Introduction
Welcome to the STEAM-Labz GitHub project setup guide! This document provides comprehensive instructions for setting up version control, managing contributor access, and maintaining the development lifecycle for STEAM-Labz projects. Following these guidelines will help ensure consistency across our repositories and make collaboration smoother for everyone involved.
STEAM-Labz is a community-driven initiative focused on open-source development, knowledge sharing, and innovation in Science, Technology, Engineering, Arts, and Mathematics. Our GitHub repositories serve as the central hub for collaboration and development of the STEAM-Labz platform and its related projects.
Note: This guide assumes basic familiarity with Git and GitHub. If you're new to these tools, consider reviewing GitHub's Getting Started documentation first.
1. Repository Structure and Organization
Main Repositories
| Repository | Description | Primary Technologies |
|---|---|---|
| steam-labz-website | Main website and platform | HTML, CSS, JavaScript, Node.js |
| project-labz-api | Backend API services | Node.js, Express, MongoDB |
| stream-labz-client | Video streaming frontend | React, Cloudflare Stream |
| steam-labz-docs | Documentation website | Docusaurus, Markdown |
| steam-labz-projects | Featured projects and templates | Various |
Standard Directory Structure
Each repository should maintain a consistent directory structure to help contributors navigate and understand the codebase:
project-root/
├── .github/ # GitHub specific files
│ ├── ISSUE_TEMPLATE/ # Issue templates
│ ├── workflows/ # GitHub Actions workflows
│ └── PULL_REQUEST_TEMPLATE.md
├── docs/ # Documentation files
│ ├── api/ # API documentation
│ ├── contributing/ # Contribution guidelines
│ └── development/ # Development guides
├── src/ # Source code
│ ├── assets/ # Static assets
│ ├── components/ # Reusable components
│ ├── pages/ # Main pages
│ ├── services/ # Service layers
│ └── utils/ # Utility functions
├── tests/ # Test files
│ ├── unit/ # Unit tests
│ ├── integration/ # Integration tests
│ └── e2e/ # End-to-end tests
├── .editorconfig # Editor configuration
├── .gitignore # Git ignore file
├── package.json # Package dependencies
├── README.md # Project overview
└── LICENSE # License informationNaming Conventions
| Element | Convention | Example |
|---|---|---|
| Repositories | kebab-case, prefixed with platform | steam-labz-website, project-labz-api |
| Files | kebab-case for general files, PascalCase for components | user-service.js, ProjectCard.jsx |
| Folders | kebab-case, descriptive names | user-authentication, project-templates |
| Branches | prefix/description-of-change | feature/add-login-page, fix/navbar-responsive |
2. Branching Strategy Guidelines
STEAM-Labz follows a simplified GitFlow branching strategy to maintain clean, organized repositories. This approach helps us manage releases and collaborate effectively across multiple contributors.
Main Branches
main
The stable, production-ready branch. All code here should be tested and ready for deployment. Direct commits to main are not allowed.
develop
The main development branch. Feature branches are merged here after review. This branch should be in a relatively stable state.
Supporting Branches
| Branch Type | Naming Convention | Purpose | Branch From | Merge To |
|---|---|---|---|---|
| Feature | feature/description | New features and enhancements | develop | develop |
| Bugfix | fix/description | Bug fixes for development | develop | develop |
| Hotfix | hotfix/description | Urgent fixes for production | main | main and develop |
| Release | release/vX.Y.Z | Preparing for release | develop | main and develop |
| Documentation | docs/description | Documentation updates | develop or main | develop or main |
Workflow Visualization
Branch Lifecycle Guidelines
- Create branches from the appropriate source - Feature branches from develop, hotfixes from main.
- Keep branches focused - Each branch should address a single feature, bugfix, or specific change.
- Update regularly - Pull changes from the source branch regularly to minimize merge conflicts.
- Delete branches after merging - To keep the repository clean and manageable.
- Never push directly to main or develop - Always use pull requests for changes to these branches.
Tip: Rebase your feature branch on develop before creating a pull request to ensure a clean commit history.
3. Pull Request and Code Review Workflow
Pull requests (PRs) are the primary way we review and integrate code changes into our projects. They provide a platform for discussion, feedback, and improvement before code is merged.
Creating a Pull Request
Prepare your branch
Ensure your branch is up-to-date with the latest changes from the target branch (usually develop).
git checkout develop
git pull
git checkout your-branch
git rebase developPush your branch
Push your branch to the remote repository.
git push origin your-branchCreate the PR
Go to the GitHub repository and create a new PR by comparing your branch with the target branch.
