Thank you for your interest in contributing to the Auth Operator! This document provides guidelines and contribution requirements.
This project adheres to the Contributor Covenant Code of Conduct. By participating, you are expected to uphold this code.
- Go: Use standard Go formatting (gofmt/goimports) and follow Go idioms
- Use standard library constants (e.g.,
http.MethodGetinstead of string literals) - See .golangci.yml for Go linting rules
All new features and significant changes must include automated tests:
- Add
*_test.gofiles colocated with source code - Cover success cases, error cases, and edge cases
- Aim for >70% code coverage for new code
- Run
make testbefore opening PRs
If testing is impractical, document why in the PR description.
Documentation must be updated for every user-facing change:
- API changes: Update docs in
docs/api-reference/ - CRD changes: Run
make docsto regenerate API reference - Configuration: Update relevant documentation
- Helm charts: Update chart README and inline values comments
- Maintain or improve test coverage (monitored via CI)
- Run linters locally:
make lint - Fix all linter errors before submitting
- Never commit secrets, credentials, or PII
- Report security issues privately per SECURITY.md
- Consider security implications in PR descriptions
- Check existing issues to avoid duplicates
- For features, describe the use case, alternatives, and security impact
- Link your PR to the issue when ready
# Create a feature branch
git checkout -b feature/your-feature-name
# Make changes following the architecture in README.md
# For CRD changes, regenerate code:
make generate manifests# Run tests and linting
make test
make lint
# Run E2E tests (requires kind cluster)
make test-e2e- Update relevant docs in
docs/ - Run
make docsif CRD changes were made - Update Helm chart docs if applicable
- Provide a clear description and link related issues
- Note test coverage and any limitations
- Describe security implications if relevant
All changes require pull request review before merge:
- ✅ At least one approving review
- ✅ All CI checks passing (tests, linting, security scans)
- ✅ Up-to-date with base branch
- ✅ No direct pushes to main branch
- ✅ Stale approvals dismissed on new commits
Any exceptions must be documented in the PR with justification.
- Go 1.25 or later
- Docker (for building images)
- kubectl (for interacting with Kubernetes clusters)
- kind (for local development with Kubernetes)
- Helm 3.17+ (for Helm chart development)
- make (for build automation)
# Download Go dependencies
go mod download
# Install development tools
make controller-gen
make golangci-lint# Run tests
make test
# Build the binary
make build
# Run the controller locally (requires kubeconfig)
make run-ctrl
# Run the webhook locally
make run-wh# Build and deploy to kind cluster
make deploy OVERLAY=dev
# Run e2e tests
make test-e2eFollow conventional commit format:
type(scope): short description
Longer description if needed.
Fixes #123
Types: feat, fix, docs, style, refactor, test, chore, ci
This project provides AI coding guidance via .github/copilot-instructions.md. These instructions are loaded automatically by GitHub Copilot and compatible AI assistants.
Key project conventions (see .github/copilot-instructions.md and the documentation above) include:
- Import alias patterns (e.g.,
authorizationv1alpha1for API types) - Error wrapping with
fmt.Errorf("context: %w", err) - Testing patterns: envtest, Ginkgo/Gomega, table-driven tests
- REUSE compliance: ensure SPDX headers or REUSE.toml annotations cover new files
- Helm chart conventions: CRD sync with
make helm, chart linting
When using AI tools, ensure generated code follows these conventions. Review the instructions file before your first contribution.
Open an issue or discussion with context. See SECURITY.md for reporting security vulnerabilities.
Thank you for contributing! 🎉