
| Examples of behavior that contributes to creating a positive environment | ||
| include: | ||
|
|
||
| * Using welcoming and inclusive language | ||
| * Being respectful of differing viewpoints and experiences | ||
| * Gracefully accepting constructive criticism | ||
| * Focusing on what is best for the community | ||
| * Showing empathy towards other community members | ||
|
|
||
| Examples of unacceptable behavior by participants include: | ||
|
|
||
| * The use of sexualized language or imagery and unwelcome sexual attention or | ||
| advances | ||
| * Trolling, insulting/derogatory comments, and personal or political attacks | ||
| * Public or private harassment | ||
| * Publishing others' private information, such as a physical or electronic | ||
| address, without explicit permission | ||
| * Other conduct which could reasonably be considered inappropriate in a | ||
| professional setting | ||
|
|
||
| ## Our Responsibilities | ||
|
|
||
| Project maintainers are responsible for clarifying the standards of acceptable | ||
| behavior and are expected to take appropriate and fair corrective action in | ||
| response to any instances of unacceptable behavior. | ||
|
|
||
| Project maintainers have the right and responsibility to remove, edit, or | ||
| reject comments, commits, code, wiki edits, issues, and other contributions | ||
| that are not aligned to this Code of Conduct, or to ban temporarily or | ||
| permanently any contributor for other behaviors that they deem inappropriate, | ||
| threatening, offensive, or harmful. | ||
|
|
||
| ## Scope | ||
|
|
||
| This Code of Conduct applies both within project spaces and in public spaces | ||
| when an individual is representing the project or its community. Examples of | ||
| representing a project or community include using an official project e-mail | ||
| address, posting via an official social media account, or acting as an appointed | ||
| representative at an online or offline event. Representation of a project may be | ||
| further defined and clarified by project maintainers. | ||
|
|
||
| ## Enforcement | ||
|
|
||
| Instances of abusive, harassing, or otherwise unacceptable behavior may be | ||
| reported by contacting the project team at [[email protected]]. All | ||
| complaints will be reviewed and investigated and will result in a response that | ||
| is deemed necessary and appropriate to the circumstances. The project team is | ||
| obligated to maintain confidentiality with regard to the reporter of an incident. | ||
| Further details of specific enforcement policies may be posted separately. | ||
|
|
||
| Project maintainers who do not follow or enforce the Code of Conduct in good | ||
| faith may face temporary or permanent repercussions as determined by other | ||
| members of the project's leadership. | ||
|
|
||
| ## Attribution | ||
|
|
||
| This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, | ||
| available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html | ||
|
|
||
| [[email protected]]: mailto:[email protected] | ||
| [homepage]: https://www.contributor-covenant.org | ||
|
|
||
| For answers to common questions about this code of conduct, see | ||
| https://www.contributor-covenant.org/faq | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| # Contributing | ||
|
|
||
| Thank you for taking the time to consider contributing to Labrador. Your assistance and enthusiasm is very appreciated! | ||
|
|
||
| Before getting started please ensure you've read over this Contributing guide as well as the guide located in the | ||
| repository you want to contribute to. This guide contains general information applicable to all Labrador packages and | ||
| the individual repositories may have repository-specific guides. | ||
|
|
||
| ## Embrace asynchrony | ||
|
|
||
| Labrador is intended to be different from typical PHP frameworks which operate in a synchronous environment. This requires | ||
| thinking about your software differently and means many I/O related function in PHP's standard library are off-limits. | ||
| Some important things to remember: | ||
|
|
||
| - Do NOT block the event loop. | ||
|
|
||
| This is likely the single most important thing to ingrain. Performing blocking operations | ||
| in your event loop handlers is a sure-fire recipe for an ill-performing application. If your code requires I/O (think | ||
| interacting with the filesystem or database or making HTTP calls) you should be using a library that supports those | ||
| operations asynchronously. | ||
|
|
||
| - Your objects are long-lived. | ||
|
|
||
| Particularly with HTTP applications where traditional PHP applications going through their entire bootstrap and | ||
| object creation process for every request it is important to note that Labrador is **NOT** like this. Bootstrapping | ||
| happens once and your objects are not re-instantiated for every request. | ||
|
|
||
| ## Coding to an interface and Inversion of Control | ||
|
|
||
| Much of the Labrador codebase is powered by well-defined, limited-responsibility interfaces. This has repeatedly proven | ||
| to result in decoupled codebases that are easy to adapt and change over time. Whenever possible you should be creating | ||
| implementations based on an interface and avoid making concrete instances that do not have a well-defined public API. | ||
|
|
||
| Combined with our interface-driven approach is our dependence, pun intended, on dependency injection. If your objects | ||
