Best Practices for SDL
Teams should adhere to the following practices, but may vary from them
after consultation with the instructor:
- GitLab Configuration:
- All students on each team should have Maintainer role.
- Disallow pushes to the main branch. This is ensured by going
to Settings, Repository, Branch rules, view
details, Manage in protected branches, and select No
one for Allowed to push and merge. Allowed to merge
will be set to Maintainers (or Maintainers + Developers).
- Disallow squash commits: Settings, Merge requests,
scroll down to Squash commits when merging, set to Do not
allow. Save the changes.
Because our instance is hosted on gitlab.com, there is no way to change
the time zone for the project. Reports such as the burndown chart use UTC
times, so to include work that was completed after 6 or 7 pm (depending
on daylight savings time), you sometimes need to advance the date by a
day, capture the chart, and then restore it to the previous day.
Git repositories
- Always push on each commit. That is, do not fall into the dangerous
practice of doing lots of commits locally without pushing those changes
to the Git server, otherwise you and your partners will have huge
conflict resolution sessions that provide little value.
- As discussed above, never squash commits. Squashing
commits makes it impossible for instructors to
determine who did what work, leading to lower grades. However, it is ok
to delete branches; the critical commit history will still be available.
- Never rebase a commit. Doing so increases the chances of losing
code. The git commit history is not a valuable deliverable;
focus on getting the code right rather than having beautiful commit
histories. Use merges to combine branches.
- If you do commit to main by accident, move the commit to the proper
branch. You can either of the methods given by
this
page.
Design
- Break the system into the three primary layers: data layer (domain
classes/information in database), policy layer (code capturing the
rules for the system), and GUI layer (the layer that interracts with
the user).
- Never write raw SQL into a project. Always use an object relational
manager (ORM). They are available for almost all languages and platforms.
- Do not put secrets in the repository. Information like passwords
should be stored in environment variables used on the server and should
never appear in the repository.
Implementation
- Use programming language tools to create path names. For example,
use
path.join()
in Javascript
than hardcoding paths like xyz/abc.js
. This allows your
code to run under both Windows and Linux.