Thank you for getting involved! Before you start, please familiarize yourself with the [documentation](
Please follow our [Code of Conduct]( when interacting with this project.
If you want to support our development:
* Add a GitHub Star to the project
* Share our projects on social media
* Join the [Confidential Computing Discord](
Constellation is licensed under the [TODO](LICENSE). When contributing, you also need to agree to our [Contributor License Agreement](
## Development guidelines
Adhere to the style and best practices described in [Effective Go]( Read [Common Review Comments]( for further information.
## Pull request process
Submissions should remain focused in scope and avoid containing unrelated commits.
For pull requests, we employ the following workflow:
1. Fork the repository to your own GitHub account
2. Create a branch locally with a descriptive name
3. Commit changes to the branch
4. Write your code according to our development guidelines
5. Push changes to your fork
6. Clean up your commit history
7. Open a PR in our repository and summarize the changes in the description
## Reporting issues and bugs, asking questions
This project uses the GitHub issue tracker. Please check the existing issues before submitting to avoid duplicates.
To report a security issue, contact
Your bug report should cover the following points:
* A quick summary and/or background of the issue
* Steps to reproduce (be specific, e.g., provide sample code)
* What you expected would happen
* What actually happens
* Further notes:
* Thoughts on possible causes
* Tested workarounds or fixes
## Major changes and feature requests
You should discuss larger changes and feature requests with the maintainers. Please open an issue describing your plans.
[Run CI e2e tests](/.github/docs/
## Repository Layout
Core components:
* [access_manager](access_manager): Contains the access-manager pod used to persist SSH users based on a K8s ConfigMap
* [cli](cli): The CLI is used to manage a Constellation cluster
* [bootstrapper](bootstrapper): The bootstrapper is a node agent whose most important task is to bootstrap a node
* [image](image): Build files for the Constellation disk image
* [kms](kms): Constellation's key management client and server
* [mount](mount): Package used by CSI plugins to create and mount encrypted block devices
* [state](state): Contains the disk-mapper that maps the encrypted node data disk during boot
* [constellation-fedora-coreos-config]( CoreOS build configuration with changes for Constellation
* [edg-azuredisk-csi-driver]( Azure CSI driver with encryption on node
* [edg-gcp-compute-persistent-disk-csi-driver]( GCP CSI driver with encryption on node
> :warning: These images are not safe to use in production environments. :warning:
As described in [debugd](/debugd/, it is possible to use a CoreOS image targeted at dev environments. This image allows to upload any [bootstrapper](/bootstrapper/ using [cdbg](/debugd/cdbg).
To enable the upload, an additional **unsecured** port (4000) is opened which accepts any binary to be run on target machine. **Make sure that this machine is not exposed to the internet.**
Using the CLI requires the user to make authorized API calls to the CSP API. See the [docs]( for configuration.
## Deploying a locally compiled bootstrapper binary
By default, `constellation create ...` will spawn cloud provider instances with a pre-baked bootstrapper binary.
For testing, you can use the constellation debug daemon (debugd) to upload your local bootstrapper binary to running instances and to obtain SSH access.
[Follow this introduction on how to install and setup `cdbg`](debugd/
It is also recommended to use golangci-lint (and [gofumpt]( as formatter) in your IDE, by adding the recommended VS Code Settings or by [configuring it yourself](
You can find an introduction in the [Go workspace tutorial](
If you have changed dependencies within a module and have run `go mod tidy`, you can use `go work sync` to sync versions of the same dependency of the different modules.