Hi All, G-Reg team had a discussion about designing the new asset types as a starting point for M1, implementing development governance. As explained by Senaka, project asset type will be the main type and there will be associated types such as component, dependency, rule etc.
As mentioned below in points 4.3 and 4.5 we need to have a rule type and also a rule service endpoint for the processes such as automatic validation of dependencies. The rule service will process the input (dependency name, versions, etc) and return a true/false answer for validation. Few suggestions came up for this implementation: 1. Define rule set in the repository as a rule map and process it when a request comes and return the result 2. Use a rule engine (BRS?) for rule processing We need further understanding about the scenarios to decide on this and any input related to this would be really helpful. Regards! Isuruwan On Wed, Jan 15, 2014 at 10:22 AM, Senaka Fernando <[email protected]> wrote: > Hi all, > > Further to Eranda's notes. We used [1] to track the overall progress and > we will update this with corresponding Redmine issues. > > *M1 Goals* > Let me outline the process we are going to follow. C5 will implement > governance using this model, and we will assumed that C5 is a project > starting from scratch, though some code had already been committed to git. > > 1. We will start with a project asset type in G-Reg, which will be > used to group together things that we going to create, and things that we > are reusing. > 2. The project asset will be used by a PM-type person, and the > metadata associated with this asset will include things like git repository > location, redmine project link etc. > 3. When creating this project asset type, we might identify > duplication information in the AppFactory's application asset, which we > will take note of. When we incorporate these changes to AppFactory we will > fix that properly to remove everything that is duplicated. > 4. Then we will let the developer write his/her code and run some > script (something to scan a git repo periodically) against it. Using the > POM: > 1. We will identify what type of asset has been created (ex:- API > or SPI). Developer will annotate the code accordingly or we will > generate > some kind of notification requesting the developer to fill that > information > in the respective governance UIs. > 2. For the above to work, only fixed types of assets can be created > within a particular project type and the PM will graphically configure > these in the project asset created in #2 above. Using this > configuration we > will generate some rules to validate and report unknown types of code. > 3. We will figure out the dependencies, and validate the following > details of those: > 1. Version numbers have either been approved, or we will request > approval. > 2. Release date of dependency within a particular range unless > otherwise approved to be the latest. This sort of approval will > require > extending the range and if we exceed the range for the second time, > the > process will be repeated. This will make sure things are not > outdated. > 3. License is one of those specified by the PM in the > configuration process of #2. > 4. If the dependency is unknown, it will have to be formally > approved. Approval events like these would be tracked in a way that we > can > produce some sort of report on a later date. > 5. We will also validate additional rules such as repository URLs, > maven best practices etc. These ruleset will be committed to some > standard > repo and will be referenced in the Development Governance Guidelines > documentation. Those who want to write their own rules can do so by > following these guidelines. > 5. Jenkins will be interfaced with this project and we will use it > obtain status of the build. > 6. We will also make it possible to connect to a code quality tool to > obtain results of code quality. We use "erainsight" for this purpose. This > is a proprietary tool, and others might not be using the same - for such we > will keep this as an extension point. > 7. For things like Jenkins and code quality tools, there will be a > one-time configuration the PM needs to make to make it possible for us to > link this project with the relevant Jenkins project and vice versa. > > We will come up with the corresponding Redmine Issues and the relevant > discussions and user stories shortly. M1 will cover the first five steps on > the End-to-End process. > > *Things that we need further understanding* > > There are various other steps that people need to complete in the > lifecycle to get the project to a state where development is completed and > ready to move to the next state. One such example is the process WSO2 > follows - The DONE-DONE model with Redmine. > > Things like this will be modelled using checklists. We can of course > relate the entire project we defined in state #2 with the corresponding > Redmine project, but there can be multiple Redmine issues related to a > single component. We need to find a way to link all of these into the > checklist model or if that is not possible we will have to keep the two > separate and simply validate the completion of all the related redmine > issues (but not the individual status of each). In that validation process, > we can