11 KiB
Contributing to Pinniped
Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community.
Contributions to Pinniped are welcome. Here are some things to help you get started.
Code of Conduct
Please see the Code of Conduct.
Project Scope
See SCOPE.md for some guidelines about what we consider in and out of scope for Pinniped.
Roadmap
The near-term and mid-term roadmap for the work planned for the project maintainers is documented in ROADMAP.md.
Discussion
Got a question, comment, or idea? Please don't hesitate to reach out via GitHub Discussions, GitHub Issues, or in the Kubernetes Slack Workspace within the #pinniped channel. Join our Google Group to receive updates and meeting invitations.
Issues
Need an idea for a project to get started contributing? Take a look at the open issues. Also check to see if any open issues are labeled with "good first issue" or "help wanted".
Bugs
To file a bug report, please first open an issue. The project team will work with you on your bug report.
Once the bug has been validated, a pull request can be opened to fix the bug.
For specifics on what to include in your bug report, please follow the guidelines in the issue and pull request templates.
Features
To suggest a feature, please first open an
issue
and tag it with proposal, or create a new Discussion.
The project maintainers will work with you on your feature request.
Once the feature request has been validated, a pull request can be opened to implement the feature.
For specifics on what to include in your feature request, please follow the guidelines in the issue and pull request templates.
Reporting security vulnerabilities
Please follow the procedure described in SECURITY.md.
DCO Sign off
To ensure that contributors are only submitting work that they have rights to, we are requiring everyone to acknowledge this by signing their work.
Since this signature indicates your rights to the contribution and certifies the statements below, it must contain your real name and email address. Various forms of noreply email address must not be used.
Any copyright notices in this repository should specify the authors as "the Pinniped contributors".
To sign your work, just add a line like this at the end of your commit message:
Signed-off-by: John Smith <jsmith@vmware.com>
This can easily be done with the --signoff option to git commit.
By doing this you state that you can certify the following (from [https://developercertificate.org/]):
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
Learning about Pinniped
New to Pinniped?
- Start here to learn how to install and use Pinniped: Learn to use Pinniped for federated authentication to Kubernetes clusters
- Start here to learn how to navigate the source code: Code Walk-through
- Other more detailed documentation can be found at: Pinniped Docs
Building
The Dockerfile at the root of the repo can be used to build and package the server-side code. After making a change to the code, rebuild the docker image with the following command.
# From the root directory of the repo...
docker build .
The Pinniped CLI client can be built for local use with the following command.
# From the root directory of the repo...
go build -o pinniped ./cmd/pinniped
Testing
Running Lint
./hack/module.sh lint
Running Unit Tests
./hack/module.sh units
Running Integration Tests
-
Install dependencies:
dockerhtpasswd(installed by default on MacOS, usually found inapache2-utilspackage for linux)kappkindkubectlyttnmapopenssl(installed by default on MacOS)- Chrome
On macOS, these tools can be installed with Homebrew (assuming you have Chrome installed already):
brew install kind carvel-dev/carvel/ytt carvel-dev/carvel/kapp kubectl nmap && brew cask install docker -
Create a kind cluster, compile, create container images, and install Pinniped and supporting test dependencies using:
./hack/prepare-for-integration-tests.sh -
Run the Pinniped integration tests:
ulimit -n 512 && source /tmp/integration-test-env && go test -v -count 1 -timeout 0 ./test/integrationTo run specific integration tests, add the
-runflag to the above command to specify a regexp for the test names. Use a leading/on the regexp because the Pinniped integration tests are automatically nested under several parent tests (see integration/main_test.go). For example, to run an integration test calledTestE2E, add-run /TestE2Eto the command shown above. -
After making production code changes, recompile, redeploy, and run tests again by repeating the same commands described above. If there are only test code changes, then simply run the tests again.
To destroy the local Kubernetes cluster, run ./hack/kind-down.sh.
Using GoLand to Run an Integration Test
It can sometimes be convenient to use GoLand to run an integration test. For example, this allows using the GoLand debugger to debug the test itself (not the server, since that it running in-cluster).
Note that the output of hack/prepare-for-integration-tests.sh says:
# Using GoLand? Paste the result of this command into GoLand's run configuration "Environment".
# hack/integration-test-env-goland.sh | pbcopy
After using hack/prepare-for-integration-tests.sh, run hack/integration-test-env-goland.sh | pbcopy as instructed. Then:
- Select and run an integration test within GoLand. It will fail complaining about missing env vars.
- Pull down the menu that shows the name of the test which you just ran in the previous step, and choose "Edit Configurations...".
- In the "Environment" text box for the run configuration of the integration test that you just ran,
paste the results of
hack/integration-test-env-goland.sh | pbcopy. - Apply, and then run the integration test again. This time the test will use the environment variables provided.
Note that if you run hack/prepare-for-integration-tests.sh again, then you may need to repeat these steps.
Each run of hack/prepare-for-integration-tests.sh can result in different values for some of the env vars.
Observing Tests on the Continuous Integration Environment
CI will not be triggered on a pull request until the pull request is reviewed and approved for CI by a project maintainer. Once CI is triggered, the progress and results will appear on the Github page for that pull request as checks. Links will appear to view the details of each check.
Starting in mid-2025, Pinniped's CI system is no longer externally visible due to corporate policies. Please contact the maintainers for help with your PR if you encounter any CI failures. They will be happy to share CI logs with you directly for your PR.
CI
Pinniped's CI configuration and code is in the ci
branch of this repo.
Documentation
Any pull request which adds a new feature or changes the behavior of any feature which was previously documented should include updates to the documentation. All documentation lives in this repository. This project aspires to follow the Kubernetes documentation style guide.
Pre-commit Hooks
This project uses pre-commit to agree on some conventions about whitespace/file encoding.
$ brew install pre-commit
[...]
$ pre-commit install
pre-commit installed at .git/hooks/pre-commit
Becoming a Pinniped Maintainer
Regular contributors who are active in the Pinniped community and who have contributed at least several significant pull requests may be considered for promotion to become a maintainer upon request. Please contact an existing maintainer if you would like to be considered.