| depend on other things that dependency should typically be defined in your constructor. This leads to codebases that are | ||
| easy to test and easy to replace implementations as implementations are only required to adhere to a limited-responsibility | ||
| interface. | ||
|
|
||
| ## Unit testing | ||
|
|
||
| Labrador is intended to be a codebase implemented using TDD practices. It is **HIGHLY** recommended that you follow | ||
| the same general pattern of writing your tests first, before you start working on functionality. However, as long as your | ||
| contribution includes sufficient unit tests _when_ you write them is up to you. We do not necessarily aim for 100% coverage | ||
| however if sufficient execution branches are not covered your Contributeion may be rejected until sufficient testing is | ||
| in place. | ||
|
|
||
| ## Coding Standard | ||
|
|
||
| Even for projects with the same, single developer, let alone a project with many contributors, it is important that all | ||
| of the contributors use a consistent coding style. Reading and understanding code is often far more time-consuming and | ||
| important than the act of writing the code itself. Having a consistent, easy-to-understand coding style is crucial to | ||
| having an easy-to-understand codebase. | ||
|
|
||
| We **HIGHLY** recommend that you install [cspray/labrador-coding-standard] as a developer dependency and run the command | ||
| with your unit test suite. For all Labrador packages this command will be run as part of Continuous Integration so your | ||
| code will need to conform to standards before it is allowed to be merged in. | ||
|
|
||
| [cspray/labrador-coding-standard]: https://github.com/labrador-kennel/coding-standard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # Labrador Governance | ||
|
|
||
| A repository storing pertinent information about how Labrador packages are governed. These documents include | ||
|
|
||
| - [Code of Conduct] | ||
|
|
||
| A Code of Conduct derived from the [Contributor Covenant]. | ||
|
|
||
| - [Reporting] | ||
|
|
||
| Details for reporting violations of the [Code of Conduct]. | ||
|
|
||
| - [Contributing] | ||
|
|
||
| Details for how to contribute source code to Labrador packages. | ||
|
|
||
| - [Security] | ||
|
|
||
| Details for how to report security issues found in Labrador packages. | ||
| > Please DO NOT submit a GitHub issue for serious security issues. Please contact [[email protected]]. | ||
| [Code of Conduct]: ./CODE_OF_CONDUCT.md | ||
| [Contributor Covenant]: https://www.contributor-covenant.org/ | ||
| [Contributing]: ./CONTRIBUTING.md | ||
| [Reporting]: ./REPORTING.md | ||
| [Security]: ./SECURITY.md | ||
| [[email protected]]: mailto:[email protected] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # Reporting Violations of Code of Conduct | ||
|
|
||
| We take violations to our Code of Conduct very seriously. We strike to build an open, inclusive community where | ||
| community members feel safe and welcome. If you feel that that a member of the community has violated the Code of | ||
| Conduct, either online or at a community-sponsored event, **please** report the appropriate details to | ||
| [[email protected]]. | ||
|
|
||
| ## What to Report | ||
|
|
||
| Please report _any_ violations of the Code of Conduct. Please include as much factual information as possible. | ||
|
|
||
| - If the alleged abuse happened in a digital setting please include any relevant logs or screenshots. | ||
| - If the alleged abuse happened in the real world are there any photos or video evidence? | ||
| - Are there any witnesses to the alleged abuse? | ||
| - Any other facts or information that you feel is relevant. | ||
|
|
||
| ## Who receives the Report | ||
|
|
||
| All maintainers of the Labrador organization receive emails sent to [[email protected]]. Currently the list of | ||
| maintainers include: | ||
|
|
||
| - Charles Sprayberry (https://cspray.io) | ||
|
|
||
| All mail sent to the labrador-kennel.io domain is handled by [Tutanota]; a privacy-focused, open-source email provider | ||
| offering end-to-end encryption and hosting in a country with privacy-centric laws. If your email originates from Tutanota | ||
| you can be assured that the only people able to read your email will be yourself and the maintainers with access to the | ||
| email account. Otherwise if your email is sent from a different email provider your data will be stored encrypted on | ||
| our end. | ||
|
|
||
| [[email protected]]: mailto:[email protected] | ||
| [Tutanota]: https://tutanota.com/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Security | ||
|
|
||
| We take security issues within Labrador very seriously. If you have found a credible attack that originates from Labrador | ||
| packages **PLEASE** report the appropriate details to [[email protected]]. The emails sent to this address | ||
| adhere to the same rule described in _"Who receives the Report"_ in [Reporting]. | ||
|
|
||
| If you would like to go a step beyond to ensure prompt resolution of your ticket the following would be extremely | ||
| beneficial: | ||
|
|
||
| - Create a private GitHub repository with the vulnerable Labrador package while including a: | ||
|
|
||
| - `EXPLOIT.md` file that describes what the exploit is, how it is carried out, and why it should be considered a | ||
| vulnerability. | ||
| - `exploit/` Any source code that could be used to verify the exploit. | ||
|
|
||
| [[email protected]]: mailto:[email protected] | ||
| [Reporting]: ./REPORTING.md |