-
Notifications
You must be signed in to change notification settings - Fork 1
Home
The VTA has a Board of Director's initiative to become an innovator in technology within Silicon Valley for other government agencies to learn and adopt software development best practices, industry-standards, technical knowledge, and further promote public transit adoption.
As such, we have decided upon a standardized set of industry-standard tools for everyday development tasks that promote best practices and adherence to acceptable coding/security policies.
We recommend reading our Agile Development Guidelines first to get an overview of VTA developer, vendor, and partner expectations and best practices for team collaboration.
Please review the VTA Agile Development Guidelines
We have identified the standards as set forth by GitHub and the Agile Alliance to be acceptable coding practices for application development and production deployment. We recommend developers adhere to the guidelines, templates, process flows, and terminology defining Agile methodologies and feature branch workflows with team collaboration.
- Agile Essentials - Agile methodologies source reference
- Agile Glossary - Agile terminology definitions and usage contexts
- GitHub Best Practices - GitHub recommendations
- GitHub Hello World - GitHub feature branch team workflow example
- YouTube GitHub Video - GitHub pull requests, branches, and merging
An enhanced text editor such as Sublime or Notepad++ does not provide sufficient code hinting, syntax checking, class inspections, and an actual IDE (Integrated Development Environment) for running unit tests and step/trace debugging. Please do not use a text editor.
We recommend using a real IDE (Integrated Development Environment) and favor the JetBrains products where ever possible in development as their feature sets tend to be the richest, most mature, and widely supported for all languages and platforms. Using specific Microsoft Visual Studio tools is undoubtedly appropriate when working with Windows-specific applications, servers, databases, and back-office applications.
Easily the most advanced, complete, full feature set, most productive editor tools, and robust IDE available for quality code development and maintenance today. The vast selection of marketplace plugins, integrations, and command-line interface tools makes this IDE our top choice for design, development, and deployment.
Download the JetBrains Toolbox and then install the Trial Edition of IntelliJ Ultimate. Once installed, talk with lead for license key activation. After you have successfully installed IntelliJ Ultimate please install the following plugins:
- .ignore - .gitignore file management extension
- BashSupport - Bash shell script programming extension
- CSV Plugin - CSV file handling and data transformation plugin
- Docker - Docker container support
- Git Flow Integration - Git Flow integration including Changelogs and Release Notes
- GitToolbox - Git Toolbox with advanced GUI based tools for version control
- Karma - Javascript testinig framework integration extension
- Markdown Navigator - Intelligent GFM Markdown support, syntax checking and live previews
- Table Of Contents Extension - Markdown Navigator automatic table of contents feature
- Perl - Perl programming language IDE extension for IntelliJ
- PhoneGap/Cordova Plugin - Cordova framework support with project wizard and event handling
- PHP - PHP programming language IDE extension for IntelliJ
- PHP Annotations - PHP Annotations support with class inspections and validation tools
- PHP Inspections (EA Extended) - PHP Inspections for static code analysis and conformance
- Python - Python programming language IDE extension for IntelliJ
- Symfony Support - Symfony 4 micro-kernel framework support for IntelliJ
- Twig Support - Twig templating language support with type hinting, inspections, and path referencing
Simply open File -> Settings -> Plugins: then browse Marketplace and install the above and restart IDE
When project requirements need to read/write access to Microsoft services like SharePoint, MSSQL, O365, and .NET services, it is recommended to use their Visual Studio IDE tools to provide code testing and coverage appropriately. As it provides Microsoft proprietary insights to proper usage of their operating system specific platform services.
- Wikipedia - Microsoft Visual Studio
- Visual Studio Documentation
- Visual Studio Testing Tools
- Visual Studio GitHub Extension
Many VTA projects require a relational database to correlate information from different sources and provide the data transaction history for reviewing application events. Occasionally business logic and application design requirements need a key/pair or NoSQL database implementation to provide analysis of data trends, out wires, anomalies, and identify patterns using machine learning or business intelligence tools.
We request developers to use database IDE tools to provide documentation with application proposals, designs, and revisions, including an ERD (Entity Relationship Diagram) to assist in visualizing the schema dependencies and intended application business logic.
We have found the MySQL Workbench tool to be an excellent resource similar to IntelliJ as it provides a rich RDBMS (Relational Database Management System) IDE for designing database Schemas with foreign key relationships between the tables. The toolset found MySQL Workbench is dynamic enough to be applied to other RDBMS systems supporting CSV file import/export methods to provide documentation, schema diagrams, and maintain version control for production systems.
- MySQL Workbench Community Edition - Download link for Open Source Community Edition
- MySQl Workbench Manual - Documentation for MySQL Workbench with tutorials
- MySQL Workbench Plugins - Collection of plugins and documentation
- MySQL Workbench Data Dictionary - Generates documentation from model schema
VTA also makes extensive use of PostgreSQL databases specifically focused on PostGIS operations with GPS data and GIS analysis tools for public transit planning and traffic congestion management purposes. For this reason, we recommend using the following available PostgreSQL IDE open-source tools freely available on the web today.
In keeping with Agile methodologies best practices for software development, the VTA development team, and software development vendors or partners are expected to correlate their GitHub activities with either our OpenProject instance or similar tools like Asana for project management.
We have adopted the practice of referencing GitHub issues with OpenProject work package items and vice versa. This practice of associating the project activity with the development activity has significantly improved our coding standards and daily development workflow.
The easiest method to implement the documentation linkage is by hyperlinking the GitHub issue back to the OpenProject or Asana URL as the very first line of the issue using PIPE POUND URL notation:
|# - https://projects.vta.org/projects/devops-server/work_packages/66/activity
Conclusively this indicates which feature, epic, task, or user story the GitHub issue is associated with and helps identify the progress of the Sprint and total completion of the feature branch or milestone. Conformance to the PIPE POUND URL notation is strongly encouraged as it permits automated Sprint and Project Management integration of workflows, timelines, and developer activities.
VTA adheres to the current industry recommended Agile and SDLC (Software Development Life Cycle) best practices for software versioning and production deployment procedures.
Developers, both internal and external, are expected to follow the Git Feature Branch model as it provides automated project management workflows using GitHub issue tickets and project boards.
Change management and production deployments are managed and validated with traditional UAT (User Acceptance Testing) sign-off of work completed as done/done.
Upon testing validation, all production releases receive a Semantic Versioning tagged release number along with updated changelog notes. Only tagged and documented releases are acceptable for production usage and deployment.
VTA follows the principles and practices recommended by Open Web Application Security Project (OWASP) specifications for application development and deployment. All software applications should conform to the Core Rule Set used by ModSecurity for Apache and Nginx servers.
Application development workflows should include static code analysis and application security principles to identify any possible web security risks, including XSS, CSRF, CORS, SQL Injection, and privacy risks associated with the exchange of information.
- OWASP Top 10 - 2017 - The Ten Most Critical Web Application Security Risks
- The Core Rule Set - Generic detection of application layer attacks