We very much appreciate contributions from the community.
If you have an idea or a fix, please do raise a GitHub issue before investing in any coding effort. That way we can discuss first. Writing code is the easy part, maintaining it forever is the hard part.
That said, if you notice a simple typo, a PR without an issue is fine.
All documentation is written in AsciiDoc. @lread likes to follow AsciiDoc best practice of one sentence per line but won’t be entirely pedantic about that.
We host our docs on cljdoc.
When making changes to Pomegranate, understand that currently any public method is considered part of the public API.
We must be careful not to expose what we feel are implementation details.
We use Babashka tasks, to see all available tasks run:
bb tasks
Optionally:
$ bb clean
$ bb download-deps
Run Clojure tests. We have 2 suites:
-
:unit
- general unit tests -
:isolated
- tests that pollute classloaders and classpath, and are therefore run separately
To run all test suites under Clojure 1.4
(our minimum supported version):
$ bb test
To only run a single suite:
$ bb test --suite :unit
You can also include Cognitect test runner options:
$ bb test --suite :unit --var cemerick.pomegranate.aether-test/live-resolution
…and/or Clojure version:
$ bb test --clj-version 1.9
(specify :all
to test against all supported Clojure versions)
Our CI workflow lints sources with clj-kondo, and eastwood - and you can too!
$ bb lint-kondo
$ bb lint-eastwood
To run both: bb lint
We automatically scan for vulnerabilities in our dependencies on CI. If you want to run this work locally:
$ bb nvd-scan
You can check for outdated dependencies via:
$ bb outdated
Before upgrading org.apache.maven.*
deps, make sure there is a good reason to do so.
Otherwise, don’t bother bumping these deps.
Good reasons to bump org.apache.maven.*
deps might be:
-
to overcome a security vulnerability
-
there is some necessary new/corrected behaviour