Thank you for your interest in contributing to git-safe! This document provides guidelines and information for contributors.
- Code of Conduct
- Getting Started
- Development Setup
- Making Changes
- Testing
- Code Style
- Security Considerations
- Submitting Changes
- Release Process
This project adheres to a code of conduct that we expect all contributors to follow:
- Be respectful and inclusive
- Focus on constructive feedback
- Help maintain a welcoming environment for all contributors
- Report any unacceptable behavior to the project maintainers
- Python 3.10 or higher
- Git
- GPG (for testing GPG functionality)
-
Fork and clone the repository:
git clone https://github.com/hemonserrat/git-safe.git cd git-safe -
Create a virtual environment:
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate
-
Install development dependencies:
pip install -e ".[dev,security]" -
Install pre-commit hooks (optional but recommended):
pre-commit install
-
Verify your setup:
pytest git-safe --help
Use descriptive branch names:
feature/add-new-encryption-modefix/keyfile-permission-issuedocs/update-installation-guiderefactor/improve-error-handling
Follow conventional commit format:
type(scope): description
[optional body]
[optional footer]
Types:
feat: New featuresfix: Bug fixesdocs: Documentation changesstyle: Code style changes (formatting, etc.)refactor: Code refactoringtest: Adding or updating testschore: Maintenance tasks
Examples:
feat(crypto): add support for AES-GCM encryption
fix(keyfile): handle permission errors gracefully
docs(readme): update installation instructions
# Run all tests
pytest
# Run with coverage
pytest --cov=git_safe --cov-report=html
# Run specific test file
pytest tests/test_crypto.py
# Run tests with verbose output
pytest -v- Unit Tests: Test individual functions and classes
- Integration Tests: Test component interactions
- Security Tests: Verify cryptographic operations
- CLI Tests: Test command-line interface
- Place tests in the
tests/directory - Name test files as
test_*.py - Use descriptive test function names
- Include both positive and negative test cases
- Test edge cases and error conditions
Example test structure:
def test_encrypt_file_success():
"""Test successful file encryption."""
# Arrange
# Act
# Assert
def test_encrypt_file_invalid_key():
"""Test encryption with invalid key raises appropriate error."""
# Test error conditionsWe use several tools to maintain code quality:
# Format code
black .
# Sort imports
isort .
# Lint code
ruff check .
# Type checking (optional)
mypy git_safe/- Follow PEP 8 with 120 character line limit
- Use double quotes for strings
- Add type hints for new code (when practical)
- Write docstrings for public functions and classes
- Keep functions focused and reasonably sized (< 50 lines)
- Update docstrings when changing function signatures
- Add comments for complex cryptographic operations
- Update README.md for user-facing changes
- Include examples in docstrings when helpful
Since git-safe is a cryptographic tool, security is paramount:
- Cryptographic Changes: All changes to cryptographic code require extra scrutiny
- Dependency Updates: Security-related dependencies need careful review
- Input Validation: Always validate user inputs, especially file paths
- Error Handling: Avoid leaking sensitive information in error messages
# Run security linting
bandit -r git_safe/
# Check for known vulnerabilities
safety checkPlease report security vulnerabilities privately to the maintainers rather than opening public issues.
- Create a feature branch from
main - Make your changes following the guidelines above
- Add or update tests for your changes
- Update documentation if needed
- Run the full test suite and ensure it passes
- Submit a pull request with a clear description
## Description
Brief description of changes
## Type of Change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation update
## Testing
- [ ] Tests pass locally
- [ ] Added tests for new functionality
- [ ] Updated documentation
## Security Checklist (if applicable)
- [ ] No sensitive data in logs
- [ ] Input validation added
- [ ] Cryptographic operations reviewed- Automated Checks: CI/CD pipeline runs tests and security scans
- Code Review: Maintainers review code for quality and security
- Testing: Changes are tested in different environments
- Approval: At least one maintainer approval required
- Merge: Changes are merged into main branch
Releases follow semantic versioning (SemVer):
- Major (X.0.0): Breaking changes
- Minor (0.X.0): New features, backward compatible
- Patch (0.0.X): Bug fixes, backward compatible
- Update version in
pyproject.tomlandsetup.py - Update
CHANGELOG.md - Create and push a version tag:
git tag v1.0.0 - GitHub Actions automatically creates release and publishes to PyPI
# Use Python debugger
python -m pdb -m git_safe.cli encrypt# Generate test GPG key
gpg --batch --generate-key <<EOF
Key-Type: RSA
Key-Length: 2048
Name-Real: Test User
Name-Email: test@example.com
Expire-Date: 1y
%no-protection
%commit
EOF# Profile code execution
python -m cProfile -o profile.stats -m git_safe.cli encrypt
python -c "import pstats; pstats.Stats('profile.stats').sort_stats('cumulative').print_stats(10)"- Documentation: Check the README.md and code comments
- Issues: Search existing GitHub issues
- Discussions: Use GitHub Discussions for questions
- Contact: Reach out to maintainers for complex issues
Contributors are recognized in:
- GitHub contributors list
- Release notes for significant contributions
- Special thanks in documentation updates
Thank you for contributing to git-safe! 🔒