- Use the PR template to provide all necessary information
- Add a clear, descriptive title that summarizes the change
- Link any related issues using keywords like "Closes #123" or "Relates to #456"
- Add appropriate labels (e.g., "bug", "enhancement", "documentation")
- Request reviewers who are familiar with the codebase
PR Template
# Description
Please include a summary of the change and which issue is fixed. Include relevant
motivation and context. List any dependencies that are required for this change.
Fixes # (issue)
## Type of change
Please delete options that are not relevant.
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] This change requires a documentation update
## How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions
so we can reproduce. Please also list any relevant details for your test configuration.
## Checklist:
- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream modules
Code Review Process
For Reviewers
- Review code within 2 business days
- Check code quality, style, and functionality
- Verify tests are included and pass
- Ensure documentation is updated
- Be constructive and specific in feedback
- Use GitHub suggestions for small changes
- Approve only when all issues are addressed
For PR Authors
- Respond to all review comments
- Make requested changes promptly
- Explain any disagreements respectfully
- Resolve conversations when addressed
- Request re-review after making changes
- Notify reviewers if PR is no longer needed
- Don't take feedback personally
Merging Guidelines
- All CI checks must pass - Including tests, linting, and build processes.
- Minimum of one approval is required - Two or more for changes to critical components.
- All review comments must be resolved - Ensure all feedback has been addressed.
- Keep the commit history clean - Consider squashing commits if there are many small changes.
- Update the PR description with final changes - If scope changed during review.
Note: We use the "Squash and merge" option for most PRs to maintain a clean, linear history in our main branches.
4. Issue Templates and Project Boards Setup
Well-structured issues and project boards help us track work, prioritize tasks, and maintain visibility across the project. STEAM-Labz uses GitHub Issues and Projects for managing all work items.
Issue Templates
We provide the following issue templates to ensure consistency and completeness:
Bug Report
For reporting bugs or unexpected behavior.
- Description of the bug
- Steps to reproduce
- Expected behavior
- Screenshots/logs
- Environment details
Feature Request
For suggesting new features or enhancements.
- Problem statement
- Proposed solution
- Alternative solutions
- User benefit
- Additional context
Documentation
For documentation improvements or additions.
- Documentation area
- Current content
- Proposed changes
- Reason for change
- References
Example Bug Report Template
---
name: Bug Report
about: Create a report to help us improve
title: '[BUG] '
labels: bug
assignees: ''
---
## Description
A clear and concise description of what the bug is.
## Steps To Reproduce
1. Go to '...'
2. Click on '...'
3. Scroll down to '...'
4. See error
## Expected Behavior
A clear and concise description of what you expected to happen.
## Screenshots
If applicable, add screenshots to help explain your problem.
## Environment
- Device: [e.g. Desktop, iPhone X]
- OS: [e.g. Windows 10, iOS 14]
- Browser: [e.g. Chrome 89, Safari 14]
- Version: [e.g. 1.2.0]
## Additional Context
Add any other context about the problem here.
Setting Up Project Boards
STEAM-Labz uses GitHub Projects to manage work. Each repository should have at least one project board with the following structure:
| Column | Purpose | Automation |
|---|---|---|
| Backlog | Items that are identified but not yet ready for work | New issues are added automatically |
| Ready | Issues that are fully specified and ready for development | Manual move when issue is refined |
| In Progress | Work that is actively being developed | Automated when PR linked to issue is opened |
| Review | Work that is waiting for review or has review in progress | Automated when PR is ready for review |
| Done | Work that is completed and merged | Automated when associated PR is merged |
Project Board Automation
Set up the following automation rules in your GitHub Project:
Create a new project
Navigate to the "Projects" tab in your repository or organization and click "New project".
Configure project columns
Create the columns mentioned above: Backlog, Ready, In Progress, Review, and Done.
Set up automation
For each column, click on the "..." menu and select "Manage automation". Then set up the following rules:
- Backlog: Add newly created issues
- In Progress: Move issues when linked pull requests are opened
- Review: Move issues when linked pull requests are ready for review
- Done: Move issues when they are closed or when linked pull requests are merged
Labels
Use the following standardized labels to categorize issues:
Something isn't working as expected
New feature or improvement
Documentation improvements
Further information needed
Good for newcomers
Extra attention needed
Already exists
Won't be addressed
Tip: Consider creating additional labels specific to your project, such as "frontend," "backend," "UX," or priority levels like "priority: high."
5. Documentation Standards
Good documentation is essential for any open-source project. STEAM-Labz follows a documentation-first approach, ensuring that all features, APIs, and processes are properly documented.
