3

Engineering Fundamentals Checklist

 2 years ago
source link: https://microsoft.github.io/code-with-engineering-playbook/ENG-FUNDAMENTALS-CHECKLIST/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Engineering Fundamentals Checklist

This checklist helps to ensure that our projects meet our Engineering Fundamentals.

Source Control

  • The default target branch is locked.
  • Merges are done through PRs.
  • PRs reference related work items.
  • Commit history is consistent and commit messages are informative (what, why).
  • Consistent branch naming conventions.
  • Clear documentation of repository structure.
  • Secrets are not part of the commit history or made public. (see Credential scanning)
  • Public repositories follow the OSS guidelines, see Required files in default branch for public repositories.

More details on source control

Work Item Tracking

  • All items are tracked in AzDevOps (or similar).
  • The board is organized (swim lanes, feature tags, technology tags).

More details on backlog management

Testing

  • Unit tests cover the majority of all components (>90% if possible).
  • Integration tests run to test the solution e2e.

More details on automated testing

CI/CD

  • Project runs CI with automated build and test on each PR.
  • Project uses CD to manage deployments to a replica environment before PRs are merged.
  • Main branch is always shippable.

More details on continuous integration and continuous delivery

Security

  • Access is only granted on an as needed bases
  • Secrets are stored in secured locations and not checked in to code
  • Data is encrypted in transit (and if necessary at rest) and passwords are hashed
  • Is the system split into logical segments with separation of concerns? This helps limiting security vulnerabilities.

More details on security

Observability

  • Significant business and functional events are tracked and related metrics collected.
  • Application faults and errors are logged.
  • Health of the system is monitored.
  • The client and server side observability data can be differentiated.
  • Logging configuration can be modified without code changes (eg: verbose mode).
  • Incoming tracing context is propagated to allow for production issue debugging purposes.
  • GDPR compliance is ensured regarding PII (Personally Identifiable Information).

More details on observability

Agile/Scrum

  • Process Lead (fixed/rotating) runs the daily standup
  • The agile process is clearly defined within team.
  • The Dev Lead (+ PO/Others) are responsible for backlog management and refinement.
  • A working agreement is established between team members and customer.

More details on agile development

Design Reviews

  • Process for conducting design reviews is included in the Working Agreement.
  • Design reviews for each major component of the solution are carried out and documented, including alternatives.
  • Stories and/or PRs link to the design document.
  • Each user story includes a task for design review by default, which is assigned or removed during sprint planning.
  • Project advisors are invited to design reviews or asked to give feedback to the design decisions captured in documentation.
  • Discover all the reviews that the customer's processes require and plan for them.
  • Clear non-functional requirements captured (see Non-Functional Requirements Guidance)

More details on design reviews

Code Reviews

  • There is a clear agreement in the team as to function of code reviews.
  • The team has a code review checklist or established process.
  • A minimum number of reviewers (usually 2) for a PR merge is enforced by policy.
  • Linters/Code Analyzers, unit tests and successful builds for PR merges are set up.
  • There is a process to enforce a quick review turnaround.

More details on code reviews

Retrospectives

  • Retrospectives are conducted each week/at the end of each sprint.
  • The team identifies 1-3 proposed experiments to try each week/sprint to improve the process.
  • Experiments have owners and are added to project backlog.
  • The team conducts longer retrospective for Milestones and project completion.

More details on retrospectives

Engineering Feedback

  • The team submits feedback on business and technical blockers that prevent project success
  • Suggestions for improvements are incorporated in the solution
  • Feedback is detailed and repeatable

More details on engineering feedback

Developer Experience (DevEx)

Developers on the team can:

  • Build/Compile source to verify it is free of syntax errors and compiles.
  • Execute all automated tests (unit, e2e, etc).
  • Start/Launch end-to-end to simulate execution in a deployed environment.
  • Attach a debugger to started solution or running automated tests, set breakpoints, step through code, and inspect variables.
  • Automatically install dependencies by pressing F5 (or equivalent) in their IDE.
  • Use local dev configuration values (i.e. .env, appsettings.development.json).

More details on developer experience

Last update: July 9, 2021

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK