diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..9aea37bd --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,123 @@ +# Contributing + +Thank you for contributing to KGraphQL! +All contributions are welcome, feel free to open issues and PRs. + +## Getting Started + +To perform a local build you only need to have JDK 11 installed and invoke + +```bash +./gradlew build +``` + +You can verify your changes using + +```bash +./gradlew check +``` + +Please also ensure that the existing examples are still working, or adapt them as necessary. + +## Creating a Pull Request + +Pull requests are the best way of getting your changes into the code base. +Before opening a pull request for non-trivial changes, it might be good to open an issue for discussion first to +avoid unnecessary work, although this is not required. + +To support reviewing your changes, please + +- Target the `main` branch +- Submit **one** pull request per bug or feature to keep the changes small and concise +- Follow existing code style and conventions +- Add automated tests when possible +- Structure your changes in as little _meaningful_ commits as possible. Don't be shy to force-push if needed. + +## Writing Commit Messages + +Commit messages matter. Ideally, your commit has + +* A short subject line with a prefix according + to [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/), + not longer than 50 characters, and +* A descriptive body explaining **what** and **why** you did, separated by a blank line + +This will automatically pre-fill the pull request title and description with meaningful +content. + +Example: + +```text +Summarize changes in around 50 characters or less + +More detailed explanatory text, if necessary. Wrap it to about 72 +characters or so. In some contexts, the first line is treated as the +subject of the commit and the rest of the text as the body. The +blank line separating the summary from the body is critical (unless +you omit the body entirely); various tools like `log`, `shortlog` +and `rebase` can get confused if you run the two together. + +Explain the problem that this commit is solving. Focus on why you +are making this change as opposed to how (the code explains that). +Are there side effects or other unintuitive consequences of this +change? Here's the place to explain them. + +Further paragraphs come after blank lines. + + - Bullet points are okay, too + + - Typically a hyphen or asterisk is used for the bullet, preceded + by a single space, with blank lines in between, but conventions + vary here + +If you use an issue tracker, put references to them at the bottom, +like this: + +Resolves: #123 +See also: #456, #789 +``` + +See [How to Write a Git Commit Message](https://cbea.ms/git-commit/) for a more thorough explanation. + +## Developer Certificate of Origin + +Lastly, the boring (but unfortunately important) legal part. + +Tl;dr: you guarantee that you did not simply copy someone else's code without permission. + +``` +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` diff --git a/README.MD b/README.MD index a56d6189..b26ce78d 100644 --- a/README.MD +++ b/README.MD @@ -1,6 +1,7 @@ # KGraphQL [![Maven Central](https://img.shields.io/maven-central/v/de.stuebingerb/kgraphql.svg?label=Maven%20Central)](https://search.maven.org/search?q=g:%22de.stuebingerb%22%20AND%20a:%22kgraphql%22) +[![CodeQL](https://github.com/stuebingerb/KGraphQL/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/stuebingerb/KGraphQL/actions/workflows/github-code-scanning/codeql) KGraphQL is a [Kotlin](https://kotlinlang.org/) implementation of [GraphQL](http://graphql.org/) based on [aPureBase/KGraphQL](https://github.com/aPureBase/KGraphQL). It provides a rich DSL to set up the GraphQL schema. @@ -41,32 +42,22 @@ See the [documentation](https://kgraphql.io/) for a more detailed explanation of ## Contributing -All contributions are welcome. Feel free to open issues and PRs! - -## Building - -To build KGraphQL you only need to have JDK 11 installed. Invoke - -```bash -./gradlew build -``` - -To perform local build. +See [Contributing](CONTRIBUTING.md). ## Examples -Working examples are located [here](examples). Every example is its own project, separated from the library build. -To build and/or run it, move into the folder of the example (e.g. [here](examples/ktor)) -and execute Gradle tasks from here. +Working examples are located in the [examples](examples) folder. Every example is its own project, separated from the +library build. To build and/or run it, move into the folder of the example (e.g. [ktor](examples/ktor)) +and execute Gradle tasks from there. ## Versioning -The versioning from 1.0.0 on is following [Semantic Versioning](http://semver.org/) +The versioning from 1.0.0 on follows [Semantic Versioning](http://semver.org/). ## Links -Specification: https://spec.graphql.org/ +GraphQL specification: https://spec.graphql.org/ ## License -KGraphQL is Open Source software released under the [MIT license](https://opensource.org/licenses/MIT) +KGraphQL is Open Source software released under the [MIT license](https://opensource.org/licenses/MIT). diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..058ec347 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +# Security Policy + +## Supported Versions + +Prior to 1.0.0, security patches will be applied to the **current** version only. + +## Reporting a Vulnerability + +This repository supports [privately reporting a security vulnerability +](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). + +If you believe that you have found a security vulnerability, please **do not** file a public issue or disclose it +otherwise. Instead, report it privately via the process described above. + +When you report a vulnerability, please include as many details as possible, ideally even a PoC for an exploit. This +will help to significantly speed up the fix and verify that it is indeed resolved.