Documentation Types
Code Documentation
- Inline comments for complex logic
- Function and method documentation
- Class and module documentation
- API endpoint documentation
- Type definitions and interfaces
Project Documentation
- README.md with project overview
- Installation and setup guides
- Usage examples and tutorials
- Architecture diagrams
- Contribution guidelines
Documentation Format
We use Markdown for all documentation files. For the main documentation site, we use Docusaurus which provides a clean, minimalist style similar to buspirate.com.
README.md Structure
Each repository should have a well-structured README.md with the following sections:
# Project Name
Brief description of the project and its purpose within the STEAM-Labz ecosystem.
## Features
* Key feature 1
* Key feature 2
* Key feature 3
## Getting Started
### Prerequisites
List of software, tools, and dependencies required to run the project.
### Installation
Step-by-step installation instructions.
```bash
# Example installation commands
git clone https://github.com/STEAM-Labz/repository-name.git
cd repository-name
npm install
```
## Usage
Examples of how to use the project with code snippets.
## Contributing
Link to CONTRIBUTING.md with guidelines for contributing to the project.
## License
Information about the project's license.
## Contact
How to reach the maintainers.
Code Documentation Standards
For code documentation, we follow JSDoc style for JavaScript/TypeScript projects, and similar standards for other languages.
/**
* Calculates the total score for a user based on their activities
*
* @param {string} userId - The ID of the user
* @param {Object} options - Configuration options
* @param {boolean} options.includeInactive - Whether to include inactive activities
* @param {number} options.timeframe - Timeframe in days to consider
* @returns {Promise} The calculated score
* @throws {Error} If the user doesn't exist or database connection fails
*
* @example
* // Get score for active activities in the last 30 days
* const score = await calculateUserScore('user123', {
* includeInactive: false,
* timeframe: 30
* });
*/
async function calculateUserScore(userId, options = {}) {
// Function implementation
} Documentation Workflow
Document as you develop
Write documentation alongside code, not as an afterthought. This ensures documentation stays up-to-date and accurate.
Review documentation in PRs
Include documentation changes in pull requests and have them reviewed along with code changes.
Keep the docs site updated
For significant changes, update the main documentation site (steam-labz-docs) as well.
Automate when possible
Use tools to generate documentation from code comments and keep API docs up-to-date automatically.
Docusaurus Setup
For our main documentation site (steam-labz-docs), we use Docusaurus to create a clean, minimalist style similar to buspirate.com.
Install Docusaurus
npx @docusaurus/init@latest init steam-labz-docs classicConfigure theme colors
Update the docusaurus.config.js file to use STEAM-Labz brand colors.
Organize documentation structure
Create a clear structure with categories for different aspects of the project:
- Getting Started
- User Guides
- API Reference
- Contributing Guides
- Tutorials
Set up versioning
Configure documentation versioning to maintain docs for different versions of the project.
Documentation tip: Use diagrams, screenshots, and examples liberally throughout the documentation. Visual aids significantly improve comprehension.
6. Step-by-Step Guide for New Contributors
We welcome contributions from everyone! This guide will help new contributors get started with the STEAM-Labz projects, regardless of their experience level.
Getting Started
Understand the project
Before contributing, take some time to understand STEAM-Labz:
- Read the README.md files
- Explore the documentation
- Try out the platform
- Browse through existing issues and PRs
Find a task to work on
Look for issues labeled as "good first issue" or "help wanted" to get started.
- Comment on the issue to express your interest
- Ask questions if anything is unclear
- Wait for confirmation from a maintainer before starting work
Set up your development environment
# Fork the repository on GitHub
# Clone your fork
git clone https://github.com/your-username/repository-name.git
cd repository-name
# Add the original repository as upstream
git remote add upstream https://github.com/STEAM-Labz/repository-name.git
# Install dependencies
npm install # or yarn install
# Create a new branch for your work
git checkout -b feature/your-feature-nameMake your changes
Work on your changes, following the project's coding standards and guidelines:
- Write clean, readable code
- Include comments where necessary
- Write tests for your changes
- Update documentation as needed
Test your changes
# Run tests
npm test
# Run linting
npm run lint
# Fix linting issues automatically (if available)
npm run lint:fixCommit and push your changes
# Stage your changes
git add .
# Commit with a descriptive message
git commit -m "Add feature: brief description of what you did"
# Push to your fork
git push origin feature/your-feature-nameWrite good commit messages that explain what you did and why you did it.
Create a Pull Request
Go to the GitHub page of your fork and click on "Compare & pull request" for your branch.
