chaynhq / ysm-backend Goto Github PK

Overview

We need to create PR templates to guide contributors through submitting pull requests on YSM.
Additionally this helps fulfill Community Standards for this repo.

Action Items

• Research project-specific requirements before opening a PR on YSM.
• Create pull request templates.

Resources

• Official GitHub Docs - Creating a pull request template for your repository
• Example PR templates

Overview

We need to create a CONTRIBUTING.md file to guide developers contributing to YSM.
Additionally this helps fulfill Community Standards for this repo.

Action Items

• Check out resources below as a guide.
• Contribute to YSM to learn project-specific requirements.
• Draft CONTRIBUTING.md and open a PR.

Resources

• Official GitHub contributing guidelines guide
• Example CONTRIBUTING.md file by GitHub
• Example CONTRIBUTING.md file by Ruby for Good

Overview

Currently, contributors on YSM cannot obtain a Storyblok token without reaching out to maintainers. We can bypass this by creating a non-production public access token for Storyblok, which can be revoked at any time. This is the only required environment variable that isn't accessible for contributors to create on their own because Storyblok contains the content needed for an accurate view of the front-end.

Note: We have already done this for Bloom: chaynHQ/bloom-frontend#611 (comment)

Action Items

• Gather non-production public access token (with 'draft access') from Chayn dev who has access to Storyblok's dashboard.
• Share this token in the Tech Volunteer Guide in Notion, because this token is subject to change and it's easier to change in docs than on GitHub.
• Link to Tech Volunteer Guide in the README.md

Resources

• StoryBlok Docs: Content Delivery API V2 Reference

Background
Github actions will no longer support node 12 soon. We are trying to upgrade all our applications to node 16 or higher.

Task

upgrade node 16 to a higher a version as possible without affecting other packages. This might not be possible. There might be some packages that aren't compatible with node 16+ so you will need to upgrade them too.
check all the happy paths work

Overview

We need to clean up this repo's pull requests, specifically the PRs opened by Dependabot & Snyk, because many are outdated and contain high severity dependency alerts.

Action Items

• Manually resolve PRs opened by Snyk. Snyk no longer has access to Chayn's repos because we use Dependabot now, since Snyk won't be able to interact with these PRs any further, we will need to make these changes manually.
• Resolve dependabot alerts. Approve their workflow runs and resolve any merge conflicts. Locally test these changes. If they pass all tests, merge these PRs. If the tests don't pass, keep the PR open for future reference. If there are repeat PRs for the same dependency, try to merge the highest version possible and close the rest.
• Open new issues and triage with staff software engineers for dependency upgrades that result in test failures.
• Resolve dependabot alerts.

Note: there is a workflow from Snyk called security/snyk (chaynteam) that is required for merging, please bypass this requirement as Snyk has been removed from this repo and can no longer access it.

Resources

Overview

We need to audit our software tests as we upgrade dependencies to identify and fix potential new bugs, ensure compatibility with newer dependencies, and note of any improvements we can make for contributors (such as documentation). This is not a comprehensive "audit" on testing performance. Additionally, if specific environment variables for testing are required, we need to determine which can/should be public or private for Chayn volunteers only.

Action Items

• Gather environment variables for testing.
• Set up and run local testing.
• Identify warnings & errors, save for future reference.
• Upgrade outdated dependencies if they haven't been already.
• Run the tests. Note of any issues, warnings, errors, or needed improvements as these will be made into issues later.

Resources

Overview

Add a CODE_OF_CONDUCT.md file for contributors to abide by when contributing to YSM.
Additionally this helps fulfill Community Standards for this repo.

Action Items

• Use GitHub's click-through process for maintainers to easily add universal CoC templates to their repos.
• Edit to align with Chayn's values if necessary.

Resources

• Official GitHub Docs - Adding a code of conduct to your project

Overview

We need to remove the security/snyk (chaynteam) workflow that is required in YSM's pull requests because we switched to Dependabot and Snyk no longer has access to Chayn's GitHub. This will involve some research as I am not sure where the workflow is coming from -- strangely I cannot find it in our workflow code or in the GitHub Actions settings. Snyk has been disabled as an authorized GitHub app in both organizational and repo GitHub settings, and pull requests made after have still required the workflow run.

Action Items

Here are some starting points for disabling this workflow...

• Check if GitHub Action cache needs refreshed.
• Check settings in the internal Snyk dashboard which initiated this workflow.

Solution: It's just a branch protection rule, easily removed in settings.

Resources

GitHub Docs: Managing Caches

Overview

We need to upgrade our node version to 16+ because GitHub actions will no longer support lower versions.

Action Items

• Upgrade node to 16+ or highest version as possible without affecting other packages in package.json
• Upgrade node to 16+ or highest version as possible without affecting other packages in the Dockerfile
• Ensure all other dependencies are compatible with node 16+, upgrade them if necessary.
• Test by checking if happy paths work.
• Ensure the node version in any GitHub workflows is updated.

Note: This upgrade may require more steps than listed here. We will update this issue accordingly.

Resources

• YSM Happy paths guide to YSM
• Nodejs Releases
• How to Update Node Locally