Contributing Guidelines

The Network Service Mesh project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.

Issues

Any user can open an issue in any repository. We do not have a division of issues into types. It is not recommended to use one issue for several problems. For each problem it is worth opening its own issue.

Pull Requests

All contributions come through pull requests. To submit a proposed change, we recommend following this workflow:

• Make sure there’s an issue raised, which sets the expectations for the contribution you are about to make.
• Fork the relevant repo and create a new branch
• Create your change
  • Code changes require tests
• Commit with DCO sign-off and open a PR
• Wait for the CI process to finish and make sure all checks are green
• A maintainer of the project will be assigned, and you can expect a review within a few days

Developer Certificate of Origin: Signing your work

Every commit needs to be signed

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO, reformatted for readability:

By making a contribution to this project, I certify that:

    (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

    (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

    (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

    (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

1
2
3

This is my commit message

Signed-off-by: Random J Developer <random@developer.example.org>

Git even has a -s command line option to append this automatically to your commit message:

1

git commit -s -m 'This is my commit message'

Each Pull Request is checked whether or not commits in a Pull Request do contain a valid Signed-off-by line.

I didn’t sign my commit, now what?!

No worries - You can easily replay your changes, sign them and force push them!

1
2
3

git checkout <branch-name>
git commit --amend --no-edit --signoff
git push --force-with-lease <remote-name> <branch-name>

Code of Conduct

We follow the CNCF Code of Conduct.

Getting Involved

We encourage discussion on our mailing list and IRC channel and accept pull requests.

Weekly Meetings

Communication Channels

Security Policy

Reporting a security issue

If you believe you have found a security issue in Network Service Mesh, please send a description of the issue to security@networkservicemesh.io. We will send a confirmation to acknowledge your report, and an additional email with the result of our assessment (normally within 1-2 working days).

Supported versions

Note that Network Service Mesh is developed and maintained on one track, thus we encourage our users to follow our latest releases. For this reason we only investigate whether the reported issue is affecting the latest release of Network Service Mesh and provide a fix in a patch release on top of the latest release.