Thank you for considering contributing to Cosign! We welcome any contributions, whether it's bug fixes, new features, or improvements to the existing codebase.
Review Sigstore's contribution guidelines which includes some high level information on how to contribute to Sigstore projects.
To help you get familiar with our contribution process, we have a list of good first issues which are relatively limited in scope.
Before working on an issue, please:
- Check the comments to see if someone is already working on it.
- If it's unassigned, comment that you're working on it to avoid duplication.
Before running Cosign, ensure that you have Go installed.
You can find a step by step guide to submit your contribution on Sigstore's contribution guidelines.
The following steps describe the build, unit testing, linting, and documentation processes:
To build cosign locally, run this command:
make cosignTo run the unit tests, execute the following command:
make testMake sure all tests pass without any failures or errors.
To run the linting checks, use the following command:
make lintAddress any linting warnings or errors before submitting your PR.
If your changes require updates to project documentation, run the following:
make docgenEnsure that the documentation is up-to-date and reflects your changes accurately.
Make sure to sign the Developer Certificate of Origin.
In addition to the README file, documentation for Cosign exists in the repository's doc folder and consists of one markdown file for each command. If you add, delete or modify a Cosign command you must also add, delete, or edit the appropriate file in the doc folder.