diff --git a/.github/PR_REVIEW_TEMPLATE.md b/.github/PR_REVIEW_TEMPLATE.md deleted file mode 100644 index 16e16c9..0000000 --- a/.github/PR_REVIEW_TEMPLATE.md +++ /dev/null @@ -1,43 +0,0 @@ -# Pull Request Review Template - -## Overview -Provide a brief overview of the changes in this pull request (PR). - -## Type of Change -- [ ] Bug Fix -- [ ] New Feature -- [ ] Documentation Update -- [ ] Other (please specify) - -## Checklist -- [ ] Code follows the project’s style guidelines -- [ ] Code is self-documenting -- [ ] Unit tests have been added/modified -- [ ] Documentation has been updated - -## Review Comments -### Code Quality -- [ ] Code is easy to read and understand -- [ ] Proper error handling is implemented - -### Functionality -- [ ] Changes are functional and work as intended -- [ ] No new warnings or errors were introduced - -### Performance -- [ ] Code changes do not decrease the performance of the application - -### Security -- [ ] No sensitive information is exposed - -## Additional Notes -Provide any additional information or comments that may be helpful for the reviewer. - -## Review Checklist -- [ ] Review completed -- [ ] Approved changes -- [ ] Request changes - -## Reviewer Signature -_____ -**Date:** 2026-03-22 10:07:40 (UTC) \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 390fee1..0a7f93f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,32 +1,26 @@ ## Overview - - + ## Type of Change - - - -- [ ] Bug Fix -- [ ] New Feature -- [ ] Documentation Update -- [ ] Refactor +- [ ] 🐛 Bug Fix +- [ ] ✨ New Feature +- [ ] 📝 Documentation Update +- [ ] ♻️ Refactor +- [ ] 🔧 Configuration/CI - [ ] Other (please specify): ## Checklist - - - -- [ ] Code follows the project's style guidelines (`cargo fmt` passes) -- [ ] No Clippy warnings (`cargo clippy -- -D warnings` passes) -- [ ] Unit tests have been added or modified (`cargo test` passes) -- [ ] Documentation has been updated (`cargo doc --no-deps` passes) -- [ ] No sensitive information (keys, secrets, PII) is exposed -- [ ] Commit messages follow the conventional commit format (e.g., `feat:`, `fix:`, `chore:`) + +- [ ] Code follows the project's style guidelines (`cargo fmt`) +- [ ] Code passes lint checks (`cargo clippy`) +- [ ] Unit tests have been added/modified for changes +- [ ] Documentation has been updated (code comments, README, API docs) +- [ ] No sensitive information is exposed +- [ ] Commit messages follow [conventional format](https://www.conventionalcommits.org/) (`feat:`, `fix:`, `chore:`, etc.) +- [ ] For crypto changes: reviewed against [Rust Crypto Review Guidelines](.github/rust-crypto-review.md) ## Related Issues - - + ## Additional Notes - - + diff --git a/.github/REVIEW_CHECKLIST.md b/.github/review-checklist.md similarity index 68% rename from .github/REVIEW_CHECKLIST.md rename to .github/review-checklist.md index f394139..f60e79b 100644 --- a/.github/REVIEW_CHECKLIST.md +++ b/.github/review-checklist.md @@ -1,5 +1,7 @@ # PR Review Checklist +> **Note:** This checklist is used as a reference during both manual and automated PR reviews. Automated checks are run via GitHub Actions on every PR (see `.github/workflows/pr-review.yml`). + This document outlines the comprehensive checklist for reviewing pull requests to ensure high standards of quality across various aspects of the codebase. ## 1. Code Quality @@ -14,7 +16,7 @@ This document outlines the comprehensive checklist for reviewing pull requests t - [ ] All public-facing functions/modules have corresponding doc comments. ## 3. Rust Best Practices -- [ ] Use of idiomatic Rust constructs (e.g., ownership, borrowing)._ +- [ ] Use of idiomatic Rust constructs (e.g., ownership, borrowing). - [ ] Proper error handling practices. - [ ] Avoiding unnecessary clones or references. - [ ] Utilization of Rust's powerful type system effectively. @@ -36,7 +38,7 @@ This document outlines the comprehensive checklist for reviewing pull requests t - [ ] Ensure that tests can