Skip to content

Commit

Permalink
Improve new contributor documentation (#968)
Browse files Browse the repository at this point in the history
  • Loading branch information
@terriko
terriko committed Nov 12, 2020
1 parent 50ac4c6 commit b33bc8a
Showing 1 changed file with 171 additions and 23 deletions.
194 changes: 171 additions & 23 deletions doc/CONTRIBUTORS.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,30 @@
CVE Binary Tool Contributor Guide
=================================
# CVE Binary Tool Contributor Guide

The CVE Binary Tool team participates in a few events every year that are aimed at new people in open source. This guide is meant to help people get over the initial hurdle of figuring out how to use git and make a contribution.

If you've already contributed to other open source projects, contributing to the CVE Binary Tool project should be pretty similar and you can probably figure it out by guessing. But if you've never contributed to anything before, or you just want to see what we consider best practice before you start, this is the guide for you!

## Imposter syndrome disclaimer

_We want your help_. No really, we do.

Getting and maintaining a local copy of the source code
-------------------------------------------------------
There might be a little voice inside that tells you you're not ready; that you need to do one more tutorial, or learn another framework, or write a few more blog posts before you can help with this project.

I assure you, that's not the case.

This document contains some contribution guidelines and best practices, but if you don't get it right the first time we'll try to help you fix it.

The contribution guidelines outline the process that you'll need to follow to get a patch merged. By making expectations and process explicit, we hope it will make it easier for you to contribute.

And you don't just have to write code. You can help out by writing documentation, tests, or even by giving feedback about this work. (And yes, that includes giving feedback about the contribution guidelines.)

If have questions or want to chat, we have a [gitter chat room](https://gitter.im/cve-bin-tool/community) where you can ask questions, or you can put them in [GitHub issues](dhttps://github.com/intel/cve-bin-tool/issues) too.

Thank you for contributing!

This section is adapted from [this excellent document from @adriennefriend](https://github.com/adriennefriend/imposter-syndrome-disclaimer)

## Getting and maintaining a local copy of the source code

There are lots of different ways to use git, and it's so easy to get into a messy state that [there's a comic about it](https://xkcd.com/1597/). So... if you get stuck, remember, even experienced programmers sometimes just delete their trees and copy over the stuff they want manually.

Expand All @@ -20,26 +36,142 @@ Once you've got the copy, you can update it using

`git pull`

Git allows you to have "branches" with variant versions of the code. You can see what's available using `git branch` and switch to one using `git checkout branch_name`.
You're also going to want to have your own "fork" of the repository on GitHub.
To make a fork on GitHub, read the instructions at [Fork a
repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo).
A fork is a copy of the main repository that you control, and you'll be using
it to store and share your code with others. You only need to make the fork once.

Once you've set up your fork, you will find it useful to set up a git remote for pull requests:

`git remote add myfork git@github.com/MYUSERNAME/cve-bin-tool.git`

Replace MYUSERNAME with your own GitHub username.

## Setting up a virtualenv

This section isn't required, but many contributors find it helpful, especially for running tests using different versions of python.

[virtualenv](https://virtualenv.pypa.io/en/latest/) is a tool for setting up virtual python environments. This allows you to have all the dependencies for cve-binary-tool set up in a single environment, or have different environments set up for testing using different versions of Python.

To install it:

```bash
pip install vitualenv
```

To make a new venv using python 3.8:

```bash
virtualenv -p python3.8 ~/Code/venv3.8
```

Each time you want to use a virtualenv, you "activate" it using the activate script:

```bash
source ~/Code/venv3.8/bin/activate
```

And when you're done with the venv, you can deactivate it using the `deactivate` command.

While you're in a venv, the `python` command will point to whatever version you specified when the venv was created, and pip command will install things only in that venv so you don't have to worry about conflicts with other versions or system packages.

## Installing dependencies

The packages you need to run CVE Binary Tool are listed in the `requirements.txt` file in the main cve-bin-tool directory. You can install all of them using the following pip command.

To make your life easier, we recommend that the `master` branch always be kept in sync with the repo at `https://github.com/intel/cve-bin-tool`, as in you never check in any code to that branch.
```bash
pip install -r requirements.txt
```

## Running tests

The CVE Binary Tool has a set of tests that can be run using `pytest` command. Usually all the short tests should pass, although sometimes internet connectivity issues will cause problems.

[There is a README file in the tests directory](https://github.com/intel/cve-bin-tool/blob/master/test/README.md) which contains more info about how to run just specific tests, or how to run the longer tests which involve downloading full software packages to test the tool. The long tests sometimes fail due to package name changes, which may not be your fault unless you modified one of them.

## Running Black

Setting up your personal fork
-----------------------------
CVE Binary Tool uses Black as the style formatter. Contributors are requested
to format their code with Black before submitting, and the CI will warn you if your
code needs re-formatting.

To make a fork on github, read the instructions at [Fork a repo](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
Black can be installed using pip.

```bash
pip install black

This comment has been minimized.

Sign in to view

Copy link
@imsahil007

imsahil007 Nov 12, 2020

Contributor

I think it will be better if we update this command to
pip install git+git://github.com/psf/black
This way our tests won't fail considering the cases where the development version and the stable package has some serious changes.
```

To format the code, you run `black` followed by the filename you wish to reformat. For formatting a particular file name filename.py.

```bash
black filename.py
```

In many cases, it will make your life easier if you only run black on
files you've changed because you won't have to scroll through a pile of
auto-formatting changes to find your own modifications. However, you can also
specify a whole folder using ```./```

### Using pre-commit to run Black

We've provided a pre-commit hook (in `.pre-commit.config.yaml`) so if you want
to run Black locally before you commit, you can install pre-commit and install
the hook as follows from the main cve-bin-tool directory:

```bash
pip install pre-commit
pre-commit install
```

## Making a new branch & pull request

Git allows you to have "branches" with variant versions of the code. You can see what's available using `git branch` and switch to one using `git checkout branch_name`.

