Skip to content

Update CONTRIBUTING.md, SECURITY.md and remove SUPPORT.md. #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
terabytesoftw merged 2 commits into from
May 6, 2026
Merged

Update CONTRIBUTING.md, SECURITY.md and remove SUPPORT.md. #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e6a659e
Update `CONTRIBUTING.md`, `SECURITY.md` and remove `SUPPORT.md`.
terabytesoftw May 6, 2026
2a72e2a
Apply fixed Coderabbitai review.
terabytesoftw May 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 8 additions & 12 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@ By participating in this project, you agree to abide by the [Code of Conduct](CO

**Requirements:**

- PHP 8.1 or higher.
- PHP 8.3 or higher.
- [Composer](https://getcomposer.org/) 2.x.

**Setup:**

```bash
git clone https://github.com/php-forge/<package>.git
cd <package>
git clone https://github.com/php-forge/<repository>.git
cd <repository>
composer install
composer test
composer run
Comment thread
terabytesoftw marked this conversation as resolved.
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Specify a Composer script to run

composer run without a script is not a valid command in a package: I checked Composer 2.9.3 locally and it exits with Missing required argument "script", and the official run-script / run docs say to give it the script name. As written, both this setup command and the repeated Testing example tell contributors to run a command that fails instead of running the repository's quality checks.

Useful? React with 👍 / 👎.

```

## Coding Standards
Expand All @@ -31,12 +31,13 @@ All PHP code must follow these standards:

## Testing

- All tests use **PHPUnit 10+**.
- All tests use **PHPUnit 12+**.
- Target **100% code coverage** for new code.
- Run the test suite before submitting a pull request:
- Run the quality/test scripts defined in the target repository's `composer.json` before submitting a pull request
(for example, `test`, `static`, `ecs`, `rector`, or `check-dependencies`):

```bash
composer test
composer run
```

## Pull Request Process
Expand All @@ -48,11 +49,6 @@ composer test
5. Ensure all tests pass and coding standards are met.
6. Open a pull request against `main` with a clear description of the change.

## Bug Reports and Feature Requests

- **Bug reports**: Use the [Bug Report](https://github.com/php-forge/.github/issues/new?template=bug-report.yml) template.
- **Feature requests**: Use the [Feature Request](https://github.com/php-forge/.github/issues/new?template=feature-request.yml) template.

## Security Vulnerabilities

Do not open public issues for security vulnerabilities. See [SECURITY.md](SECURITY.md) for reporting instructions.
5 changes: 3 additions & 2 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@

Use the GitHub Security Advisories feature in the affected repository to report vulnerabilities privately:

1. Navigate to the affected repository (e.g., `https://github.com/php-forge/<package>`).
1. Navigate to the affected repository (for example, `https://github.com/yii2-extensions/repository`, replacing `repository`
with the affected repository).
Comment on lines +9 to +10
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Point security reporters at the PHP Forge org

This example URL now sends reporters to yii2-extensions/repository, but the policy scope below is PHP Forge and affected packages live under php-forge. For someone following these steps during a vulnerability report, replacing only repository still leaves them in the wrong organization, so they will not reach the affected repository's Security tab.

Useful? React with 👍 / 👎.

2. Go to the **Security** tab.
3. Click **Report a vulnerability**.
4. Provide a detailed description including steps to reproduce, impact, and any suggested fix.
Expand All @@ -25,4 +26,4 @@ Security fixes are applied to the latest release of each package. Older versions

## Scope

This policy applies to all repositories under the [php-forge](https://github.com/php-forge) organization.
This policy applies to all repositories under the [PHP Forge](https://github.com/php-forge) organization.
20 changes: 0 additions & 20 deletions SUPPORT.md
View file
Open in desktop

This file was deleted.

Loading