From 7ac7313bdb4d8a8c6943fbbc8fbd25d736690e39 Mon Sep 17 00:00:00 2001 From: Rene Cannao Date: Mon, 23 Mar 2026 21:59:11 +0000 Subject: [PATCH] Add community governance files Add CODE_OF_CONDUCT.md, CONTRIBUTING.md, MAINTAINERS.md, and SECURITY.md to establish community standards, contribution guidelines, maintainer information, and security reporting policies for the project. --- CODE_OF_CONDUCT.md | 53 ++++++++++++++++++++++++++++++ CONTRIBUTING.md | 80 ++++++++++++++++++++++++++++++++++++++++++++++ MAINTAINERS.md | 21 ++++++++++++ SECURITY.md | 30 +++++++++++++++++ 4 files changed, 184 insertions(+) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 MAINTAINERS.md create mode 100644 SECURITY.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..82164568 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,53 @@ +# Contributor Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a welcoming experience for everyone. + +We pledge to act and interact in ways that contribute to an open, friendly, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment: + +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Focusing on what is best for the community +- Showing empathy towards other community members + +Examples of unacceptable behavior: + +- Trolling, insulting or derogatory comments, and personal attacks +- Public or private harassment +- Publishing others' private information without explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. + +## Enforcement + +Instances of unacceptable behavior may be reported to the community leaders +responsible for enforcement at **conduct@proxysql.com**. + +All complaints will be reviewed and investigated promptly and fairly. All +community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), +version 2.1, available at +https://www.contributor-covenant.org/version/2/1/code_of_conduct.html. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..8f48819f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,80 @@ +# Contributing to Orchestrator + +Thank you for your interest in contributing to orchestrator! This project is maintained by [ProxySQL LLC](https://proxysql.com) and we welcome contributions from the community. + +## How to Contribute + +### Reporting Bugs + +- Use [GitHub Issues](https://github.com/proxysql/orchestrator/issues) with the **Bug Report** template +- Include your orchestrator version, backend type (MySQL/SQLite), and sanitized configuration +- Provide topology information: `orchestrator-client -c topology -alias my-cluster` +- Include logs with `--debug --stack` flags for maximum verbosity + +### Suggesting Features + +- Use [GitHub Issues](https://github.com/proxysql/orchestrator/issues) with the **Feature Request** template +- Describe the use case and proposed solution +- Discuss your idea in an issue before starting a PR + +### Submitting Pull Requests + +1. Fork the repository +2. Create a feature branch from `master` +3. Make your changes +4. Submit a PR against `master` +5. Reference the related issue in the PR description + +## Coding Standards + +- Format code with `gofmt -s` (do **not** use `goimports`) +- Follow existing code conventions and patterns +- Add tests for new functionality +- Ensure all CI checks pass: + - Code formatting (`gofmt`) + - Build verification + - Unit tests + - Integration tests (MySQL and SQLite backends) + - Documentation validation + +## Developer Certificate of Origin (DCO) + +All contributions must be signed off under the [Developer Certificate of Origin](https://developercertificate.org/) (DCO). This is a lightweight mechanism to certify that you wrote or have the right to submit the code you are contributing. + +To sign off, add a `Signed-off-by` line to your commit messages: + +``` +Signed-off-by: Your Name +``` + +Git can do this automatically with the `-s` flag: + +```bash +git commit -s -m "Your commit message" +``` + +## Building and Testing + +```bash +# Build +./script/build + +# Run unit tests +go test ./go/... + +# Run a single package's tests +go test ./go/inst/... + +# Run a specific test +go test ./go/inst/... -run TestBinlogCoordinates +``` + +See [docs/build.md](docs/build.md) for detailed build and test instructions. + +## Code Review + +All submissions require review before merging. Maintainers may request changes or suggest improvements. Please be patient — we aim to review PRs promptly but availability varies. + +## License + +By contributing, you agree that your contributions will be licensed under the [Apache License 2.0](LICENSE). diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 00000000..804e3c5b --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1,21 @@ +# Maintainers + +Orchestrator is maintained by [ProxySQL LLC](https://proxysql.com). + +## Current Maintainers + +| Name | GitHub | Role | +|------|--------|------| +| René Cannaò | [@renecannao](https://github.com/renecannao) | Project Lead | + +## Maintainer Responsibilities + +- Review and merge pull requests +- Triage issues and feature requests +- Manage releases and versioning +- Set project direction and roadmap +- Ensure CI and code quality standards are maintained + +## Becoming a Maintainer + +Consistent, high-quality contributions over time may lead to an invitation to join the maintainer team. If you're interested, start by contributing and engaging with the project. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..5cb820b0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,30 @@ +# Security Policy + +## Reporting a Vulnerability + +If you discover a security vulnerability in orchestrator, please report it responsibly. **Do not open a public GitHub issue.** + +Email: **security@proxysql.com** + +Please include: +- Description of the vulnerability +- Steps to reproduce +- Potential impact +- Suggested fix (if any) + +## Response Timeline + +- **Acknowledgment:** within 48 hours +- **Initial assessment:** within 7 days +- **Fix or mitigation:** timeline communicated after assessment + +## Supported Versions + +| Version | Supported | +|---------|-----------| +| 4.x | Yes | +| 3.x | No | + +## Responsible Disclosure + +We credit reporters who follow responsible disclosure practices in our release notes, unless they prefer to remain anonymous.