Skip to content

Commit b53456f

Browse files
committed
docs: add GitHub community-standard files
Code of conduct, contributing guide, security policy, issue templates, and PR template. Security policy and issue/PR templates warn against pasting FedEx credentials.
1 parent b703a62 commit b53456f

7 files changed

Lines changed: 297 additions & 0 deletions

File tree

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
name: Bug report
2+
description: Something isn't working as expected
3+
labels: ["bug"]
4+
body:
5+
- type: markdown
6+
attributes:
7+
value: |
8+
Thanks for the report! **Do not paste FedEx API keys, secret keys, account numbers, or
9+
OAuth tokens** anywhere in this issue — redact them first.
10+
- type: textarea
11+
id: what-happened
12+
attributes:
13+
label: What happened?
14+
description: What did you expect, and what happened instead?
15+
placeholder: When I run "Get Rates" with…, I expected… but got…
16+
validations:
17+
required: true
18+
- type: dropdown
19+
id: operation
20+
attributes:
21+
label: Which operation?
22+
options:
23+
- Track (Tracking)
24+
- Get Rates (Shipping)
25+
- Create shipment / label (Shipping)
26+
- Validate address (Shipping)
27+
- Credential setup / OAuth
28+
- Other / not sure
29+
validations:
30+
required: true
31+
- type: dropdown
32+
id: environment
33+
attributes:
34+
label: FedEx environment
35+
options:
36+
- Sandbox
37+
- Production
38+
validations:
39+
required: true
40+
- type: textarea
41+
id: repro
42+
attributes:
43+
label: Steps to reproduce
44+
placeholder: |
45+
1. Add a FedEx node…
46+
2. Set operation to…
47+
3. Run…
48+
validations:
49+
required: true
50+
- type: textarea
51+
id: error
52+
attributes:
53+
label: Error message / output
54+
description: Paste the error from n8n. Redact any credentials or account numbers first.
55+
render: text
56+
- type: input
57+
id: node-version
58+
attributes:
59+
label: n8n-nodes-fedex version
60+
placeholder: e.g. 0.2.0
61+
validations:
62+
required: true
63+
- type: input
64+
id: n8n-version
65+
attributes:
66+
label: n8n version
67+
placeholder: e.g. 2.25.7
68+
validations:
69+
required: true
70+
- type: checkboxes
71+
id: no-secrets
72+
attributes:
73+
label: Confirmation
74+
options:
75+
- label: I have removed all credentials, secret keys, and account numbers from this report.
76+
required: true

.github/ISSUE_TEMPLATE/config.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
blank_issues_enabled: false
2+
contact_links:
3+
- name: Security vulnerability
4+
url: https://github.com/nodrel-dev/n8n-fedex-node/security/advisories/new
5+
about: Please report security issues privately, not as a public issue. See SECURITY.md.
6+
- name: Question / usage help
7+
url: https://github.com/nodrel-dev/n8n-fedex-node/discussions
8+
about: For setup and usage questions, please start a discussion.
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
name: Feature request
2+
description: Suggest a new operation or improvement
3+
labels: ["enhancement"]
4+
body:
5+
- type: textarea
6+
id: problem
7+
attributes:
8+
label: What problem would this solve?
9+
description: The use case or limitation you're hitting.
10+
validations:
11+
required: true
12+
- type: textarea
13+
id: proposal
14+
attributes:
15+
label: Proposed solution
16+
description: What should the node do? If it maps to a specific FedEx API, link or name it.
17+
validations:
18+
required: true
19+
- type: dropdown
20+
id: area
21+
attributes:
22+
label: Area
23+
options:
24+
- New FedEx operation (e.g. Pickup, Locations, Service Availability)
25+
- Existing operation — more fields/options
26+
- Credentials / auth
27+
- Output shape / binary handling
28+
- Other
29+
validations:
30+
required: true
31+
- type: textarea
32+
id: alternatives
33+
attributes:
34+
label: Alternatives or workarounds
35+
description: Anything you've tried or considered.

