18f / projects Goto Github PK

@ccostino mentioned that the about.yml specification and the convention of adding .about.yml files to project repositories is actually part of the ATO checklist for projects.

This means that if we store the canonical data in the projects db instead of .about.yml files, we might mess up the ATO process.

One option is to change the ATO process, which could be hard.

Another option, though, is to actually have projects auto-generate .about.yml files and commit them to project repositories. These auto-generated files can have comments on the top instructing readers to not modify them directly, but instead edit the data via the projects admin UI.

Thoughts on this @gboone @brendansudol?

So on Slack I mentioned that now i am sorta wishing we called this project something other than projects, because I keep reading "projects" as "list of projects", not "the project known as projects". 😅

At least on the Web I can typeset the name in monospace (e.g. projects) to disambiguate, but it might get really confusing in face-to-face/audio interactions.

Since this project is still in very early stages, should we just go ahead and rename it now, to avoid confusion?

@brendansudol trying to push up a branch to remote and getting a permission denied. thinking i don't have write access to the repo?

As mentioned here:

This is unintuitive to me--is there a reason we didn't make billable a boolean field? And even if it has to be a choice field, it's a bit unintuitive that billable is 0 and non-billable is 1. This means that the following code:

if project.billable:

will actually be checking if the project is NOT billable... 😖

This will require a schema migration and a data migration, I think.

This is done in 18F/tock#359, would be great to port the change here as well. Will also need to remove the mention of running manage.py migrate twice in the readme.

Or, alternatively, all this code is getting a bit unwieldy, so perhaps it might be a good time to factor it out into a separate pip package?

Hey, I just wanted to add an issue for this to make sure that the work/thought we've done so far on it doesn't get buried in history.

Work was started on an API in #16. However, we didn't have a concrete use case for the API. As the 18F API Standards state:

The best way to understand and address the weaknesses in an API's design and implementation is to use it in a production system.

Whenever feasible, design an API in parallel with an accompanying integration of that API.

Since we didn't have an accompanying integration of the API, we decided to close the PR for now, but pick up work on it whenever we actually have a concrete need for an API.

In order to create valid about.yml files for #18, and surface more information about who's responsible/PoC for projects in general, it might be helpful to have more metadata about people.

One way to do this may be to keep the Team API as the source of truth about individuals, but create a model for it in the DB and regularly update it by polling the Team API.

I have experience with the Team API so I could do this one if it sounds like a good idea.

I believe there exists somewhere on the internet a list of all current 18F projects. It is probably in YAML, but I'm not sure where it is.

I'm realizing as I work on #5 that it would help me immensely to see this list, so that I can better figure out what the Project model should look like.

@brendansudol or @melodykramer, any idea where this list of projects is?

As a member of 18F, I would like to check selected or all projects and have all fields exported to a CSV.

jacobian mentioned that https://github.com/18F/bug-bounty has a pretty good setup involving unittest, flake8, and bandit that sets up and runs easily on both travis and locally (see particularly tox.ini, .travis.yml, and CONTRIBUTING.md for the howto).

Should there be screenshots available with each project? If so, what dimensions would be the most useful? (And I supposed we might need to add an upload field.)

We're starting to come up with really good ideas for the dashboard and I want to ensure that we're capturing our backlog. Should we use the Wiki? Issues, tagged in a certain way? Trello? Something else?

we have 350+ possibilities for client names. maybe add an autocomplete to the admin panel like https://bitbucket.org/tyrion/django-autocomplete/wiki/Home?

This should be very easy to do via prepopulated_fields.

In #5 we added a "GitHub URL" field for projects, but it should probably be validated, so that if someone pastes in a link that's not of the form https://github.com/{ORG}/{REPO}, we reject it. Or, alternatively, normalize it if we can.

It also looks like Django 1.10 alpha 1 removes all inline JS from django-admin, according to the release notes! (In the meantime, though, we will need to not deliver the CSP headers at the /admin/ endpoint, I guess. 😞)

• Tags: drop-down menu of tags
• Contact: email address or GitHub issue
• Status: active or non-active
• Requesting agency: select from dropdown
• Business unit fulfilling request: select from dropdown
• Contributors: pull from GitHub API
• Popular: pull stars / forks from GitHub
• How can I learn more? Link to GitHub Issues page
• How can I help? Pull issues from that GitHub page labeled ‘help wanted’

Admins need to be able to log into the admin UI!

Should we use MyUSA like https://dolores-app.18f.gov/ does?

Thinking about how to tag our projects will be key to discovery mechanisms.

Two thoughts: the fewer categories, the better. @brittag smarted suggested grouping projects into three categories: Learn and Use, Partner, and Contribute.

“Contribute to 18F” might encompass micropurchase and Open Opportunities options (and the future bug bounty program) as well as contributing to our open source projects?

“Partner with 18F: learn about our projects with agency partners (both completed and in progress)”

“learn from 18F and use its materials”: material that's reuseable from other organizations.

I really like the idea of keeping this minimal, but would like @thisisdano's thoughts on this approach.

Alternatively or in addition, we could give people a dropdown list of tags from the blog: https://18f.gsa.gov/tags/ - This might also be a way to bring in related material from the blog. We would likely want to continually refresh this blog tag list, if new tags are added to the blog. (Not sure if this is the right approach or one we should take, just throwing it out there for preliminary discussion.) @gboone

Certain fields should never change:

• Name
• Slug
• Client
• Tock ID
• Cloud.gov project

Other fields may change, but should require approval by someone at the admin level:

• Tagline
• Project lead
• Description
• Impact
• Live URL
• GitHub URL(s)

Fields that may change:

• Status
• Billable

We should think about how to create a system to allow edits to be approved through an admin layer, or some other means of ensuring that everyone cannot edit every field — because that might cause errors with Tock and/or other places where we have this material. Is there a way to lock certain fields?