- file: CONTRIBUTING.md
- File Headers - Structure - Code Examples
This project adheres to a code of conduct that we expect all contributors to follow. Please be respectful and constructive in all interactions.
- Search existing issues to avoid duplicates
- Use issue templates when available
- Provide detailed information including:
- Clear description of the problem
- Steps to reproduce
- Expected vs actual behavior
- Environment details
- Logs or error messages
- Check existing feature requests to avoid duplicates
- Use the feature request template
- Provide context about:
- Use case and motivation
- Proposed solution
- Alternative approaches considered
- Impact on existing functionality
- Fork the repository and create your branch from
main - Check existing PRs to avoid duplicate work
- Discuss significant changes in an issue first
-
Create a feature branch:
git checkout -b feature/your-feature-name
-
Make your changes following the style guidelines
-
Test your changes:
# Validate workflow syntax ./scripts/validate-setup.sh # Test with a sample repository ./scripts/setup-repository.sh complete
-
Update documentation as needed
-
Follow conventional commit format:
feat: add new workflow for multi-language projects fix: resolve issue with container registry authentication docs: update setup instructions for Windows users
- Use the PR template
- Include tests for new functionality
- Update documentation for any user-facing changes
- Ensure CI passes before requesting review
- Link related issues using keywords (fixes #123)
- Always follow the security guidelines in
.github/security-guidelines.md - Use least privilege permissions
- Validate all inputs
- Pin action versions to specific commits or tags
- Make workflows reusable and configurable
- Provide comprehensive input validation
- Include proper error handling
- Document all inputs and outputs
- Use meaningful job and step names
name: Descriptive Workflow Name
on:
workflow_call:
inputs:
input-name:
description: 'Clear description of the input'
required: true
type: string
outputs:
output-name:
description: 'Clear description of the output'
value: ${{ jobs.job-name.outputs.output-name }}
jobs:
job-name:
name: Descriptive Job Name
runs-on: ubuntu-latest
outputs:
output-name: ${{ steps.step-id.outputs.output-name }}
steps:
- name: Descriptive Step Name
id: step-id
# Step implementationAll documentation files should include the file path comment:
<!-- file: path/to/file.md -->
<!-- version: 1.0.0 -->
<!-- guid: 123e4567-e89b-12d3-a456-426614174000 -->
<!-- last-edited: 2026-01-19 -->- Use clear, descriptive headings
- Include code examples where appropriate
- Provide both basic and advanced usage examples
- Include troubleshooting sections
- Link to related documentation
- Use realistic, working examples
- Include necessary context and setup
- Explain non-obvious parts
- Follow the same style guidelines as the codebase
- Syntax validation with GitHub CLI or yaml parsers
- Integration testing with sample repositories
- Security scanning of workflow files
- Manual testing across different scenarios
- Unit tests for individual functions
- Integration tests with real repositories
- Error condition testing
- Cross-platform compatibility (macOS, Linux, Windows)
- Use 2-space indentation
- Quote string values that might be ambiguous
- Use descriptive names for jobs, steps, and IDs
- Group related inputs and outputs
- Include comments for complex logic
- Follow shellcheck recommendations
- Use strict error handling (
set -euo pipefail) - Include help text and usage examples
- Use consistent function naming
- Validate inputs and provide meaningful error messages
- Follow markdown linting rules
- Use consistent heading structure
- Include proper code formatting
- Use tables for structured information
- Include relevant links and references
-
Run validation scripts:
./scripts/validate-setup.sh
-
Test with multiple project types:
# Test each template ./scripts/setup-repository.sh complete ./scripts/setup-repository.sh container ./scripts/setup-repository.sh library
-
Review security implications
-
Update relevant documentation
- Automated checks must pass (CI, linting, security scans)
- Manual review by maintainers
- Security review for workflow changes
- Documentation review for user-facing changes
- Testing verification with real-world scenarios
- Squash and merge for feature PRs
- Update CHANGELOG.md if needed
- Tag releases following semantic versioning
- Update documentation if needed
- Follow Semantic Versioning
- Use conventional commits for automatic versioning
- Create releases for significant changes
- Maintain backwards compatibility when possible
- Update CHANGELOG.md
- Create release PR
- Tag the release after merge
- Update documentation with new version references
- Announce significant releases
- Documentation:
.github/directory - Examples:
/templates/directory - Issues: GitHub Issues for bug reports and feature requests
- Discussions: GitHub Discussions for general questions
- Create an issue for bugs or feature requests
- Use discussions for general questions
- Tag maintainers (@jdfalk) for urgent security issues
Contributors are recognized in several ways:
- Listed in release notes for significant contributions
- Mentioned in repository contributors
- Invited to review related PRs
- Acknowledged in documentation updates
Thank you for contributing to GitHub Common Workflows!