Releases: s-group-dev/development-guidelines
Releases · s-group-dev/development-guidelines
3.0.0
Added
Mobile Guidelines
- Codebase → Version Control → SHOULD use fast-forward merges only from feature branch to main branch
- Codebase → Version Control → SHOULD implement bug fixes to feature branch and cherry picked them to main and potential release branch
- Codebase → Version Control → RECOMMENDED to squash feature branches before merging to main branch
- Codebase → Version Control → MUST preserve release tags forever
- Release Management → MUST use semantic versioning for releases (tags)
- Environments → Data → SHOULD preserve all release artefacts forever
Changed
Development Guidelines
- Codebase → Version Control
[- → Branching-]→ MUST fork feature (and release) branches from main branch - Codebase → Version Control
[- → Branching-]→ SHOULD protect default branch from pushes
Removed
Development Guidelines
- Codebase → Version Control → Branching → Mobile Development → SHOULD use fast-forward merges only from feature branch to main branch
- Codebase → Version Control → Branching → Mobile Development → SHOULD implement bug fixes to feature branch and cherry picked them to main and potential release branch
- Codebase → Version Control → Branching → Mobile Development → RECOMMENDED to squash feature branches before merging to main branch
- Codebase → Version Control → Branching → Mobile Development → MUST preserve release tags forever
- Release Management → Mobile Development → MUST use semantic versioning for releases (tags)
- Environments → Data → Mobile Development → SHOULD preserve all release artefacts forever
2.4.0
Added
Development Guidelines
- Architecture → Security → SHOULD conduct threat modelling when the security model of the software changes
Changed
Development Guidelines
- Architecture → Security → MUST run automated vulnerability for code
{+and fix or mitigate the findings+} - Architecture → Security → MUST restrict
{+unnecessary+}access to[-development-]environments{+and endpoints+}from the open internet
2.3.1
Changed
Development Guidelines
- Quality Assurance → Automation → RECOMMENDED to run tests for all code changes as part of CI/CD pipeline {+as part of CI/CD pipeline+}
2.3.0
Added
Development Guidelines
- Operations → Monitoring → SHOULD provide uptime metric(s) for a service
- Quality Assurance → SHOULD have documented test strategy
- Quality Assurance → MUST have strategy for test automation and automatic tests designed based on it
- Quality Assurance → Automation → SHOULD develop, use and share common solutions (at least) internally for test automation
- Quality Assurance → Automation → RECOMMENDED to consider existing solutions before looking for a new one
2.2.0
Added
Development Guidelines
- Architecture → Compliance → MUST document the application architecture, personal data flows and needed security measures to ensure compliance with business, privacy and information security requirements
- Architecture → Compliance MUST be able to erase (or anonymize) all (or partial) personal data on expiration or when requested by data subject
- Architecture → MUST make your technology choices visible in SOK's Tech Radar
2.1.0
Added
Development Guidelines
- Architecture → Compliance → MUST ensure that company policy regarding cookie classification and consents are followed (if applicable)
- Architecture → Compliance → MUST document all personal data used in testing and development, backups and log data
- Architecture → Compliance → MUST have required monitoring functionalities concerning usage of personal data based on data classification
- Architecture → Compliance → MUST ensure that only necessary personal data will be collected and/or processed
- Architecture → Compliance → MUST implement functionality for defining retention times for all personal data
2.0.1
Changed
Development Guidelines
Start using main as a base for development.
- Codebase → Version Control → MUST use
[-master-]{+main+}branch as a base for development - Codebase → Version Control → Branching → MUST fork feature (and release) branches from
[-master-]{+main+}branch - Codebase → Version Control → Branching → Mobile Development → SHOULD use fast-forward merges only from feature branch to
[-master-]{+main+}branch - Codebase → Version Control → Branching → Mobile Development SHOULD implement bug fixes to feature branch and cherry picked them to
[-master-]{+main+}and potential release branch - Codebase → Version Control → Branching → Mobile Development RECOMMENDED to squash feature branches before merging to
[-master-]{+main+}branch - Release Management → SHOULD release to production from
[-branch that's used for base of development-]{+main (trunk)+}
2.0.0
Added
Development Guidelines
- Codebase → Architecture → MUST follow common API Guidelines
API Guidelines
- Principles → RECOMMENDED to read Zalando RESTful API and Event Guidelines as a base and use as a reference
- Principles → SHOULD implement versioning
- Principles → MUST have versioning strategy decided prior the first release
- Principles → RECOMMENDED not use URL versioning
- Principles → RECOMMENDED to use HTTP Headers to carry version information
- Principles → RECOMMENDED have version information also in response headers
- Principles → MUST not break backward compatibility once the version has been released
1.9.0
Added
- Architecture → Infrastructure → MUST encrypt data at rest in cloud
- Architecture → Infrastructure → MUST rotate encryption keys every 365 days (that are used for data at rest) in cloud
- Architecture → Infrastructure → MUST have billing alerts in cloud
- Architecture → Infrastructure → SHOULD have infrastructure as code
- Architecture → Infrastructure → MUST have repeatable infrastructure
- Architecture → Security → MUST restrict access to development environments from the open internet