|
| 1 | +# Repository Guidelines |
| 2 | + |
| 3 | +## Dos and Don'ts |
| 4 | + |
| 5 | +- Do run Node.js version updates through `./update.sh` so Dockerfiles, musl checksums, and Yarn pins stay synchronized with the templates in `Dockerfile-*.template` and helpers in `functions.sh`. |
| 6 | +- Do refresh signing keys with `./update-keys.sh` whenever upstream release keys change; the script keeps `keys/node.keys` aligned with <https://github.com/nodejs/node#release-keys>. |
| 7 | +- Do consult `versions.json`, `architectures`, and `config` before adding or removing variants so metadata consumed by `stackbrew.js` and CI stays coherent. |
| 8 | +- Don't modify any per-variant `docker-entrypoint.sh`; keep each copy identical to the root entrypoint—automation expects identical logic across `*/docker-entrypoint.sh`. |
| 9 | +- Don't merge Alpine Dockerfiles with placeholder `CHECKSUM=""`; populate the musl checksum so `.github/workflows/missing-checksum.yml` passes. |
| 10 | +- Don't skip formatting and static analysis for shell changes; see Coding Style for the exact tooling and CI coverage. |
| 11 | + |
| 12 | +## Project Structure and Module Organization |
| 13 | + |
| 14 | +- The root folders named for each supported Node.js major release (for example `20/` or `22/`) group Docker image definitions by major Node.js release; each variant directory (for example `22/bookworm` or `24/alpine3.22`) contains a `Dockerfile` and a scoped copy of `docker-entrypoint.sh`. |
| 15 | +- Shared templates (`Dockerfile-alpine.template`, `Dockerfile-debian.template`, `Dockerfile-slim.template`) feed `update.sh` when generating or refreshing Dockerfiles. |
| 16 | +- Global metadata lives in `config`, `architectures`, and `versions.json`; helper logic in `functions.sh` reads these files to resolve defaults, supported variants, and tagging. |
| 17 | +- Release automation and maintenance tooling reside at the repository root: `update.sh`, `update-keys.sh`, `stackbrew.js`, `build-automation.mjs`, `genMatrix.js`, and `docker-entrypoint.sh`. |
| 18 | +- Continuous integration workflows are in `.github/workflows/`, notably `build-test.yml`, `automatic-updates.yml`, `official-pr.yml`, `shfmt.yml`, `doctoc.yml`, and `markdown-link-check.yml`. |
| 19 | +- Project-wide documentation and policies live in `README.md`, `docs/BestPractices.md`, `CONTRIBUTING.md`, `GOVERNANCE.md`, and `SECURITY.md`. |
| 20 | + |
| 21 | +## Build, Test, and Development Commands |
| 22 | + |
| 23 | +- Targeted image builds use the Docker CLI; for example `docker build -t node-local -f 22/bookworm/Dockerfile .` exercises the `22/bookworm` variant without touching other directories. |
| 24 | +- After building, validate the entrypoint and runtime with `docker run --rm node-local node --print "process.versions.node"` and compare the output to the `ENV NODE_VERSION` in the edited `Dockerfile`. |
| 25 | +- Use `./update.sh -h` to review options, then run commands such as `./update.sh 22` or `./update.sh 22 alpine3.22` to regenerate Dockerfiles and checksums; see `update.sh` for full behavior. |
| 26 | +- Regenerate the official manifest with `node stackbrew.js > ../official-images/library/node` before proposing downstream updates. |
| 27 | +- Direct the output to a sibling clone of `docker-library/official-images` (for example, `git clone https://github.com/docker-library/official-images ../official-images`). |
| 28 | +- The script consumes `versions.json` and the tracked Dockerfiles. |
| 29 | +- Documentation checks mirror CI; review `.github/workflows/` for the latest coverage. Common commands: |
| 30 | + |
| 31 | + ```sh |
| 32 | + doctoc --title='## Table of Contents' --github README.md |
| 33 | + doctoc --title='## Table of Contents' --github docs/BestPractices.md |
| 34 | + find . -name "*.md" | xargs -n 1 markdown-link-check -c markdown_link_check_config.json -q |
| 35 | + ``` |
| 36 | + |
| 37 | +## Coding Style and Naming Conventions |
| 38 | + |
| 39 | +- Follow `.editorconfig`: UTF-8 files, LF endings, 2-space indentation, trimmed trailing whitespace, and final newlines. |
| 40 | +- Shell scripts must format with `shfmt -sr -i 2 -ci` and stay `shellcheck` clean, matching `.github/workflows/shfmt.yml`; prefer POSIX `sh`-compatible syntax unless a script explicitly requires Bash. |
| 41 | +- Dockerfiles should inherit structure from the templates, keeping instruction order (user creation, `ENV` blocks, checksum verification, smoke tests) consistent across variants. |
| 42 | +- Markdown documents rely on Doctoc headers and the shared link-check configuration; keep generated TOCs aligned with `.github/workflows/doctoc.yml`. |
| 43 | + |
| 44 | +## Testing Guidelines |
| 45 | + |
| 46 | +- Lean on focused Docker builds for regression checks: rebuild only the touched `*/Dockerfile` directories and run the smoke commands from `.github/workflows/build-test.yml` (`node --version`, `npm --version`, `yarn --version`) inside the resulting image. |
| 47 | +- When modifying Alpine variants, verify the musl tarball checksum resolves to the populated `CHECKSUM` value before pushing changes. |
| 48 | +- Re-run documentation tooling as described above so local output matches CI expectations. |
| 49 | +- Update signing keys or automation scripts only after validating dependent commands (`./update.sh`, `./stackbrew.js`) complete without errors in your environment. |
| 50 | + |
| 51 | +## Commit and Pull Request Guidelines |
| 52 | + |
| 53 | +- Follow `CONTRIBUTING.md`: create dedicated branches, run `./update.sh` for version bumps, and include only the generated artifacts you intend to land. |
| 54 | +- Keep commit subjects short, capitalized, and imperative, mirroring recent history (`Add Node.js v25.0.0`, `chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0`). |
| 55 | +- Use the prompts in `.github/PULL_REQUEST_TEMPLATE.md` to document motivation, testing, and change type; check the appropriate boxes when evidence exists. |
| 56 | +- Reference related issues or downstream PRs when updating `stackbrew.js` or `versions.json`, and attach CI logs or command output that demonstrate the relevant builds/tests succeeded. |
| 57 | + |
| 58 | +## Safety and Permissions |
| 59 | + |
| 60 | +- **Allowed without approval**: read or diff files, edit only the variants you are touching, run targeted Docker builds/tests that do not alter shared configuration, and execute the formatters/tests defined in `.github/workflows/`. |
| 61 | +- **Ask before proceeding**: adding packages to base images, modifying `config`, `versions.json`, `architectures`, introducing new variants or templates, or changing automation scripts such as `update.sh` and `stackbrew.js`. |
| 62 | +- **Never do**: delete supported version directories, force-push to protected branches, publish to Docker Hub manually, or ship unsigned changes to signing key lists. |
| 63 | + |
| 64 | +## Security Notes |
| 65 | + |
| 66 | +- Follow `SECURITY.md`: report Node.js runtime issues through <https://nodejs.org/en/security/>, and route CVEs in base images to the corresponding upstream (Alpine or Debian) before attempting fixes here. |
0 commit comments