Goals / Recommendation

Go through some of the features available in Azure DevOps server (Git, pipelines, containers, integration with VSCode and VS Studio 2019, etc.)

Expecting to have 2 parts:

• Part 1 will be how to do what we did in TFS 2015 in ADO
• Part 2 will be exploring new ADO tools and features, like pipelines.

Community Expectations

Azure DevOps Server is about to be used in ESDC, this session would be an overview of the features.

References

https://docs.microsoft.com/en-us/azure/devops/server/whats-new?view=azure-devops

Goals / Recommendation

Advertise/Show/Demonstrate that these tools exist and are easy to use. How the make the developers live easier.

Community Expectations

These tools are practically mandated for use in our department.
Most developers should know about them, but likely not a lot.

References

https://gccode.ssc-spc.gc.ca/iitb-dgiit/sds/GOCWebTemplates/DotNetTemplates
https://gccode.ssc-spc.gc.ca/iitb-dgiit/sds/GOCWebTemplates/JavaTemplates

Goals / Recommendation

Show how/when/why to use feature flags in applications.

Community Expectations

Most are aware of the idea and what they might need to do it, but aren't.

References

Add Azure DevOps, can also add link to the official documentation.

The navigation across pages and where to find documents is difficult and needs to be improved.

Because of the GitHub Pages, we'll need to find a plugin that would support a common menu.

Goals / Recommendation

We are recommending TFVC to Git (and SVN to Git) with the goal being all solutions on Git (with no specific date yet)
https://esdc-devcop.github.io/strategy/guides/tfvc-to-git.html

We are also recommending TFS to GCcode (or GitHub); with the expectation that most teams will not follow this recommendation right now and stay in TFS. The goal is to have everyone in GitHub other than a few solutions that have exceptions to be in either GCcode or Azure DevOps.
https://esdc-devcop.github.io/strategy/guides/tfs-to-gccode.html

Clarification:
If I team is migrating away from TFS to either GCcode or GitHub, they should only be using TFS for deploying to SADE, and that’s only if they aren’t using Jenkins to deploy to SADE.

Thoughts:

• People know about Git already
• Repo can be in TFS, GCcode, or GitHub

Plan:

• Into session, demo to show how to do it
• 2 hackathon sessions, walk though with people converting their repos. Have floaters to assist.

Create Deck regarding Debugging

We should have a page of services that are available to developers, and recommend the best use for those services. The services could be internally built or externally.

https://www.gcpedia.gc.ca/wiki/ESDC_Development_Community_-_Developer_Services

"Equipping ESDC developers with skills, knowledge and tools to continuously modernize the software they develop."

Add 'Home' item

Add 'Home' menu item
Add menu item to the left most position.
Redirects to file: index

Modify the following Main Menu header titles

Recommendations : Recommended tools
Redirect to file: tools

Guides: Best Practices
Redirect to file: guides

Events: Presentations
Redirect to file: events

Goals / Recommendation

tbd

Community Expectations

tbd

References

We need to update the name of the repo as the purpose has changed to be more a global space for hosting documents. The documents that are "published" are to be shown though GitHub Pages. In order to edit the header info on Pages, we have to change the name of the repo changing the location as well.

Using the name esdc-devcop.github.io will allow the root page to be at the address https://esdc-devcop.github.io/.

cc @Path125 @jeanbenoitrochon

Modify 'Home' Page (https://esdc-devcop.github.io/)
File: index

Use attached file for content
index.docx

What page is the issue on: tools.html

Problem

A number of links are dead or not working.

Expected Result

All links should work.

Goals / Recommendation

Community Expectations

References

Goals / Recommendation

Showcase tools and scripts used to automate a11y (accessibility) testing.

Demonstrate how tools can be used to speed up delivery time and what can be done today to start using these tools on all of our applications today, even the legacy stuff.

As the a11y testing is actually quite short, a walk-though of the CCP-D Tech Stack will be shown as well.