- Fill out the PR template completely
- Reference any related issues (e.g., "Fixes #123")
- Provide clear description of what your changes do
- Request reviews from maintainers
Address review feedback
Respond to any feedback on your PR and make requested changes:
# Make additional changes based on feedback
git add .
git commit -m "Address review feedback: description of changes"
git push origin feature/your-feature-nameCommunication Channels
Join our community to get help and interact with other contributors:
Discord
Real-time chat and community discussions
GitHub Discussions
Long-form discussions and Q&A
Mailing List
Announcements and important updates
Contribution Types
There are many ways to contribute to STEAM-Labz beyond just code:
Code
Implement features, fix bugs, refactor code
Documentation
Write, update, or translate documentation
Design
Improve UI/UX, create graphics or icons
Testing
Test features, report bugs, write tests
Translation
Translate the interface or documentation
Support
Help others in discussions or forums
Advocacy
Promote STEAM-Labz, give talks
Ideas
Suggest features or improvements
Remember: Every contribution, no matter how small, is valuable and appreciated. If you're unsure about anything, don't hesitate to ask for help in our community channels.
7. Continuous Integration and Deployment Setup
STEAM-Labz uses GitHub Actions for continuous integration and deployment (CI/CD) to automate testing, build processes, and deployment to various environments.
CI/CD Workflow Overview
| Stage | Trigger | Actions | Environment |
|---|---|---|---|
| CI | Pull request, Push to any branch | Lint, Test, Build | None (verification only) |
| CD (Development) | Push to develop branch | Build, Deploy | Development (steam-labz.dev) |
| CD (Staging) | Release branch created | Build, Deploy, Integration Tests | Staging (test-labz.com) |
| CD (Production) | Push to main branch, Release published | Build, Deploy, Smoke Tests | Production (steam-labz.com) |
GitHub Actions Workflow Files
CI Workflow (.github/workflows/ci.yml)
name: CI
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint
- name: Run tests
run: npm test
- name: Build
run: npm run buildDevelopment Deployment (.github/workflows/deploy-dev.yml)
name: Deploy to Development
on:
push:
branches: [ develop ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Deploy to Ubuntu Server
uses: appleboy/scp-action@master
with:
host: ${{ secrets.DEV_SERVER_HOST }}
username: ${{ secrets.DEV_SERVER_USERNAME }}
key: ${{ secrets.DEV_SERVER_KEY }}
source: "dist/"
target: "/var/www/steam-labz.dev"
- name: Restart service
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.DEV_SERVER_HOST }}
username: ${{ secrets.DEV_SERVER_USERNAME }}
key: ${{ secrets.DEV_SERVER_KEY }}
script: |
cd /var/www/steam-labz.dev
pm2 restart steam-labz-devProduction Deployment (.github/workflows/deploy-prod.yml)
name: Deploy to Production
on:
push:
branches: [ main ]
release:
types: [ published ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '16'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build
run: npm run build
- name: Deploy to Ubuntu Server
uses: appleboy/scp-action@master
with:
host: ${{ secrets.PROD_SERVER_HOST }}
username: ${{ secrets.PROD_SERVER_USERNAME }}
key: ${{ secrets.PROD_SERVER_KEY }}
source: "dist/"
target: "/var/www/steam-labz.com"
- name: Restart service
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.PROD_SERVER_HOST }}
username: ${{ secrets.PROD_SERVER_USERNAME }}
key: ${{ secrets.PROD_SERVER_KEY }}
script: |
cd /var/www/steam-labz.com
pm2 restart steam-labz
- name: Run smoke tests
run: npm run test:smokeSetting Up GitHub Secrets
For the deployment workflows to work, you need to set up the following secrets in your GitHub repository:
- DEV_SERVER_HOST - The hostname or IP of your development server
- DEV_SERVER_USERNAME - SSH username for the development server
- DEV_SERVER_KEY - SSH private key for the development server
- PROD_SERVER_HOST - The hostname or IP of your production server
- PROD_SERVER_USERNAME - SSH username for the production server
- PROD_SERVER_KEY - SSH private key for the production server
Go to repository settings
Navigate to your repository on GitHub, then click on "Settings".
Access secrets section
In the left sidebar, click on "Secrets and variables" then "Actions".
Add secrets
Click "New repository secret" and add each of the required secrets.
Cloudflare Integration
STEAM-Labz uses Cloudflare for CDN, security, and streaming services. Here's how to integrate Cloudflare with our CI/CD pipeline:
Add Cloudflare API token to secrets
Create a Cloudflare API token with appropriate permissions and add it as CLOUDFLARE_API_TOKEN in GitHub secrets.
