Thank you for contributing your time and expertise to the OSS Criticality Score project. This document describes the contribution guidelines for the project.
Note: Before you start contributing, you must read and abide by our Code of Conduct.
- Create a GitHub account
- Create a personal access token
- (Optionally) a Google Cloud Platform account for deps.dev data
- Set up your development environment
Then you can iterate.
You must install these tools:
And optionally:
gcloud
: For Google Cloud Platform access for deps.dev data.
Then clone the repository, e.g:
$ git clone [email protected]:ossf/criticality_score.git
$ cd criticality_score
-
Find or create an issue
-
Make code changes to:
- the collect_signals CLI tool
- the GitHub enumerator
- the signal collector worker
- the scorer
- the scorer algorithm configuration
-
Run your changes. For example, for a single repository this can be done by executing:
$ export GITHUB_TOKEN=ghp_x # the personal access token created above
$ go run ./cmd/criticality_score \
-log=debug \
-depsdev-disable \ # remove if you have a GCP account configured
"https://github.com/{ a repo }"
Note: Each of the tools listed above can be run individually and has their own README.
- Ensure your code passes tests and lint checks:
$ make test
$ make lint
- Commit your change. Upload to a fork, and create a pull request!