Would relate/cover the ideas from topics #85 #8

Community Expectations

• Knows a11y is important
• Knows some of the basic rules of a11y
• Is only doing manual a11y testing though the a11y group

References

https://github.com/esdc-devx/auto-a11y-demo

Goals / Recommendation

Describe why pull (merge) requests and code review are important.

Explain the use of Merge Requests, tracking the changes as code moves from branch to branch. Describing how to develop so merge requests are manageable.
Explain what it is that is being reviewed in a code review and how to do that effectively.

Thoughts:

• Code review has been tried before with poor tools and wasn't sustainable.

Plan:

Demonstrate a code review.

Related Issues

• esdc-devcop/presentations#25
• esdc-devcop/recommendations#10

Goals / Recommendation

Moving CDTS to open source node project under wet-boew organization. Changing CDTS to compile with NodeJS and using Travis to deploy to different environments.

Community Expectations

Looking for contributors, suggestions on how to make this project CI/CD.

References

wet-boew/cdts-sgdc (Coming soon)

“You can view the presentations that are planned for the year.”

ajouter une section pour le « Poker Estimation » dans nos Pages GitHub

1. Rajoute la section”Poker Estimation” sous la section “Practices” dans la page « guides » https://github.com/esdc-devcop/esdc-devcop.github.io/blob/master/_pages/guides.md

2. Les images doivent etre placés dans un folder « PokerEstimation » que tu dois créée sous https://github.com/esdc-devcop/esdc-devcop.github.io/tree/master/assets

3. Créé toi une page PokerEstimation.md sous le répertoire suivant https://github.com/esdc-devcop/esdc-devcop.github.io/tree/master/_guides et mets le contenu du courriel que je t'ai envoyé.
   Mets le texte en anglais et en français et les images qui ont été envoyés par courriel

The Recommended tools table broke when deployed to pages.
https://esdc-devcop.github.io/strategy/recommendation/tools.html

It's breaking wherever there is a rowspan element added.

Goals / Recommendation

Show how Puppeteer and Cypress can be leveraged to easily run End-to-end testing and Accessibility testing.

Community Expectations

Assuming most know almost nothing about Puppeteer or Cypress
Assuming most know they should be doing A11y testing but don't
Assuming most don't consider e2e testing.

References

https://github.com/esdc-devx/auto-a11y-demo
Relates to #6 #8

“DevCoP presentation every month (excluding July and August).”

What page is the issue on:
https://esdc-devcop.github.io/recommendations/artifactory.html

Problem

We can't use artifactory anymore due to "licensing issues" (I don't know the details of what happened to the procurement)

Expected Result

Delete section, or make new recommendation. Not sure whether the on-prem ADO artifacts can provide a full replacement, but some teams have been using it, especially when there are proxy issues getting to nuget.org

“Starting in 2020, a Milestone will be created for each monthly DevCoP presentation. When asking a question, please select the appropriate Milestone to indicate which DevCoP presentation requires an answer.”

Simply create an issue and reference the presenation in the description

Goals / Recommendation

Would perform blackbox security testing with automated tools.

Community Expectations

References

OWASP ZAP --> A full featured free and open source DAST tool that includes both automated scanning for vulnerabilities and tools to assist expert manual web app pen testing. Can be integrated into the CI/CD Pipeline (e.g. Jenkins).

Goals / Recommendation

Would be great if we create a series of small demo of a pipeline based on different categories.
Example :

• Security analysis tools
• Code quality analysis (Roselyn, FxCop, etc)
• Performance analysis tools
• Accessibility analysis tools

To show these tool, we can build a sample project (ex : todo app) with some predefined examples of bad code)
And then doing live demo of theses.

Community Expectations

Present the tools to show the benefit and how it changes your dev workflow.

References

to do ...

• PaaS
• IaaS

The strategy is changing to include streams and hasn't had the time to focus on management support. So the documentation on this should be updated.

This doc is getting migrated to GitHub, we'll need to make sure the link gets updated when it does, if it hasn't already.

