Decisions and principles

Folder section to write internal and external decisions and principles. Also other aspects in software development.

Decisions

Microservices and API-s

All external or third party API-s by default should be behind internal API.

Translations

Should be:
- used as one or in many formats (JSON, XML, JS, Java properties, YAML, ...), that can be requested for example with GET method
- added at compile time
- added, loaded or used at runtime (REST or other API), and probavly cached for runtime
- in DB
- versioned (versions can be 1:1 withh software version os independent)
- by application, module or API
- use camel case JS format as key ("someApplicationView.tooltip")
- with user UI

Developers

Preferred OS should be chosen for production machines, and developers should use that OS as a development machine.

IDE - same IDE without configuration changes for all developers

That means:

Instead:

IDE

Docker

Images should based on developers maschines.
    - transferrign knowhow into Dockerfile. No differences and different thinking from developer machines.

Organization should have its own Docker image hierarchy, consolitating security and knowhow in different hierarchy nodes by needs.

Linux

In priority order (higher to lower): Rocky, Fedora linux, CentOS, Debian

Follow FHS: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html

Follow LSB: https://refspecs.linuxfoundation.org/lsb.shtml

By setmy.info standards, all packages should be unpacked (if possible) directly under /opt folder.

Examples:

Other OS

In priority order (higher to lower): FreeBSD and OpenIndiana.

Containers

In priority order (higher to lower): Docker, Jail and Zone.
Tools: Docker registry, Kubernetes for Docker. Probably should change, becase of RedHat new tools. Need to analyze these.
    (RancherOS, Helm ?)

Front end

Back end

3 modules (Application, implementation (services), models (also interfaces, exceptions, VO, DTO-s))

Testing

Test farm has to be built.

Smart devices and PC:

Resolutions

DB

Layers responsibility

  1. Filters and exception handlers
  1. App/Controller/Resource/Scheduler
  1. API/Service
  1. DAO/Repository/API

Decided tools, components and libraries

OS

1.1 DOCUMENTATION MOVED

Containers

2.1 DOCUMENTATION MOVED

2.2 DOCUMENTATION MOVED

3 Shell

3.1 Bourne shell and use #!/bin/sh not #!/bin/bash. The First one is in base installation of CentOS, Fedora, BSD, Solaris, Debian (buntu), OpenIndiana etc.

3.2 Therefore a shell script should be not written in “bashism” (bash way), but as much as possible in POSIX shell way.

3.3 Prefer shell first and if not possible or simpler, then Python 3.x.

UI

4.1 because HTML has no rich standard set of components, then we need write components by our selves.

4.2 IE 11 is still in use, therefore, that should be covered too.

4.3 Prefer CSS tool over JS tools to get UI results.

4.4 because of http2 push method we use old style resources (css, js) loading. Possible to make (if it is not already done) tag library, that does push first for JSP or HTML loading.

4.5 Therefore and because of webpack we should support in JavaScript node packaging and

Logs

5.1 Logging should go to tailable file.

5.2 Logging should be with size limit; that means logs should be split after reaching the limit.

6 Build tools

6.1 For Java maven

6.2 Other build tools and helpers: cmake, ant, make (GNU?)

6.3 Webpack build tool for frontend tools.

6.4 Reporting building with maven using maven site, where site has integrated reports: JavaDoc (for main and test code), pitest, OWASP dependencies check, JaCoCo unit test coverage, style check, version notes, todo notes, findbugs.

JavaScript (JS)

7.1 Prefer ECMAScript 6 - “Pure JS”. Newer standards added a lot of other keywords and possibilities. Some of them make code reading harder!

7.2 Prefer Pure JS to TypeScript.

7.3 Prefer code without “prototype”. Just create an object and add properties.

7.4 Frontent JS

7.4.1 Use layered architecture: resources at bottom for data access and data fixing and normalization, service layer top on that for …

7.4.2 Prefer two-way data binding over event dispatch-catch.

Java

8.1. Prefer solutions to write code without interfaces. Interfaces are for frameworks or plugins, where N number of third parties should implement something.