To make your life easier, we recommend that the `master` branch always be kept in sync with the repo at `https://github.com/intel/cve-bin-tool`, as in you never check in any code to that branch. That way, you can use that "clean" master branch as a basis for each new branch you start as follows:

```bash
git checkout master
git pull
git checkout -b my_new_branch
```

When you're ready to share that branch to make a pull request, make sure you've checked in all the files you're working on. You can get a list of the files you modified using `git status` and see what modifications you made using `git diff`

Use `git add FILENAME` to add the files you want to put in your pull request, and use `git commit` to check them in. Try to use [a clear commit message](https://chris.beams.io/posts/git-commit/). We usually merge pull requests into a single commit when we accept them, so it's fine if you have lots of commits in your branch while you figure stuff out.

Once your branch is ready and you've checked in all your code, push it to your fork:

```bash
git push myfork
```

From there, you can go to [our pull request page](https://github.com/intel/cve-bin-tool/pulls) to make a new pull request from the web interface.

## Code Review

Once you have created a pull request (PR), GitHub Actions will try to run all the tests on your code. If you can, make any modifications you need to make to ensure that they all pass, but if you get stuck a reviewer will see if they can help you fix them. Remember that you can run the tests locally while you're debugging; you don't have to wait for GitHub to run the tests (see the [Running tests](#running-tests) section above for how to run tests).

Someone will review your code and try to provide feedback in the comments on GitHub. Usually it takes a few days, sometimes up to a week. The core contributors for this project work on it as part of their day jobs and are usually on US Pacific time, so you might get an answer a bit faster during their work week.

If something needs fixing or we have questions, we'll work back and forth with you to get that sorted. We usually do most of the chatting directly in the pull request comments on GitHub, but if you're stuck you can also stop by our [Gitter chat room](https://gitter.im/cve-bin-tool/community) to talk with folk outside of the bug.

Once any issues are resolved, we'll merge your code. Yay!

In rare cases, the code won't work for us and we'll let you know. Sometimes this happens because someone else has already submitted a fix for the same bug, (Issues marked [good first issue](https://github.com/intel/cve-bin-tool/labels/good%20first%20issue) can be in high demand!) or because you worked on a checker that didn't have a good signature. Don't worry, these things happens, no one thinks less of you for trying!

## Style Guide for cve-bin-tool

This list contains all the style guide that one must follow while contributing so that code is consistent and maintainable.

### String Formatting

Python provides many different ways to format the string(you can read about them [here](https://realpython.com/python-formatted-output/))and we use f-string formatting in our tool.

**Note: As f-strings are only supported in python 3.6+. Please make sure you have version >=3.6**
**Note: As f-strings are only supported in python 3.6+.** Please make sure you have version >=3.6

- **Example:** Formatting string using f-string

```python
#Program prints a string containing name and age of person
name = "John Doe"
Expand All @@ -49,26 +181,42 @@ print(f"Name of the person is {name} and his age is {age}")
#Output
# "Name of the person is John Doe and his age is 23"
```

Note that the string started with the **'f'** followed by the string. Values are always added in the curly braces. Also we don't need to convert age into string. (we may have used **str(age )** before using it in the string) f-strings are useful as they provide many cool features. You can read more about features and the good practices to use f-strings [here](https://realpython.com/python-f-strings/#f-strings-a-new-and-improved-way-to-format-strings-in-python).

### Style Format
CVE Binary Tool uses Black as the style formatter. Contributors are requested to format their code with Black before submitting.
## Making documentation

The documentation for CVE Binary Tool can be found in the `doc/` directory (with the exception of the README.md file, which is stored in the main directory but linked in the documentation directory for convenience).

Like many other Python-based projects, CVE Binary Tool uses Sphinx and
ReadTheDocs to format and display documentation. If you're doing more than minor typo
fixes, you may want to install the relevant tools to build the docs. There's a
`requirements.txt` file available in the `doc/` directory you can use to install
sphinx and related tools:

#### Installing Black
Black can be easily installed with the help of pip.
```bash
$ pip install black
```
cd doc/
pip install -r requirements.txt
```

Once those are installed, you can build the documentation using `make` in the
docs directory:

#### Formatting Code
Formatting a file is easy. Just navigate to the file and run the following command. For formatting a particular file name filename.py.
```bash
$ black filename.py
make docs
```
But in real life you might want to format each file in a particular folder.

or use sphinx-build directly with the following options:

```bash
$ cd Code/
$ black ./
sphinx-build -b html . _build
```
In my case the name of the folder is Code. First navigate to the folder and then use black on the folder using ```./```

That will build the HTML rendering of the documentation and store it in the
`_build` directory. You can then use your web browser to go to that
directory and see what it looks like.

Note that you don't need to commit anything in the `_build` directory. Only the `.md` and `.rst` files should be checked in to the repository.

If you don't already have an editor that understands Markdown (`.md`) and
RestructuredText (.`rst`) files, you may want to try out Visual Studio Code, which is free and has a nice Markdown editor with a preview.

0 comments on commit b33bc8a

Please sign in to comment.