run in the CI/CD pipeline without issues. ## 7. Commit Message Standards -- [ ] Commit messages follow the conventional format (e.g., `feat:`, `fix:`, `chore:`). +- [ ] The **latest (HEAD) commit** message follows the conventional format (e.g., `feat:`, `fix:`, `chore:`). This is enforced as a hard failure by CI. - [ ] Each commit message is clear and explains the purpose of the change. - [ ] For multiple commits, ensure they are squashed into a single coherent commit where applicable. @@ -45,6 +47,18 @@ This document outlines the comprehensive checklist for reviewing pull requests t - [ ] Package metadata is correctly filled out (name, version, author). - [ ] Ensure compatibility settings are verified (e.g., Rust edition). +## 9. CI/CD Integration + +Automated checks are run via GitHub Actions on every PR. See `.github/workflows/pr-review.yml` for the full configuration. The following checks are enforced automatically: + +- [ ] `cargo fmt --check` passes (code formatting) +- [ ] `cargo clippy -- -D warnings` passes (lint checks) +- [ ] `cargo test` passes (unit tests) +- [ ] `cargo doc --no-deps` passes (documentation builds) +- [ ] `cargo audit` passes (security audit — no known vulnerabilities in dependencies) +- [ ] `cargo build --release` passes (release build succeeds) +- [ ] Commit messages follow the conventional commit format + --- -_Last updated on: 2026-03-22 09:53:20 UTC_ +_Last updated on: 2026-03-23_ diff --git a/.github/RUST_CRYPTO_REVIEW.md b/.github/rust-crypto-review.md similarity index 67% rename from .github/RUST_CRYPTO_REVIEW.md rename to .github/rust-crypto-review.md index 5e440e7..48c42df 100644 --- a/.github/RUST_CRYPTO_REVIEW.md +++ b/.github/rust-crypto-review.md @@ -15,13 +15,21 @@ These guidelines are designed to help contributors ensure that code related to R 3. **Unsafe Code**: Limit the use of `unsafe` blocks. Document why it is necessary if used. ## Cryptography-Specific Guidelines -1. **Use Standard Libraries**: Whenever possible, use established cryptographic libraries like `rust-crypto` or `ring` instead of implementing your own cryptographic functions. +1. **Use Standard Libraries**: Whenever possible, use established cryptographic libraries from the [RustCrypto](https://github.com/RustCrypto) crate family (e.g., `sha2`, `aes`, `ed25519-dalek`) or `ring` instead of implementing your own cryptographic functions. Avoid the unmaintained `rust-crypto` crate — use the actively-maintained `RustCrypto` ecosystem instead. The project already uses `ed25519-dalek` for digital signatures. 2. **Security Practices**: Follow best practices for cryptographic implementations: - Use established algorithms with good security properties. - Avoid using obsolete algorithms such as MD5 and SHA-1. - Regularly update dependencies and apply security patches. 3. **Randomness**: Use secure random number generators provided by the `rand` crate. Avoid using `rand::random()` in security-sensitive contexts. +## Dependency Pinning + +Cryptographic dependencies should be pinned to specific versions to ensure reproducible builds and avoid unexpected breakage from upstream changes. + +- Pin cryptographic crate versions in `Cargo.toml` (e.g., `ed25519-dalek = "2.1.1"` rather than `ed25519-dalek = "2"`). +- Run `cargo audit` regularly to check for known vulnerabilities in dependencies. This is also enforced automatically on every PR via the GitHub Actions workflow (`.github/workflows/pr-review.yml`). +- Review and update dependency versions deliberately, especially for security-sensitive crates. + ## Review Process 1. **Peer Review**: All cryptographic code must undergo peer review. 2. **Automated Tools**: Utilize automated tools like Clippy and Rustfmt for linting and formatting. @@ -32,4 +40,4 @@ By adhering to these guidelines, we can maintain high standards for Rust and cry --- -_Last updated: 2026-03-22 09:58:38 (UTC)_ \ No newline at end of file +_Last updated: 2026-03-23_ \ No newline at end of file