Governance#
Project Leadership#
Pipelock is maintained by Joshua Waldrep (@luckyPipewrench).
Decision-Making#
This is a single-maintainer project. Joshua Waldrep makes final decisions on:
- Feature direction and roadmap priorities
- Release timing and versioning
- Dependency additions
- Security policy and vulnerability response
- Contribution acceptance
Contributions#
All contributions are welcome via pull request. See CONTRIBUTING.md for the development workflow, coding standards, and testing requirements.
Pull requests require:
- Passing CI (test, lint, build, CodeQL, govulncheck)
- At least one approving review
- All review threads resolved
Releases#
Releases follow Semantic Versioning. Tags pushed to main trigger automated builds via GoReleaser, producing signed binaries, container images, and Homebrew formulae.
Security#
Vulnerabilities are reported through GitHub Security Advisories and handled per the timeline in SECURITY.md.
Continuity#
Repository admin access is shared with at least one additional maintainer to ensure the project can continue accepting contributions, triaging issues, and cutting releases if the primary maintainer is unavailable.
Contact#
- Security issues: GitHub Security Advisories
- Bugs and features: GitHub Issues
- General questions: GitHub Discussions