check whether each individual Redmine Issue has the required > information for us to consider each project is DONE-DONE (ex:- Code Review > details from Crucible should be available). > > *Out of Scope for M1* > To complete the story, we also have the following requirements that are > out of scope: > > 1. Support for Creating Projects in AppFactory. > 2. Integration of AppFactory's application creation process with this > governance model. > 3. Displaying the worklist items inside Developer Studio. > 4. AppFactory supporting GitHub-model instead of the Git-Hook for > triggering Jenkins. > > Post-M1, based on what we do now (which will be validated by the C5 > development work), we will come up with milestone items for both Developer > Studio and AppFactory to get these pieces completed. > [1] > https://docs.google.com/a/wso2.com/spreadsheet/ccc?key=0AsfbsBeGq_8LdFN5X19fS0FMdkI0cjNWUXg3bUpqUVE&disco=AAAAAHujWNs#gid=0 > > Thanks, > Senaka. > > On Tue, Jan 14, 2014 at 3:37 PM, Eranda Sooriyabandara <[email protected]>wrote: > >> In this meeting first we identified the following areas which we need to >> address in governance 2.0 >> >> 1. Create and govern high level project >> 2. Service level assets to fit in to high level project assets >> 3. Configuring ant/maven >> 4. Code build pass/fail indicators/Redirect to jenkins when we need >> further details >> >> After that we decided to create a governance framework which we can use >> in our Carbon 5 release which we can introduce to the customers as our >> governance model in WSO2Con Asia. Here are the things we will be planning >> to implement in the first milestone. >> >> Govern C5 >> >> Governing API/SPI Bundles >> >> - Identifying SPIs and APIs - Annotations for APIs (Developer should >> mind in creating APIs) / (If annotation not found asking the developer >> whether SPI or a API) >> - Imported and Exported packages in the bundle >> - What interfaces should be exposed >> - Java docs, styling >> - Unit tests, find bugs, sonar (Reports for build and for code >> quality analyse. Alert for security and other violations) >> - Best practice enforcement >> - Dependency analysis - Licence compatibility (Rules and templates >> can be used for checking the compatibility of the licence.) >> - Writing rules : Import custom policies/ Create policies >> - Version compatibility - >> - Should be able to specify the compatible versions/ >> - Should be able to automatically notify if there is a new >> version (New version available for xxx/ No new version available) >> - Additional dependency need to be approved before adding/person >> of adding >> - Reviews should be a part of the lifecycle - Code reviews and Arch >> reviews etc... (link should be added and by the time of checking the >> crucible or other related link should be filled) >> - Follow up tasks for code reviews should be enforced >> - Worklist support should be enforced to the eclipse and >> app-factory >> - As a developer I should be able to use a IDE plugin for above >> tasks, not practical to login to some other servers >> >> >> Please feel free to add anything if I missed anything here. >> >> thanks >> Eranda >> >> >> On Sat, Jan 11, 2014 at 4:11 PM, [email protected] <[email protected]> wrote: >> >>> Hi all, >>> >>> Please try to make yourself available for this meeting on Tuesday, >>> eventhough its a holiday. We need to get started with the Governance 2.0 >>> work immediately and we had no choice other than Tuesday to set this up >>> based on the busy schedules and travel plans of those who need to attend. >>> >>> Thanks for your understanding. >>> >>> Thanks, >>> Senaka. >>> Governance 2.0 Milestone Planning Meeting >>> Go through the 45 point list of things we need to do to get the >>> governance story right and prioritize on what to work on first. >>> *When* >>> Tue Jan 14, 2014 11am – 12pm Colombo >>> *Where* >>> LK 5th Floor Meeting Room - Garage >>> (map<http://maps.google.lk/maps?q=LK+5th+Floor+Meeting+Room+-+Garage&hl=en> >>> ) >>> *Who* >>> • >>> Senaka Fernando - organizer >>> • >>> Selvaratnam Uthaiyashankar >>> • >>> Sumedha Rubasinghe >>> • >>> Sanjiva Weerawarana >>> • >>> Shazni Nazir >>> • >>> Eranda Sooriyabandara >>> • >>> Chandana Napagoda >>> • >>> Sameera Perera >>> • >>> Isabelle Mauny >>> • >>> Dimuthu Leelarathne >>> • >>> Shelan Perera >>> • >>> Vijitha Kumara >>> • >>> Isuruwan Herath >>> • >>> Sameera Jayasoma >>> >>> >> >> >> -- >> >> *Eranda Sooriyabandara *Senior Software Engineer; >> Integration Technologies Team; >> WSO2 Inc.; http://wso2.com >> Lean . Enterprise . Middleware >> >> E-mail: eranda AT wso2.com >> Mobile: +94 716 472 816 >> Linked-In: http://www.linkedin.com/in/erandasooriyabandara >> Blog: http://emsooriyabandara.blogspot.com/ >> >> >> >> >> > > > -- > *Senaka Fernando* > Senior Technical Lead; WSO2 Inc.; http://wso2.com > > > > * Member; Apache Software Foundation; http://apache.org > <http://apache.org>E-mail: senaka AT wso2.com <http://wso2.com>**P: +1 > 408 754 7388 <%2B1%20408%20754%207388>; ext: 51736*; > > > *M: +94 77 322 1818 <%2B94%2077%20322%201818> Linked-In: > http://linkedin.com/in/senakafernando > <http://linkedin.com/in/senakafernando>* > Lean . Enterprise . Middleware > -- Isuruwan Herath Technical Lead Contact: +94 776 273 296
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
