We welcome contributions from the Shopify development community!
- Node.js 18+
- Git
- Familiarity with Shopify theme development
- Understanding of multi-shop/multi-brand workflows
# Clone the repository
git clone https://github.com/shopdevs/multi-shop-cli.git
cd multi-shop-cli
# Install dependencies
pnpm install
# Run tests to verify setup
pnpm test
# Start development mode
pnpm run devgit checkout main
git pull origin main
git checkout -b feature/your-feature-name# Make your changes
# Add comprehensive tests
# Update documentation
# Validate your changes
pnpm run validate # Runs lint, typecheck, and tests# Unit tests
pnpm test
# E2E tests
pnpm run test:e2e
# Security checks
pnpm run security:audit
# Performance validation
pnpm run test:performancegit push origin feature/your-feature-name
# Then create PR via GitHub interface- Tests added/updated - All new functionality has tests
- Documentation updated - README, JSDoc, guides updated
- Type safety - TypeScript types added for new APIs
- Security reviewed - No credential exposure, input validation added
- Performance tested - No performance regressions
- Cross-platform tested - Works on Windows, macOS, Linux
- Breaking changes documented - Migration guide provided if needed
## What does this PR do?
Brief description of the changes
## Why is this change needed?
Context about the problem being solved
## How was this tested?
- [ ] Unit tests added/updated
- [ ] E2E tests pass
- [ ] Manually tested on [OS/environment]
- [ ] Performance impact assessed
## Breaking changes?
- [ ] No breaking changes
- [ ] Breaking changes (migration guide provided)
## Security considerations
- [ ] No new security risks introduced
- [ ] Input validation added where needed
- [ ] No credentials exposed in logs/errors- Minimum 80% coverage for all new code
- 100% coverage for security-critical functions
- Integration tests for CLI workflows
- Performance tests for operations >1000ms
describe('ShopManager', () => {
test('should create shop configuration', () => {
// Test individual methods
});
});describe('Shop Creation Workflow', () => {
test('should complete full shop setup', () => {
// Test complete workflows
});
});describe('Credential Security', () => {
test('should never expose credentials', () => {
// Test security measures
});
});describe('Performance', () => {
test('should complete operations within SLA', () => {
// Test performance requirements
});
});/**
* Creates a new shop configuration with validation
* @param {string} shopId - Unique shop identifier
* @param {Object} config - Shop configuration object
* @param {Object} config.shopify - Shopify-specific settings
* @returns {Promise<Object>} Created shop configuration
* @throws {ShopValidationError} When configuration is invalid
* @throws {ShopConfigurationError} When creation fails
* @example
* const config = await shopManager.createShop('my-shop', {
* name: 'My Shop',
* shopify: { stores: { ... } }
* });
*/
async createShop(shopId, config) {
// Implementation
}- Update feature sections for new capabilities
- Add examples for new commands
- Update installation instructions if needed
- Include migration notes for breaking changes
Follow Conventional Changelog:
## [1.1.0] - 2025-01-25
### Added
- New campaign management features
- Enhanced security validation
### Changed
- Improved error messages
- Updated CLI interface
### Fixed
- Credential validation edge case
- Performance issue with large shop lists
### Security
- Enhanced credential encryption
- Added audit logging- Use
SecurityManagerfor all credential operations - Validate all user inputs with schemas
- Log operations without sensitive data
- Use proper file permissions (600 for credentials)
- Implement integrity checks for credential files
- Log or display actual theme tokens
- Store credentials in environment variables
- Use credentials in test fixtures (use mocks)
- Transmit credentials over network
- Include credentials in error messages
// ✅ Correct: Validated input
const validator = new ShopConfigValidator();
const safeShopId = validator.validateShopId(userInput);
// ❌ Wrong: Unvalidated input
const shopId = userInput; // Potential injection vector- CLI startup: <500ms cold start
- Shop operations: <2 seconds for complex operations
- Memory usage: <100MB for typical workflows
- File I/O: Minimize filesystem operations
test('should complete shop listing within performance SLA', () => {
const startTime = performance.now();
const shops = shopManager.listShops();
const duration = performance.now() - startTime;
expect(duration).toBeLessThan(100); // 100ms SLA
});We follow Semantic Versioning:
- MAJOR (1.0.0 → 2.0.0): Breaking changes
- MINOR (1.0.0 → 1.1.0): New features (backwards compatible)
- PATCH (1.0.0 → 1.0.1): Bug fixes (backwards compatible)
- All tests passing on all supported platforms
- Security audit clean
- Performance benchmarks met
- Documentation updated
- CHANGELOG.md updated
- Version bumped appropriately
- GitHub release created with release notes
# Validate release
pnpm run validate
# Version bump and publish
pnpm run releaseOur CI pipeline runs automatically on every push and pull request:
- Node versions: 18, 20, 22
- Operating systems: Ubuntu, macOS, Windows
- Total test combinations: 9 (3 nodes × 3 OSes)
1. Test Job (runs on all matrix combinations)
- Checkout code
- Install dependencies (pnpm)
- Run linter
- Run type checking
- Run test suite
- Upload coverage (Ubuntu + Node 20 only)2. Quality Job (runs on Ubuntu + Node 20)
- Run full validation (lint + typecheck + test)
- Check package size
- Build package
- Verify build output3. Security Job (runs on Ubuntu + Node 20)
- Run npm audit
- Check for outdated dependenciesAll PRs must pass CI before merging:
- ✅ All tests pass on all platforms
- ✅ No linting errors
- ✅ No type errors
- ✅ Build succeeds
- ✅ Coverage report uploaded
View CI status: GitHub Actions
Releases are triggered manually via GitHub Actions:
-
Prepare:
- Update
CHANGELOG.mdwith release notes - Move
[Unreleased]content to new version section - Commit changelog changes
- Update
-
Trigger Release:
- Go to Actions → Release workflow
- Select version type (patch/minor/major)
- Click "Run workflow"
-
Automated Steps:
- Run full validation
- Build package
- Version bump (npm version)
- Create GitHub release
- Publish to npm
- Push changes and tags
-
Post-Release:
- Verify package on npm
- Test installation
- Update dependent projects
# Ensure changelog is updated
pnpm run update-changelog
# Run release script
pnpm run release:patch # or release:minor, release:major- GitHub Issues: Bug reports and feature requests
- GitHub Discussions: General questions and community help
- Email: security@shopdevs.com (security issues only)
- Be respectful and inclusive
- Focus on constructive feedback
- Help others learn and grow
- Report security issues responsibly
- ESLint + Prettier: Code formatting and linting
- Jest: Testing framework with coverage reporting
- TypeScript: Type safety and documentation
- Commander.js: CLI framework
- @clack/prompts: Beautiful CLI interfaces
Thank you for contributing to the Shopify development ecosystem! 🎉