Skip to content

contributing.md

Latest commit

 

History

History
140 lines (90 loc) · 3.69 KB

contributing.md

File metadata and controls

140 lines (90 loc) · 3.69 KB

Contributing

This guide covers everything you need to contribute to PRFC Connect.

Prerequisites

Before contributing, make sure you have completed the Getting Started guide and can run the app locally.

Development Workflow

1. Start Fresh

Always start from an up-to-date develop branch.

git checkout develop
git pull origin develop
npm install

2. Create a Branch

Create a branch with a short, descriptive name.

git checkout -b add-export-button

Good branch names: add-export-button, fix-email-validation, update-readme

Bad branch names: john-branch, fix, test123

3. Make Changes

Write your code. Run the app locally to verify your changes work.

npm run dev

4. Check Your Work

Before committing, run the same checks that CI will run.

npm run lint        # Check code style
npm run build       # Verify production build
npm test            # Run tests

Fix any errors before continuing. Running npm run lint:fix will auto-fix most style issues.

5. Commit Your Changes

Stage and commit with a descriptive message following conventional commits.

git add .
git commit -m "feat: add PDF export button to referral table"

Commit types:

  • feat: new feature
  • fix: bug fix
  • docs: documentation only
  • refactor: code change that doesn't add feature or fix bug
  • test: adding or updating tests
  • chore: maintenance tasks

6. Push and Create PR

Push your branch and open a pull request.

git push -u origin add-export-button

Go to GitHub, open a PR against develop, and fill out the template. Link your PR to the related issue by adding Closes #123 in the description.

7. Code Review

Request a review from a tech lead. Address any feedback by pushing additional commits to your branch.

CI/CD Pipeline

Every push and pull request runs automated checks through GitHub Actions.

What runs:

  1. Install dependencies
  2. Run database migrations
  3. Lint code
  4. Type check
  5. Build the app
  6. Run tests

This runs on Node 22.x.

If CI fails:

Failure How to Fix
Lint failed Run npm run lint:fix locally
Type check failed Run npx tsc --noEmit locally
Build failed Run npm run build locally, fix errors
Tests failed Run npm test locally, check output

Always run checks locally before pushing to catch issues early.

Security Notes

GitHub Dependabot may flag vulnerabilities in dependencies. As of December 2025, known alerts are addressed:

Package CVE Status
next CVE-2025-55184, CVE-2025-55183 Patched in 15.5.7+ (we use 15.5.9)
glob CVE-2025-64756 CLI-only vulnerability; library API unaffected
js-yaml CVE-2025-64718 Patched in 3.14.2+, 4.1.1+ (both in use)

Run npm audit to check for new vulnerabilities. Dependabot and npm audit use different databases, so alerts may differ.

Code Review

Who reviews: Tech leads review all PRs.

Timeline: Expect feedback within 24 hours. If you haven't heard back, ping in Slack.

What reviewers look for:

  • Code works and solves the issue
  • No obvious bugs or security issues
  • Code is readable
  • Tests pass

Once approved, a tech lead will merge your PR.

Questions?

Stuck on something? Ask in Slack before spending hours debugging alone.