Add cache purging to deployment workflow
- name: Purge Cloudflare cache
run: |
curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.CLOUDFLARE_ZONE_ID }}/purge_cache" \
-H "Authorization: Bearer ${{ secrets.CLOUDFLARE_API_TOKEN }}" \
-H "Content-Type: application/json" \
--data '{"purge_everything":true}'Set up Cloudflare Pages (optional)
For static sites, consider using Cloudflare Pages for simplified deployment:
- Connect your GitHub repository to Cloudflare Pages
- Configure build settings (build command, output directory)
- Set up environment variables
- Configure branch deployments (main → production, develop → development)
Note: Remember that STEAM-Labz uses two Cloudflare accounts: most domains are under [email protected], while production-labz.com is under [email protected] with Cloudflare for Startups benefits.
8. Security Best Practices
Security is a critical aspect of any project. STEAM-Labz follows industry best practices to ensure the security of our codebase, infrastructure, and user data.
Code Security
Dependency Management
- Regularly update dependencies to patch security vulnerabilities
- Use npm audit or yarn audit to scan for vulnerabilities
- Set up Dependabot for automated security updates
- Pin dependencies to specific versions to prevent unexpected changes
- Avoid using deprecated or unmaintained packages
Secure Coding Practices
- Input validation for all user inputs
- Output encoding to prevent XSS attacks
- Parameterized queries to prevent SQL injection
- Proper error handling without exposing sensitive information
- Use secure encryption algorithms and hashing functions
- Implement proper authentication and authorization checks
Secret Management
Never store secrets (API keys, passwords, tokens) in the codebase. Instead:
- Use environment variables for configuration and secrets
- Store secrets in GitHub Secrets for CI/CD workflows
- Use a secrets manager like HashiCorp Vault for production environments
- Rotate secrets regularly and when team members leave
- Use .env files locally but exclude them from version control with .gitignore
Example .gitignore entries for secrets
# Environment variables
.env
.env.local
.env.development
.env.test
.env.production
# Private keys
*.pem
*.key
# Configuration files with secrets
config.json
secrets.jsonAuthentication and Authorization
Use secure authentication methods
- OAuth 2.0 for third-party authentication
- JWT (JSON Web Tokens) with proper expiration and refresh token rotation
- Secure password storage with bcrypt or Argon2
- Multi-factor authentication (MFA) for sensitive operations
Implement proper authorization
- Role-based access control (RBAC)
- Principle of least privilege
- Authorization checks at both API and UI levels
- Resource-based permissions
Secure session management
- Set secure and httpOnly flags on cookies
- Implement proper session timeout
- Session invalidation on logout
- CSRF protection with tokens
Infrastructure Security
Server Security
- Keep servers updated with security patches
- Use firewalls to restrict access
- Implement fail2ban to prevent brute force attacks
- Disable root SSH access
- Use SSH keys instead of passwords
- Regular security audits and vulnerability scanning
Network Security
- Use HTTPS for all connections
- Configure secure TLS settings
- Implement proper CORS policies
- Set up Content Security Policy (CSP)
- Use rate limiting to prevent DoS attacks
- Implement network segmentation where appropriate
Security Testing
Integrate security testing into your CI/CD pipeline:
Static Application Security Testing (SAST)
Use tools like ESLint with security plugins, SonarQube, or GitHub CodeQL to analyze code for security issues.
- name: Run CodeQL analysis
uses: github/codeql-action/analyze@v2Dependency scanning
Scan dependencies for known vulnerabilities.
- name: Check for vulnerabilities
run: npm auditDynamic Application Security Testing (DAST)
Use tools like OWASP ZAP to test your application for vulnerabilities during runtime.
Security-focused code reviews
Include security considerations in all code reviews.
Incident Response
Have a plan for handling security incidents:
- Create an incident response plan that outlines steps to take when a security issue is identified
- Establish a responsible disclosure policy for reporting security vulnerabilities
- Document lessons learned from any security incidents to prevent similar issues in the future
- Have a communication plan for notifying affected users if necessary
Security tip: Security is an ongoing process, not a one-time effort. Stay informed about the latest security threats and best practices by following security blogs, joining security mailing lists, and regularly reviewing your security posture.
Conclusion
This GitHub project setup guide provides a comprehensive framework for contributing to STEAM-Labz projects. By following these guidelines, we can maintain high-quality, secure, and consistent codebases across our ecosystem.
Remember that these guidelines are not set in stone. As our projects evolve, our processes and standards may change as well. We encourage all contributors to provide feedback and suggestions to improve our development practices.
Thank you for your interest in contributing to STEAM-Labz! Together, we can create an amazing platform for STEAM education and innovation.
© 2025 STEAM-Labz. All rights reserved.