Skip to content
linuxwebexpert edited this page Oct 7, 2019 · 6 revisions

Table of Contents

Web & Mobile Developer Guidelines

The VTA has a Board of Director's initiative to become an innovator in technology within Silicon Valley for other government agencies to learn and adopt software development best practices, industry-standards, technical knowledge, and further promote public transit adoption.

As such, we have decided upon a standardized set of industry-standard tools for everyday development tasks that promote best practices and adherence to acceptable coding/security policies.

We recommend reading our Agile Development Guidelines first to get an overview of VTA developer, vendor, and partner expectations and best practices for team collaboration.


Please review the VTA Agile Development Guidelines

Agile development standards

We have identified the standards as set forth by GitHub and the Agile Alliance to be acceptable coding practices for application development and production deployment. We recommend developers adhere to the guidelines, templates, process flows, and terminology defining Agile methodologies and feature branch workflows with team collaboration.

Software development tools

An enhanced text editor such as Sublime or Notepad++ does not provide sufficient code hinting, syntax checking, class inspections, and an actual IDE (Integrated Development Environment) for running unit tests and step/trace debugging. Please do not use a text editor.

We recommend using a real IDE (Integrated Development Environment) and favor the JetBrains products where ever possible in development as their feature sets tend to be the richest, most mature, and widely supported for all languages and platforms. Using specific Microsoft Visual Studio tools is undoubtedly appropriate when working with Windows-specific applications, servers, databases, and back-office applications.

JetBrains IntelliJ Ultimate

Easily the most advanced, complete, full feature set, most productive editor tools, and robust IDE available for quality code development and maintenance today. The vast selection of marketplace plugins, integrations, and command-line interface tools makes this IDE our top choice for design, development, and deployment.

IntelliJ Plugins

Download the JetBrains Toolbox and then install the Trial Edition of IntelliJ Ultimate. Once installed, talk with lead for license key activation. After you have successfully installed IntelliJ Ultimate please install the following plugins:

  • .ignore - .gitignore file management extension
  • BashSupport - Bash shell script programming extension
  • CSV Plugin - CSV file handling and data transformation plugin
  • Docker - Docker container support
  • Git Flow Integration - Git Flow integration including Changelogs and Release Notes
  • GitToolbox - Git Toolbox with advanced GUI based tools for version control
  • Karma - Javascript testinig framework integration extension
  • Markdown Navigator - Intelligent GFM Markdown support, syntax checking and live previews
  • Table Of Contents Extension - Markdown Navigator automatic table of contents feature
  • Perl - Perl programming language IDE extension for IntelliJ
  • PhoneGap/Cordova Plugin - Cordova framework support with project wizard and event handling
  • PHP - PHP programming language IDE extension for IntelliJ
  • PHP Annotations - PHP Annotations support with class inspections and validation tools
  • PHP Inspections (EA Extended) - PHP Inspections for static code analysis and conformance
  • Python - Python programming language IDE extension for IntelliJ
  • Symfony Support - Symfony 4 micro-kernel framework support for IntelliJ
  • Twig Support - Twig templating language support with type hinting, inspections, and path referencing

Simply open File -> Settings -> Plugins: then browse Marketplace and install the above and restart IDE

Microsoft Visual Studio

When project requirements need to read/write access to Microsoft services like SharePoint, MSSQL, O365, and .NET services, it is recommended to use their Visual Studio IDE tools to provide code testing and coverage appropriately. As it provides Microsoft proprietary insights to proper usage of their operating system specific platform services.

Database design tools

Many VTA projects require a relational database to correlate information from different sources and provide the data transaction history for reviewing application events. Occasionally business logic and application design requirements need a key/pair or NoSQL database implementation to provide analysis of data trends, out wires, anomalies, and identify patterns using machine learning or business intelligence tools.

We request developers to use database IDE tools to provide documentation with application proposals, designs, and revisions, including an ERD (Entity Relationship Diagram) to assist in visualizing the schema dependencies and intended application business logic.

MySQL Workbench Community Edition

We have found the MySQL Workbench tool to be an excellent resource similar to IntelliJ as it provides a rich RDBMS (Relational Database Management System) IDE for designing database Schemas with foreign key relationships between the tables. The toolset found MySQL Workbench is dynamic enough to be applied to other RDBMS systems supporting CSV file import/export methods to provide documentation, schema diagrams, and maintain version control for production systems.

pgModeler

VTA also makes extensive use of PostgreSQL databases specifically focused on PostGIS operations with GPS data and GIS analysis tools for public transit planning and traffic congestion management purposes. For this reason, we recommend using the following available PostgreSQL IDE open-source tools freely available on the web today.

Project Management

In keeping with Agile methodologies best practices for software development, the VTA development team, and software development vendors or partners are expected to correlate their GitHub activities with either our OpenProject instance or similar tools like Asana for project management.

We have adopted the practice of referencing GitHub issues with OpenProject work package items and vice versa. This practice of associating the project activity with the development activity has significantly improved our coding standards and daily development workflow.

The easiest method to implement the documentation linkage is by hyperlinking the GitHub issue back to the OpenProject or Asana URL as the very first line of the issue using PIPE POUND URL notation: |# - https://projects.vta.org/projects/devops-server/work_packages/66/activity

Conclusively this indicates which feature, epic, task, or user story the GitHub issue is associated with and helps identify the progress of the Sprint and total completion of the feature branch or milestone. Conformance to the PIPE POUND URL notation is strongly encouraged as it permits automated Sprint and Project Management integration of workflows, timelines, and developer activities.

Version control and change management

VTA adheres to the current industry recommended Agile and SDLC (Software Development Life Cycle) best practices for software versioning and production deployment procedures.

Developers, both internal and external, are expected to follow the Git Feature Branch model as it provides automated project management workflows using GitHub issue tickets and project boards.

Change management and production deployments are managed and validated with traditional UAT (User Acceptance Testing) sign-off of work completed as done/done.

Upon testing validation, all production releases receive a Semantic Versioning tagged release number along with updated changelog notes. Only tagged and documented releases are acceptable for production usage and deployment.

Security recommendations

VTA follows the principles and practices recommended by Open Web Application Security Project (OWASP) specifications for application development and deployment. All software applications should conform to the Core Rule Set used by ModSecurity for Apache and Nginx servers.

Application development workflows should include static code analysis and application security principles to identify any possible web security risks, including XSS, CSRF, CORS, SQL Injection, and privacy risks associated with the exchange of information.

Clone this wiki locally