|
|
|
ECGALAXY components source code is managed on [code.europa.eu/ecgalaxy](https://code.europa.eu/ecgalaxy) and mirrored on [github.com/ecgalaxy](https://github.com/ecgalaxy).
|
|
|
|
It is also mirrored internally on European Commission's CITnet Bitbucket (within the ECGALAXY project).
|
|
|
|
|
|
|
|
# General considerations
|
|
|
|
|
|
|
|
Contributions are centralised on code.europa.eu/ecgalaxy.
|
|
|
|
|
|
|
|
In order to contribute, you will need to register on the platform first; please check [About code.europa.eu](https://code.europa.eu/info/about).
|
|
|
|
|
|
|
|
For a trivial fix or improvement, please feel free to open a merge request.
|
|
|
|
|
|
|
|
For a more advanced contribution, please open an issue, so we can discuss your idea first.
|
|
|
|
|
|
|
|
If you have found a security vulnerability in the ECGALAXY source code, please send an e-mail to DIGIT-ECGALAXY@ec.europa.eu (encrypt it with SECEM if possible).
|
|
|
|
|
|
|
|
# Guidelines
|
|
|
|
|
|
|
|
All the ECGALAXY components follow the [Semantic Versioning](https://semver.org/) and [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specifications, and implement main principles of [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
|
|
|
|
|
|
Each component source code must contain at least a README.md file and the EUPL license (when applicable) in a text format. Main releases are listed and documented in a RELEASES.md file.
|
|
|
|
|
|
|
|
## Commit messages
|
|
|
|
|
|
|
|
Commit messages types and their impact on versioning are:
|
|
|
|
|
|
|
|
- feat: to introduce a new feature (MINOR or MAJOR in case of a breaking change)
|
|
|
|
- fix: to fix a bug (PATCH)
|
|
|
|
- chore: to e.g. update a dependency (PATCH)
|
|
|
|
- ci: to update the CI pipeline configuration (PATCH)
|
|
|
|
- docs: to update the configuration (PATCH)
|
|
|
|
- test: for testing purposes
|
|
|
|
|
|
|
|
Using commit messages scopes is optional.
|
|
|
|
|
|
|
|
## Code style
|
|
|
|
|
|
|
|
- Ansible code is verified with (Ansible Lint)[https://ansible-lint.readthedocs.io/en/latest/]
|
|
|
|
- Terraform code is verified with (TFLint)[https://github.com/terraform-linters/tflint]
|
|
|
|
|
|
|
|
Linting must pass for a merge request to be accepted.
|
|
|
|
|
|
|
|
## Tests
|
|
|
|
|
|
|
|
- Ansible roles are tested with [Ansible Molecule](https://molecule.readthedocs.io/en/latest/)
|
|
|
|
- Ansible playbooks and managed infrastructures are tested with [TestInfra](https://testinfra.readthedocs.io/en/latest/)
|
|
|
|
- Terraform code is validated with built-in testing tools
|
|
|
|
|
|
|
|
Components must be covered by tests, and tests must pass for a merge request to be accepted.
|
|
|
|
|
|
|
|
## SAST
|
|
|
|
|
|
|
|
Static code analysis is performed with [KICS](https://github.com/Checkmarx/kics).
|
|
|
|
|
|
|
|
## Continuous Integration
|
|
|
|
|
|
|
|
Pipelines are executed when the code is updated or when a new tag is created.
|
|
|
|
|
|
|
|
They are also scheduled to be run every day; results of executions are monitored by the ECGALAXY team.
|
|
|
|
|
|
|
|
Pipelines must pass for a merge request to be accepted.
|
|
|
|
|
|
|
|
# Contact
|
|
|
|
|
|
|
|
If you have questions, please feel free to contact DIGIT-ECGALAXY@ec.europa.eu. |
|
|
|
\ No newline at end of file |
