NIH | National Cancer Institute | NCI Wiki  

Date

Attendees


Michael is VP of software dev and is solutions architect for PDC.

Goals

  • Learn more about the day-to-day workings of the PDC project.

Discussion items

TimeItemWhoNotes

Day-to-Day WorkingsMichael
  • PDC Development Approach
    • Scrum - two week sprints
    • Dev/Staging (TEST)/Production tiers
    • PM - Rajesh
    • Tech Lead - Michael
    • Scrum Master - Christina Nguyen
    • SMEs - Paul Rudnick, Mike MacCoss, Nathan Edwards
  • PDC Data portal - primary users, public APIs
  • PDC Workspace - submission portal
  • API to GDC and Cloud Resources
  • Tech stack: Angular JS, GraphQL, Amazon Aurora RDS - mySQL, Hosted in Amazon, Auth-Shiboleth, Google OAuth, Gen3 Fence API
  • DevOps - GitHub, Jenkins
  • Business Tools - Jira, Confluence, Slack, G-Suite



Agile sprints-

Tickets go into backlog

Backlog groomed regularly by Raj/Michael

Backlog contains enough work for several sprints

Most sprints are 2 weeks (some are longer due to holidays) or shorter due to emergencies

Tasks moved from backlog into sprint and scored with story points (Fibonacci) - complexity points

Typical sprint is 100-110 story points.




Tracking-

JIRA dashboard

Scrums on M/W/F

Slack channel to resolve issues and ask questions




Code Reviews - 

All code is reviewed and assigned to a pier for review.  Crucible for code review. Code review checklist in JIRA.  Commit is tagged in JIRA and includes code review.




Peer Testing - 

All development tasks need defined test cases.  Each test case should have expected result, pier tests and actual results are documented (cycle).  REGRESSION TESTING - manual, throughout the sprint (might take a couple of weeks to do full regression testing).




Review and Retrospective - 

Can include demos.  Discuss any uncompleted tasks and why.  Roses/Buds/Thorns.




Github - 

Source code version control.  Private repository.  Public repository updated with each production release.




CI/CD - 

Jenkins - merge branches deploy to dev environment.  Stage and Production can be deployed from Jenkins using a tag.  Deployed to stage at end of every sprint.  Production deployments less often.  All tiers are independent Virtual Private Clouds.  Management VPC holds logging/scanning and access deployment tiers through VPC pier.

Production environment is endpoint for ATO.




System testing - testing is testing previous sprint (first ticket in Sprint 65 will be to deploy Sprint 64 to Stage for testing).  Automated testing using Catalan (on top of Selenium) - has gone by the wayside as it become more complex - not up to date.



Confluence Wiki for Documentation - 

Document artifacts access controlled and retained for at least 3 years.  Restricted to project personnel.




Continuous Monitoring Strategy and Plan

Weekly monitoring in every sprint (logins, configuration changes, alerts and errors, privileges, account creation/modification/deletion).  Monthly monitoring (patching, system access accounts, access keys, scan GitHub for security, review usage), Quarterly (Review Plan of Action and Milestones (POA&M) and update as needed) and Annual (training completed, review policies and procedures).





Meeting recording:

PDC_Kickoff_Day-to-Day_20200504.mp4

Slides:

Action items

  •