8.2. Java fail length up to 512 lines and line length 110.

Clojure

Source Controll

9.1. GIT over Mercurial

Misc

  1. Hibernate
  2. DB: PostgreSQL, MongoDB, DGraph (?)
  3. MQ: RabbitMQ (should be used, when they hide problems? Replace it with Redis?), Mosquitto
  4. Spring, Spring boot andMicronaut, but using as much as possible standard way (javax.*).
  5. Semantic versioning: https://semver.org/
  6. Solution levels
  7. Only JWT check with symmetric keys. No session cancellation (JWT revoke). Fully stateless solutions. No central solutions cache for apps. Single node solutions. App backend as GW.
  8. DB JWT check with symmetric keys. DB-based session cancellation and expiration (JWT revoke). Single node solutions. App backend as GW. No central cache solutions for apps.
  9. DB JWT check with symmetric and asymmetric keys. DB-based session cancellation and expiration (JWT revoke). Multi node solutions. App backend as GW. No central cache solutions for apps.
  10. Central Cache and session storage. JWT and session revoke in cache systems. Multi node solutions. Multi HW servers only.
  11. Central Cache and session storage. JWT and session revoke in identity management systems. Multi node systems. Health checks. API GW (rate limiting, security, identity management, etc.). Multiple hardware (servers, network nodes, power supplies, UPS etc.) nodes. Storage systems.
  12. Prefer standard or well defined or stable tools over self making tools.
  13. Xfce is class desktop environment.

Application configuration

Overload (overwritten from top to down) order

Order
Defaults in code
File (.yaml overwrites .properties)
Environment variables
CLI

Variable naming convention

  Prefix
File
properties
yaml
smi.
smi:
Environment variables SMI_
CLI –smi- 
smi.xyz=abc,def,ghi

smi:
    xyz: abc,def,ghi

SMI_XYZ=abc,def,ghi

abx --smi-xyz=abc,def,ghi

Names after prefix:

Configuration option properties yaml Environment variables suffix CLI options suffix Notes
Profiles - - PROFILES -profiles  
Config paths - - CONFIG_PATHS -config-paths  
Optional application config files - - OPTIONAL_CONFIG_FILES -optional-config-files  
Application name - - NAME -name  

CI, Jenkins

Master should have stable and verified and re-releasable any moment code.

Merging means also software installation to some environment. Work merged to master means going automatically to live.

To develop merging is after successful code review by developer(s). Branch have to be merged fast, because most cases QA is bottleneck. If needed, release branch can be used for code freeze (for QA manual testing) - try to avoid and do in sprint/iteration testing and increase automatic testing.

To release and master merging is organizational (QA, developers, board, etc.) decision.

Branch Environment Branch name Artifacts published Tag Notes
feature - feature/xxxxxxxxxxxx - -  
develop dev, test develop snapshot software and snapshot reports - Can go only to dev env, skip test deploy.
release dev, test, prelive release/1.0.0 - - Can skip dev env. deploy.
master live master release software and release reports automatically created  

Stages

  1. Inspection verifies build environment requirements (OS, Java, node, npm versions, existence, …).
  2. Preparation prepares (installs) build environment settings, tool, software, components.
  3. Build builds main software and verifies code - test coverages, code inspections…
  4. Publish uploads artifacts (to file servers, storage, artifactory, …).
  5. Deploy installs (published) software on environment.

NB! We consider artifact re-creation from source as low level or too small risk. We don’t use same built artifacts for dev, test, prelive and live. We put more effort into inspection and build verification stages, to lover risk, that packages are created differently in different branches. In most cases we are using specific Java Docker images with concrete version and maven is used by wrapper (also concrete version). Same JDK and maven should produce same results. Possibility that it’s not so, is too small.

QA manual tests are executed on development branch.

Feature

feature

Develop

develop

Release

release

Master

master

Review

Cross-document inconsistency review. Each finding names the affected documents and the conflict.

R-01 — MQTT storage technology contradiction

Documents: adr-0028-mqtt-requirements.md (requirement 17), mqttDB.md

ADR-0028 requirement 17 requires raw incoming MQTT messages to be stored quickly in a schemaless DB. mqttDB.md defines a PostgreSQL relational design for the same pipeline stage. The storage model must be unified or separated by a dedicated ADR.

R-02 — mqttDB.md requirement list is an empty stub

Documents: mqttDB.md, index.md (reference)

mqttDB.md is indexed as a real decision document, but requirements 1–32 are only placeholders. It should either be completed or marked as DRAFT / placeholder.

R-03 — No Node.js backend vs Angular SSR

Documents: noNodeJSBackend.md, adr-0030-framework-agnostic-fe-development.md, angular.md

noNodeJSBackend.md prohibits Node.js in the backend, while Angular SSR in ADR-0030 and angular.md depends on a Node.js runtime. The boundary between prohibited backend usage and allowed SSR runtime is undefined and needs a clarifying decision.