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
<!-- Thanks for contributing! Please fill this out so it can be reviewed quickly. -->
2+
3+
## What does this change?
4+
5+
<!-- Brief summary and the motivation. Link any related issue: Closes #__ -->
6+
7+
## Type of change
8+
9+
- [ ] Bug fix (`fix:`)
10+
- [ ] New feature / operation (`feat:`)
11+
- [ ] Breaking change (`feat!:` / `BREAKING CHANGE:`)
12+
- [ ] Docs / chore / refactor / tests
13+
14+
## Checklist
15+
16+
- [ ] `pnpm build` passes
17+
- [ ] `pnpm lint` passes (ESLint config left unchanged)
18+
- [ ] `pnpm test` passes
19+
- [ ] Verified manually against the FedEx **sandbox** (if behavior changed)
20+
- [ ] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/)
21+
- [ ] **No credentials or secrets** (FedEx API keys, secret keys, account numbers, tokens) appear in
22+
the diff, tests, screenshots, or description
23+
24+
## Notes for reviewers
25+
26+
<!-- Anything tricky, trade-offs, or follow-ups. -->

CODE_OF_CONDUCT.md

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# Contributor Covenant Code of Conduct
2+
3+
## Our Pledge
4+
5+
We as members, contributors, and leaders pledge to make participation in our community a
6+
harassment-free experience for everyone, regardless of age, body size, visible or invisible
7+
disability, ethnicity, sex characteristics, gender identity and expression, level of experience,
8+
education, socio-economic status, nationality, personal appearance, race, religion, or sexual
9+
identity and orientation.
10+
11+
We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive,
12+
and healthy community.
13+
14+
## Our Standards
15+
16+
Examples of behavior that contributes to a positive environment include demonstrating empathy and
17+
kindness, being respectful of differing opinions and experiences, giving and gracefully accepting
18+
constructive feedback, accepting responsibility and apologizing to those affected by our mistakes,
19+
and focusing on what is best for the overall community.
20+
21+
Examples of unacceptable behavior include the use of sexualized language or imagery and unwelcome
22+
sexual attention or advances; trolling, insulting or derogatory comments, and personal or political
23+
attacks; public or private harassment; publishing others' private information without explicit
24+
permission; and other conduct which could reasonably be considered inappropriate in a professional
25+
setting.
26+
27+
## Enforcement Responsibilities
28+
29+
Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior
30+
and will take appropriate and fair corrective action in response to any behavior that they deem
31+
inappropriate, threatening, offensive, or harmful.
32+
33+
## Scope
34+
35+
This Code of Conduct applies within all community spaces, and also applies when an individual is
36+
officially representing the community in public spaces.
37+
38+
## Enforcement
39+
40+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community
41+
leaders responsible for enforcement at **kytully@gmail.com**. All complaints will be reviewed and
42+
investigated promptly and fairly. Community leaders are obligated to respect the privacy and
43+
security of the reporter of any incident.
44+
45+
## Attribution
46+
47+
This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
48+
version 2.1, available at
49+
https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.

