Best Practices for SDL

Teams should adhere to the following practices, but may vary from them after consultation with the instructor:

• GitLab Configuration:
  • All students on each team should have Maintainer role.
  • Disallow pushes to the main branch. This is ensured by going to Settings, Repository, Branch rules, view details, Manage in protected branches, and select No one for Allowed to push and merge. Allowed to merge will be set to Maintainers (or Maintainers + Developers).
  • Disallow squash commits: Settings, Merge requests, scroll down to Squash commits when merging, set to Do not allow. Save the changes.
  Because our instance is hosted on gitlab.com, there is no way to change the time zone for the project. Reports such as the burndown chart use UTC times, so to include work that was completed after 6 or 7 pm (depending on daylight savings time), you sometimes need to advance the date by a day, capture the chart, and then restore it to the previous day.
• Git repositories
  • Always push on each commit. That is, do not fall into the dangerous practice of doing lots of commits locally without pushing those changes to the Git server, otherwise you and your partners will have huge conflict resolution sessions that provide little value.
  • As discussed above, never squash commits. Squashing commits makes it impossible for instructors to determine who did what work, leading to lower grades. However, it is ok to delete branches; the critical commit history will still be available.
  • Never rebase a commit. Doing so increases the chances of losing code. The git commit history is not a valuable deliverable; focus on getting the code right rather than having beautiful commit histories. Use merges to combine branches.
  • If you do commit to main by accident, move the commit to the proper branch. You can either of the methods given by this page.
• Design
  • Break the system into the three primary layers: data layer (domain classes/information in database), policy layer (code capturing the rules for the system), and GUI layer (the layer that interracts with the user).
  • Never write raw SQL into a project. Always use an object relational manager (ORM). They are available for almost all languages and platforms.
  • Do not put secrets in the repository. Information like passwords should be stored in environment variables used on the server and should never appear in the repository.
• Implementation
  • Use programming language tools to create path names. For example, use path.join() in Javascript than hardcoding paths like xyz/abc.js. This allows your code to run under both Windows and Linux.