We want to make contributing to this project as easy and transparent as possible.
- Create an account on GitHub. Only contributions
against
duranta-project/openairinterface5g/are accepted. - Fork the repository, and open pull requests for your contributions from your fork.
- The contributing policies are described in the corresponding documentation page.
- Sign the CLA either before doing making your first pull request or after submitting the pull request.
- Mandatory signing of all the commits using the email address used for CLA.
Every pull request must pass two CI checks before it can be merged:
-
Developer Certificate of Origin (DCO): Each commit must include a
Signed-off-by:trailer in the commit message. Usegit commit -s(or--signoff). -
Verified commits: Each commit must be cryptographically signed using SSH or GPG keys to confirm its origin.
GitHub supports commit signing using either SSH keys or GPG keys. For more information, see the GitHub documentation.
Before configuring commit signing:
- Generate an SSH key pair or GPG key pair.
- Add your public key to your GitHub account.
- Verify your GitHub email address (required for “Verified” commits to work).
- If using SSH signing, ensure the key is registered in GitHub for:
- Authentication (SSH and GPG keys)
- Signing commits (Signing Keys)
NOTE: Adding an SSH key for repo access does not automatically enable commit signing. The key must also be added under GitHub's Signing Keys settings.
To ensure commits show as Verified on GitHub:
- Your
git config user.emailmust match a GitHub email - That email must be verified in your GitHub account
For more information, see the GitHub Docs
Configure your repository's .git/config:
# Edit the git configuration
[user]
name = YOUR NAME
email = YOUR VERIFIED EMAIL ADDRESS
# REQUIRED for commit signing
# Use ONE signing method (SSH or GPG)
signingkey = YOUR_SIGNING_KEY
# Examples:
# SSH signing:
# signingkey = ~/.ssh/id_ed25519.pub
# GPG signing:
# signingkey = YOUR_GPG_KEY_ID
[gpg]
# REQUIRED: defines signing method (SSH or GPG)
format = YOUR_SIGNING_FORMAT
# Examples:
# SSH signing:
# format = ssh
# GPG signing:
# format = openpgp
[commit]
gpgsign = trueThe private key is used automatically by SSH/Git when signing commits (SSH only).
You can verify that commits are properly signed locally using:
git log --show-signatureGitHub should also display a Verified badge next to signed commits once the signing key has been correctly configured in your account.
For SSH commit signing, local Git verification may require an allowed_signers
file. This is only used for local verification in Git and is not required
by GitHub.
If you see errors such as:
No principal matched
Can't check signature
error: gpg.ssh.allowedSignersFile needs to be configured
you may need to configure it.
Create the file and add your signing identity:
mkdir -p ~/.config/git
touch ~/.config/git/allowed_signers
echo "user@example.com ssh-ed25519 AAAACexamplekeystringhere" > ~/.config/git/allowed_signersEnable it in local repository Git config:
git config gpg.ssh.allowedSignersFile ~/.config/git/allowed_signersNOTE: This is only for local Git signature verification and does not affect GitHub, or remote repository behavior.
NOTE: If your commits are not signed, the CI framework will not accept the PR. For more information regarding contribution guidelines please check this document
By contributing to Duranta, you agree that your contributions will be licensed under
- CSSL v1.0 license: for RAN and UE related source code and test scripts
- CC-BY-4.0: All the documentation
- MIT: Orchestration (helm-charts, docker compose)
Certain files are using different licenses; you can read about them in NOTICE.