Originally posted by @s-laugh in #67

We need to decide on what to do with all the info currently stored on GCPedia for the past years presentation martial and videos.

Do we need to keep all, some, or none of it?
Where do we put it?

https://www.gcpedia.gc.ca/wiki/ESDC_Development_Community_-_Dev_CoP

Goals / Recommendation

Hi DevCop!

I am sending this on behalf of the IT Strategy team, who would like to inform your community regarding our Continuous Learning and Improvement Strategy for Q1 of 2020 .

Over the course of the next few weeks, the team will be engaging in outreach throughout IITB, and relevant parties throughout the organization, to socialize its approach to assisting IITB with its digital transformation and alignment with the Policy on Service and Digital and the Digital Operations Strategic Plan: 2018-2022. The aim of this outreach is to raise awareness, ensure that groups looking to start leveraging this strategy during Q1 understand how it can benefit them, and help teams throughout IITB deliver on their mandates.

Please let us know when we would be able to present our approach to your community.

Thank you for your time.

Sincerely,

Community Expectations

Provide general feedback on the initiative. No prior knowledge needed.

References

• Continuous Learning and Improvement Q1 Strategy (current iteration)
• ESDC IT Strategy Team Description
• ESDC IT Strategy Team Workspace (to learn more about our work)

Goals / Recommendation

Use GitFlow when starting a branching model with Git.
https://datasift.github.io/gitflow/IntroducingGitFlow.html

Recommendation details are documented here, with some extra parts for committing/merging code that will assist in using this branching model.
https://esdc-devcop.github.io/guides/source-control/working-with-git.html

Thoughts:

• Those that know branching models and modern development practices probably won't like GitFlow as it's too much maintenance.
• GitFlow is similar to current TFS branching model used in ESDC, creating an easier transition.

Plan:

• Focus on teaching, and demos
  • Why we need a branching model
  • Standard life-cycle deployment
  • Emergency release
  • Feature development
  • Reassurance of existing TFVC (TFS) standards
• Hands-on:
  • Set up branches
  • Configure settings
  • Walk though simplified change

https://esdc-devcop.github.io/tools.html

Problem

The expand/close feature on items listed on screen does work in Firefox but it is not possible to expand/close items in IE11 and Edge.

Expected Result

Same as in Firefox:

• Expand details on click
• Close details on click

Goals / Recommendation

Overview session

• Show how APIs are easy to create with REST
• Show how to push APIs to the store
• Show how to consume APIs from the store

In-depth session

• Show how to create complex systems of APIs

Community Expectations

Most have knowledge of APIs and maybe some with limited experience with them.

References

Need to confirm the streams and whole will be running the content for those streams.

Streams

• Micro-services - Interoperability
• CI/CD - DTS?
• Cloud - Cloud CoE?

Goals / Recommendation

Verify open source dependencies for vulnerabilities.

Community Expectations

References

• Snyk --> Snyk continuously monitors your application's dependencies
  and lets you quickly respond when new vulnerabilities are disclosed.

• OWASP Dependency Check --> Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

  Note: OSS is also referred by Gartner as Software Composition Analysis (SCA), not to be confused with Source Code Analysis (SCA) which refers to Static Application Security Testing (SAST).

Modify 'Recommended Tools' Page (https://esdc-devcop.github.io/tools.html)
File: tools

Remove all mentions of "Recommended Tools:" and "Alternative Tools:"

What is the reasoning behind the commit as often as you save guideline? I know we're also saying to always squash, but I'd personally still always have a meaningful commit message describing the change, and I'd want to run my tests and make sure the application still builds as well, before committing.

We should add links to the page for the DML, CSD, and any others like that.
We'll have to find a place for that.

https://www.gcpedia.gc.ca/wiki/ESDC_Development_Community_-_How_To

• DML
• CSD
• TFS 2015 Configuration (SADE)
• Designing for Test Automation (TCoE)
• ITAM
• IT Security Exceptions
• Request local admin