Contributing

Thanks for contributing! Here's how to get started:

  1. Open an issue to discuss the proposed change
  2. Fork the repo and create a branch from main
  3. Implement the change with tests
  4. Make sure bundle exec rake passes (linting + tests)
  5. Open a pull request targeting main

Setup

git clone git@github.com:fluence-eu/fluence-gateway-auth.git
cd fluence-gateway-auth
bin/setup

Requires Ruby 3.2+.

Development

Running tests and linting

bundle exec rake          # rubocop + tests (default)
bundle exec rspec         # tests only
bundle exec rubocop       # linting only
bundle exec rubocop -a    # auto-fix linting

Interactive console

bin/console

Commit Convention

This project follows Conventional Commits.

Format

<type>(<scope>): <description>

[body]

[footer(s)]

Types

Type Description
feat New feature
fix Bug fix
docs Documentation only changes
style Formatting changes (whitespace, commas, etc.) — no logic
refactor Code change that neither fixes a bug nor adds a feature
perf Performance improvement
test Adding or updating tests
build Changes to build system or dependencies
ci CI/CD configuration changes
chore Other changes that don't modify source or tests
revert Revert a previous commit

Scope

Optional — indicates the area of the project affected:

  • feat(middleware): add request logging
  • fix(authentication): handle missing headers
  • refactor(config): simplify ENV fallback

Description

  • Imperative mood ("add", not "adds" or "added")
  • No capital letter at the start
  • No period at the end
  • Maximum 72 characters

Body (optional)

  • Use bullet points with - for multiple items
  • Explain why, not what (the diff speaks for itself)

Breaking Changes

Non-backward-compatible changes must be flagged with:

  • A ! after the type/scope: feat(middleware)!: change signature format
  • And/or a BREAKING CHANGE: footer in the body

Examples

feat(middleware): add request logging

fix(authentication): handle missing body in GET requests

- request.body can be nil for GET/DELETE requests
- use safe navigation to avoid NoMethodError

feat(config)!: require explicit hmac_secret configuration

BREAKING CHANGE: hmac_secret no longer defaults to a dev value,
applications must set it explicitly or via ENV.

Branching Model

  • main — default branch. All feature branches are created from here, and all PRs target this branch.
  • Never push directly to main — always create a feature branch and open a PR.

Pull Request Convention

PR Title

  • Same format as commits: <type>(<scope>): <description>
  • Under 72 characters

PR Classification

Level Criteria Description requirements
Critical Breaking change, security fix Full description — summary, changes, impact, rollback plan, how to test
Major New feature, significant refactor Summary + changes + how to test
Minor Small bug fix, config tweak, dependency bump Summary + changes (1-2 lines each)
Trivial Documentation, formatting, comment update One-line summary is enough

PR Description by Level

Critical / Major

## Summary
<What and why in 2-3 sentences>

## Changes
- <change 1>
- <change 2>

## How to Test
1. <step 1>
2. <step 2>

For Critical PRs, also add:

## Impact
- <what parts of the system are affected>

## Rollback Plan
- <how to safely revert if something goes wrong>

Minor

## Summary
<One sentence>

## Changes
- <change 1>

Trivial

A one-line summary in the PR body is sufficient.

Rules

  • One topic per PR — don't mix unrelated changes
  • All tests must pass (bundle exec rake)
  • New code must include tests
  • Never commit secrets or credentials

Architecture

lib/fluence/gateway/auth/
  configuration.rb         # Gem configuration (user_model, hmac_secret)
  gateway_authentication.rb # Controller concern (current_user, authenticate_user!)
  middleware.rb            # Rack middleware (HMAC signature verification)
  railtie.rb               # Auto-registers middleware and controller concern
  version.rb
lib/generators/
  fluence_gateway_auth/
    install_generator.rb   # rails generate fluence_gateway_auth:install
  active_record/
    fluence_gateway_auth_generator.rb  # Migration generator (invoked by install)
    templates/
      migration.rb         # Users table migration template
  templates/
    initializer.rb         # Config initializer template
  • Middleware operates at Rack level — rejects invalid signatures before Rails
  • GatewayAuthentication concern resolves the user from headers at controller level
  • Railtie auto-registers both — no manual setup needed
  • Generator creates the initializer and optional migration

Tests

  • Framework: RSpec (spec/**/*_spec.rb)
  • HTTP stubs via WebMock (no real HTTP requests in tests)
  • All new code must be tested
  • YARD-style doc comments on all public methods

Code Conventions

  • frozen_string_literal: true on every Ruby file
  • Strings: single quotes (unless interpolation is needed)
  • RuboCop: no rule disabling without justification
  • Version in lib/fluence/gateway/auth/version.rb — do not modify unless for an explicit release
  • YARD-style doc comments on all public methods

CI

GitHub Actions:

  • main.yml — runs on every PR: RuboCop + RSpec across Ruby 3.2, 3.3, 3.4, 4.0
  • release.yml — version bump and changelog generation (workflow_dispatch)
  • github-release.yml — creates GitHub releases from tags
  • publish.yml — publishes the gem to GitHub Packages

AI-Assisted Contributions

When using AI tools (Claude, Copilot, etc.) to generate commits or PRs:

  • Classify first — determine if the change is critical, major, minor, or trivial
  • Focus on the "why" — the diff already shows the "what"
  • Skip boilerplate — don't add empty sections or placeholder text

The person opening the PR takes full responsibility for the code. Before submitting:

  • [ ] I have read and understood every line of code in this PR
  • [ ] I can explain why each change was made
  • [ ] I have tested the changes locally

Do not add AI co-author lines (Co-Authored-By), "Generated with" footers, or any AI attribution in commits or PR descriptions.