Skip to content

Latest commit

 

History

History
87 lines (50 loc) · 5.24 KB

CONTRIBUTING.md

File metadata and controls

87 lines (50 loc) · 5.24 KB

Contributing to aragonOS

🎉 Thank you for being interested in contributing to aragonOS! 🎉

Feel welcome and read the following sections in order to know how to ask questions and how to work on something.

There are many ways to contribute, from writing tutorials or blog posts, improving the documentation, submitting bug reports and feature requests or writing code which can be incorporated into the project.

All members of our community are expected to follow our Code of Conduct. Please make sure you are welcoming and friendly in all of our spaces.

Project status

aragonOS has been deployed to Ethereum mainnet and other live networks.

Outside of clear security issues or specific feature enhancements, we are usually not working to actively change the existing contracts.

This is made even more difficult due to the difficult and sensitive process involved in launching changes in on-chain environments.

Branching strategy

You should treat master as the main, audited branch.

We use next as the default branch to help expose upcoming changes for new versions that have not yet undergone security review.

Your first contribution

Unsure where to begin contributing to aragonOS?

You can start with a Good First Issue

Good first issues are usually for small features, additional tests, spelling / grammar fixes, formatting changes, or other clean up.

Start small, pick a subject you care about, are familiar with, or want to learn.

If you're not already familiar with git or Github, here are a couple of friendly tutorials: First Contributions, Open Source Guide, and How to Contribute to an Open Source Project on GitHub.

How to file an issue or report a bug

If you see a problem, you can report it in our issue tracker.

Please take a quick look to see if the issue doesn't already exist before filing yours.

Do your best to include as many details as needed in order for someone else to fix the problem and resolve the issue.

If you find a security vulnerability, do NOT open an issue. Email security@aragon.org instead.

In order to determine whether you are dealing with a security issue, ask yourself these two questions:

  • Can I access or steal something that's not mine, or access something I shouldn't have access to?
  • Can I disable something for other people?

If the answer to either of those two questions are "yes", then you're probably dealing with a security issue. Note that even if you answer "no" to both questions, you may still be dealing with a security issue, so if you're unsure, please send a email.

A bug bounty program is available for rewarding contributors who find security vulnerabilities with payouts up to $50,000.

Fixing issues

  1. Find an issue that you are interested in.
  1. Fork and clone a local copy of the repository.
  2. Make the appropriate changes for the issue you are trying to address or the feature that you want to add.
    • Make sure to add tests!
  3. Push the changes to the remote repository.
  4. Submit a pull request in Github, explaining any changes and further questions you may have.
  5. Wait for the pull request to be reviewed.
  6. Make changes to the pull request if the maintainer recommends them.
  7. Celebrate your success after your pull request is merged!

It's OK if your pull request is not perfect (no pull request is). The reviewer will be able to help you fix any problems and improve it!

You can also edit a page directly through your browser by clicking the "EDIT" link in the top-right corner of any page and then clicking the pencil icon in the github copy of the page.

Styleguide and development processes

We generally follow Solidity's style guide and have set up Ethlint to automatically lint the project.

Due to the sensitive nature of Solidity, usually at least two reviewers are required before merging any pull request with code changes.

Licensing

aragonOS is generally meant to be used as a library by developers but includes core components that are not generally useful to extend. Any interfaces or contracts meant to be used by other developers are licensed as MIT and have their Solidity pragmas left unpinned. All other contracts are licensed as GPL-3 and are pinned to a specific Solidity version.

Community

If you need help, please reach out to Aragon core contributors and community members in the aragonOS Spectrum channel. We'd love to hear from you and know what you're working on!