R-04 — Pure JS preference contradicts an Angular TypeScript mandate

Documents: index.md (section 7.2), adr-0030-framework-agnostic-fe-development.md

index.md section 7.2 says to prefer pure JavaScript, but the chosen frontend stack is Angular, which requires TypeScript and is documented that way in ADR-0030. The JavaScript preference should be narrowed or updated.

R-05 — IE11 cross-browser requirement is outdated

Documents: index.md (Front end section and section 4.2), pwaFirst.md, constantUpgrade.md

index.md still lists IE11 as the minimum browser. That conflicts with modern Angular, PWA requirements, and constantUpgrade.md. Replace it with a current browser baseline.

R-06 — ADR-0030 has contradictory dual status

Documents: adr-0030-framework-agnostic-fe-development.md

ADR-0030 shows both Draft and Accepted in the status field. It should have exactly one status.

R-07 — ADR-0043 has duplicate section number 3

Documents: adr-0043-architecture-levels.md

ADR-0043 contains two sections numbered 3.. The second one should be renumbered to match the standard ADR structure.

R-08 — loginOnce SSO requirement impossible at Level 1

Documents: loginOnce.md, adr-0043-architecture-levels.md

loginOnce.md requires SSO across environments, but ADR-0043 says Level 1 has no IAM (Keycloak). Either Level 1 needs an SSO alternative or loginOnce.md must explicitly apply only from a higher architecture level.

R-09 — fileStructure.md overlaps with ADR-0032 and ADR-0033

Documents: fileStructure.md, adr-0032-smi-fhs.md, adr-0033-gintra-group-intranet-directory-structure.md

fileStructure.md overlaps with ADR-0032 and ADR-0033 on filesystem and gintra path rules. The ADRs should be treated as canonical, and fileStructure.md should either reference them or be retired.

R-10 — Branching strategy is unresolved

Documents: branching.md, index.md (CI section), noRewriteBranch.md

index.md describes a full git-flow model, while branching.md presents multiple alternatives and an unresolved branch rename transition. A follow-up ADR should close this branching decision.

R-11 — React allowed or not: no decision exists

Documents: noVueJSInbigApplications.md, adr-0030-framework-agnostic-fe-development.md, index.md

noVueJSInbigApplications.md restricts VueJS, ADR-0030 mentions React and Vite as migration targets, and index.md lists only Angular. React is neither clearly allowed nor clearly prohibited, so an explicit decision is needed.

Other

  1. ADR-0029 Versioning
  2. ADR-0030 Framework-Agnostic Frontend Development with Thin UI
  3. ADR-0031 Top level testing groups
  4. ADR-0032 SMI FHS
  5. ADR-0033 Gintra as group intranet directory structure under setmy.info
  6. ADR-0034 ZFS organization dataset layout for gintra
  7. ADR-0035 NFS export per organization dataset path
  8. ADR-0036 Logical gintra path mapped to physical storage mount
  9. ADR-0037 Gintra top-level typed subtrees
  10. ADR-0038 AWS S3 bucket and key naming derived from gintra
  11. ADR-0039 JWT claims for person and organization context
  12. ADR-0040 MQTT topic name conventions
  13. ADR-0041 Environment name conventions
  14. ADR-0042 Runtime and build-time profile name conventions
  15. ADR-0043 Architecture levels 1-5
  16. Arch as code
  17. No addons, extensions, plugins into git
  18. Branching
  19. CI Jenkins
  20. C++
  21. Constant upgrades
  22. Cucmber tests principles
  23. Default CSV format
  24. Developer first
  25. File structure
  26. IM (Instant messaging)
  27. JPA entities
  28. Login once
  29. MacOS design principles
  30. Maven
  31. MQTT PostgreSQL DB incoming messages requirements
  32. ADR-0028 MQTT Requirements
  33. No binaries in VCS
  34. No Chrome browser as main requirements source
  35. No Node in back-end
  36. No release by VCS tag
  37. No rewrite branch
  38. No secrets in main VCS
  39. No VueJS In Big apps
  40. PWA first
  41. PWA vs. Native vs. Desktop Comparison
  42. CapacitorJS
  43. npm
  44. Android
  45. iOS
  46. F-Droid
  47. GitHub CI Tips
  48. Self managed repos
  49. Should have VCS hash
  50. Time aspect importance in software development
  51. UI requirements