CONTRIBUTING.md

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
# Contributing to n8n-nodes-fedex
2+
3+
Thanks for your interest! This is an [n8n community node](https://docs.n8n.io/integrations/community-nodes/)
4+
that talks directly to the FedEx REST API. Contributions — bug reports, fixes, new operations — are
5+
welcome.
6+
7+
By participating you agree to abide by the [Code of Conduct](./CODE_OF_CONDUCT.md).
8+
9+
## Getting set up
10+
11+
**Use [pnpm](https://pnpm.io/).** npm installs are blocked (the toolchain enforces it with an
12+
`only-allow` postinstall). Node.js **22.22+** is required.
13+
14+
```bash
15+
pnpm install
16+
pnpm build # n8n-node build — compile + copy assets
17+
pnpm lint # n8n-node lint
18+
pnpm test # vitest (unit tests for the pure assembly cores)
19+
pnpm dev # n8n-node dev — runs n8n locally with the node loaded + live rebuild
20+
```
21+
22+
## Testing your change
23+
24+
There are unit tests (`vitest`) for the pure helper "cores", but most behavior is verified
25+
**manually against the FedEx sandbox**:
26+
27+
1. `pnpm dev` to launch n8n with the node loaded.
28+
2. Add a FedEx credential, select the **Sandbox** environment, and use FedEx's sandbox test
29+
tracking numbers / test account.
30+
3. Exercise the operation you changed end to end.
31+
32+
Please confirm `pnpm build`, `pnpm lint`, and `pnpm test` all pass before opening a PR.
33+
34+
## How the node is organized
35+
36+
- One node, `nodes/Fedex/Fedex.node.ts`, with **two resources that mirror the two FedEx
37+
developer-portal projects** (and their separate credentials):
38+
- **Tracking** → Track (uses the Track API credential)
39+
- **Shipping** → Get Rates, Create, Validate (uses the shipping-project credential: Rate + Ship +
40+
Address Validation)
41+
- Per-resource descriptions live in `nodes/Fedex/resources/<resource>/`; reusable, context-free
42+
logic lives in `nodes/Fedex/cores/` (these are what the unit tests cover).
43+
- Architecture decisions are documented in [`docs/adr/`](./docs/adr/). Skim them before larger
44+
changes.
45+
46+
> Some reference material (FedEx's captured API specs and the commercial brief) lives in a private
47+
> companion repo and isn't needed to contribute code. The public ADRs and `documentation.yaml`
48+
> cover the API shapes you'll need.
49+
50+
## Commits & releases
51+
52+
- Follow [Conventional Commits](https://www.conventionalcommits.org/): `feat:`, `fix:`, `docs:`,
53+
`chore:`, `refactor:`, `test:`, `ci:`, and `feat!:` / `BREAKING CHANGE:` for breaking changes.
54+
- Releases are automated by **release-please** from those commit messages, then published to npm
55+
with provenance — no manual version bumps. Don't edit `package.json` `version` or `CHANGELOG.md`.
56+
- **Don't modify the ESLint config** — CI verifies it is unchanged from the n8n default.
57+
58+
## Pull requests
59+
60+
1. Branch from `main`, make focused commits.
61+
2. Ensure build, lint, and tests pass and you've sandbox-tested the change.
62+
3. Fill out the PR template, including confirming **no credentials/secrets** are included.
63+
4. Link any related issue.
64+
65+
## Security & credentials
66+
67+
Never commit or paste FedEx API keys, secret keys, or account numbers anywhere in the repo, issues,
68+
or PRs. See [SECURITY.md](./SECURITY.md). Keep secrets in n8n's credential store or a local
69+
`.env.local` (gitignored).

SECURITY.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
# Security Policy
2+
3+
## Reporting a vulnerability
4+
5+
**Please do not open a public issue for security vulnerabilities.**
6+
7+
Report privately via GitHub's [private vulnerability reporting](https://github.com/nodrel-dev/n8n-fedex-node/security/advisories/new),
8+
or by email to **kytully@gmail.com**. Include a description, affected version, and reproduction
9+
steps. You'll get an acknowledgement within a few days, and a fix or mitigation as quickly as is
10+
practical.
11+
12+
## Supported versions
13+
14+
This is a pre-1.0 package; only the latest published `0.x` release on npm receives security fixes.
15+
Always run the newest version.
16+
17+
## Credential safety (important)
18+
19+
This node talks to the FedEx REST API using **your own** FedEx API Key / Secret Key and account
20+
number, supplied through n8n's encrypted credential store. To keep them safe:
21+
22+
- **Never paste API keys, secret keys, OAuth tokens, or account numbers** into GitHub issues,
23+
pull requests, discussions, logs, or screenshots. Redact them first.
24+
- Keep credentials in n8n's credential manager (or a local `.env.local` for development) — never
25+
hardcode them in workflows, code, or committed files.
26+
- The credential defaults to the **sandbox** environment so a half-configured connection cannot
27+
hit a live account. Switch to production only when you intend to.
28+
- If you believe a key has been exposed, rotate it in the FedEx Developer Portal immediately.
29+
30+
## Supply-chain integrity
31+
32+
Releases are published to npm from GitHub Actions with **npm provenance** (SLSA attestation) over
33+
OIDC Trusted Publishing — no long-lived tokens. You can verify a published version's provenance on
34+
its npm page.

0 commit comments

Comments
 (0)