add code of conduct, contributing and security guidelines (#61)

harshavardhana · web-flow · commit 86ee1eea6d5c · 2020-04-09T12:04:15.000-07:00
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,59 @@
+# MinIO Console Server Contribution Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
+
+This is a REST portal server created using [go-swagger](https://github.com/go-swagger/go-swagger)
+
+The API handlers are created using a YAML definition located in `swagger.YAML`.
+
+To add new api, the YAML file needs to be updated with all the desired apis using the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths, parameters, definitions, tags, etc.
+
+## Generate server from YAML
+Once the YAML file is ready we can autogenerate the code needed for the new api by just running:
+
+Validate it:
+```
+swagger validate ./swagger.yml
+```
+Update server code:
+```
+make swagger-gen
+```
+
+This will update all the necessary code.
+
+`./restapi/configure_mcs.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+
+## Unit Tests
+`./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
+
+To run tests:
+```
+go test ./restapi
+```
+
+## Commit changes
+After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to write useful commit messages
+
+```
+$ git commit -am 'Add some feature'
+```
+
+### Push to the branch
+Push your locally committed changes to the remote origin (your fork)
+```
+$ git push origin my-new-feature
+```
+
+### Create a Pull Request
+Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
+
+## FAQs
+### How does ``mcs`` manages dependencies?
+``MinIO`` uses `go mod` to manage its dependencies.
+- Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.
+
+To remove a dependency
+- Edit your code and remove the import reference.
+- Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.
+
+### What are the coding guidelines for mcs?
+``mcs`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
diff --git a/README.md b/README.md
@@ -62,6 +62,5 @@ export MCS_MINIO_SERVER=http://localhost:9000
 
 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`
 
-# Development
-
-For development on this project please refer to our [DEVELOPMENT.md](DEVELOPMENT.md)
+# Contribute to mcs Project
+Please follow mcs [Contributor's Guide](https://github.com/minio/mcs/blob/master/CONTRIBUTING.md)
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,41 @@
+# Security Policy
+
+## Supported Versions
+
+We always provide security updates for the [latest release](https://github.com/minio/mcs/releases/latest).
+Whenever there is a security update you just need to upgrade to the latest version.
+
+## Reporting a Vulnerability
+
+All security bugs in [minio/mcs](https://github,com/minio/mcs) (or other minio/* repositories)
+should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
+and you'll receive a more detailed response to your email within 72 hours indicating the next steps
+in handling your report.
+
+Please, provide a detailed explanation of the issue. In particular, outline the type of the security
+issue (DoS, authentication bypass, information disclose, ...) and the assumptions you're making (e.g. do
+you need access credentials for a successful exploit).
+
+If you have not received a reply to your email within 48 hours or you have not heard from the security team
+for the past five days please contact the security team directly:
+   - Primary security coordinator: lenin@min.io
+   - Secondary coordinator: daniel@min.io, cesar@min.io
+   - If you receive no response: dev@min.io
+
+### Disclosure Process
+
+MinIO uses the following disclosure process:
+
+1. Once the security report is received one member of the security team tries to verify and reproduce
+   the issue and determines the impact it has.
+2. A member of the security team will respond and either confirm or reject the security report.
+   If the report is rejected the response explains why.
+3. Code is audited to find any potential similar problems.
+4. Fixes are prepared for the latest release.
+5. On the date that the fixes are applied a security advisory will be published on https://blog.min.io.
+   Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing
+   the security issue. By default MinIO will **not** publish this information to protect your privacy.
+
+This process can take some time, especially when coordination is required with maintainers of other projects.
+Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we
+follow the process described above to ensure that disclosures are handled consistently.
diff --git a/code_of_conduct.md b/code_of_conduct.md
@@ -0,0 +1,80 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior, in compliance with the
+licensing terms applying to the Project developments.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful. However, these actions shall respect the
+licensing terms of the Project Developments that will always supersede such
+Code of Conduct.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at dev@min.io. The project team
+will review and investigate all complaints, and will respond in a way that it deems
+appropriate to the circumstances. The project team is obligated to maintain
+confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+This version includes a clarification to ensure that the code of conduct is in
+compliance with the free software licensing terms of the project.
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
