Thank you for your interest in contributing to Version Guard! This document provides guidelines and instructions for contributing.
By participating in this project, you agree to maintain a respectful and inclusive environment for all contributors.
- Check if the bug has already been reported in GitHub Issues
- If not, create a new issue with:
- Clear, descriptive title
- Steps to reproduce
- Expected vs actual behavior
- Version Guard version, Go version, OS
- Relevant logs or error messages
- Check GitHub Discussions for existing feature requests
- Create a new discussion with:
- Clear description of the feature
- Use case and benefits
- Potential implementation approach (if applicable)
-
Fork the repository and create a feature branch:
git checkout -b feature/my-new-feature
-
Make your changes:
- Write clear, concise code
- Follow existing code style and patterns
- Add tests for new functionality
- Update documentation as needed
-
Test your changes:
make test # Run all tests make lint # Check code quality make build-all # Verify build
-
Commit your changes:
- Use clear, descriptive commit messages
- Reference relevant issues (e.g., "Fix #123: Description")
-
Push and create a pull request:
git push origin feature/my-new-feature
Then create a PR on GitHub with:
- Description of changes
- Related issues
- Testing performed
- Go 1.24+
- Docker (for local Temporal)
- Make
- AWS CLI (for S3 snapshot testing)
# Clone the repository
git clone https://github.com/block/Version-Guard.git
cd Version-Guard
# Install development tools
make setup
# Build binaries
make build-all
# Run tests
make test
# Start local Temporal server (in separate terminal)
make temporal
# Run the server with auto-reload
make dev- Go: Follow Effective Go and run
gofmt - Linting: Code must pass
golangci-lint(runmake lint) - Imports: Use
goimportsfor import formatting (runmake fmt-imports) - Tests: Write unit tests for new functionality (aim for >80% coverage)
- Place test files next to the code they test (
foo.go→foo_test.go) - Use table-driven tests where appropriate
- Mock external dependencies
Example:
func TestDetector_Detect(t *testing.T) {
tests := []struct {
name string
input *types.Resource
want *types.Finding
wantErr bool
}{
{
name: "detects red status",
// ...
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// ...
})
}
}- Tag integration tests with
// +build integration - Require actual external dependencies (Wiz, AWS, etc.)
- Document setup requirements
To add support for a new resource type:
-
Define the resource type in
pkg/types/resource.go:const ResourceTypeYourResource ResourceType = "your-resource"
-
Create an inventory source in
pkg/inventory/:// pkg/inventory/wiz/your_resource.go type YourResourceInventorySource struct { /* ... */ }
-
Create an EOL provider (or use existing):
// pkg/eol/aws/your_resource.go or use endoflife.date -
Create a detector in
pkg/detector/your_resource/:// pkg/detector/your_resource/detector.go type Detector struct { /* ... */ }
-
Add tests for all components
-
Update documentation (README.md, ARCHITECTURE.md)
Version-Guard/
├── cmd/
│ ├── server/ # Main server binary
│ └── cli/ # CLI tool
├── pkg/
│ ├── types/ # Core data structures
│ ├── policy/ # Classification policies
│ ├── inventory/ # Inventory sources (Wiz, mock)
│ ├── eol/ # EOL data providers
│ ├── detector/ # Resource detectors
│ ├── store/ # Finding storage
│ ├── snapshot/ # S3 snapshot management
│ ├── workflow/ # Temporal workflows
│ ├── service/ # gRPC service
│ └── emitters/ # Emitter interfaces + examples
├── protos/ # Protocol Buffers
├── docs/ # Documentation
└── .github/ # GitHub workflows
Releases are managed by maintainers:
- Update version in relevant files
- Update CHANGELOG.md
- Create a git tag:
git tag -a v1.0.0 -m "Release v1.0.0" - Push tag:
git push origin v1.0.0 - GitHub Actions will build and publish release artifacts
- General questions: Use GitHub Discussions
- Bug reports: Use GitHub Issues
- Security issues: Email security@block.xyz
Thank you for contributing to Version Guard!