Best Practices, Technology, and Tooling

CSC491, University of Toronto


What are best practices?

commercial or professional procedures that are accepted or prescribed as being correct or most effective.


What are best practices?

There are so many opinions on this topic that none of them are right. This lecture will cover some pro-tips on how to naviate this field


High Level Agenda

1) We will not go in depth on any topic as there are many many options and that would not be feasible 2) I intend to introduce you to the concepts and provide some examples 3) You should leave here understanding a breadth of options and understand new concepts 4) I will help you evaluate and pick options if required for your projects 5) I can answer questions based on my own experiences and opinions, but remember these are not the “correct” solution


High Level Agenda


High Level Agenda


Preface

Each of the following topics evolve with your company. What you need now does not match what you need in the future. This is a constantly changing area.

If you’re lucky, you’ll end up with a full department dedicated to these areas


Languages


How to pick a Programming Language

1) What are they good at? Web? System? FED? OS? 2) Is the community and the community tooling good? 3) Can you hire for it? aka is it a top language


Top Languages

GitHub Report showing top languages over time:

legend:GitHub Report showing top 10 lanugages over time height:500


Fastest Growing Languages

GitHub Report showing fastest growing languages:

legend:GitHub Report showing fastest growing languages height:500


Languages


Testing

Different Types of Tests

This list is not exhaustive.

Functional testing : Unit Tests

A test written on a module of code or software component. Tests that inputs gives expected outputs.

def add(a, b)
  a + b
end

def test_add
  assert_equal 5, add(2, 3)
end

Testing

Functional testing : Integration Tests

Test the integration of multiple components to ensure they work correctly (e.g. calling API goes to controller and renders properly)

class MyController
  def index
    render json: Person.all.to_h
  end
end

def test_index
  get "/my_controller.json"
  assert_response :success
  assert_equal [{ name: "Jane Doe" }], JSON.parse(response.body)
end

Testing

Functional testing : Smoke or Acceptance Tests

Manual validation of a product or software by humans. Sometimes performed by dedicated “testers”


Testing

Functional testing : UI, Screenshot, Visual Regression Tests

The use of automated image diffing software to determine if an image changed. Usually used by generating a screenshot of your rendered software.

legend:Visual Regression test showing a change in the UI. Borrowed from https://learn.visualregressiontesting.com height:400px


Testing

Functional testing : Regression Tests

Can refer to a full scale manual smoke test of an app, or an automated test targeting a specific bug

def test_person_name
  assert_equal "Jane Doe", @person.name
  # There was a bug that wouldnt correctly render accented latin characters
  assert_equal "Sébastien Trudeau", @french_person.name

  # There was a bug that wouldnt correctly render Chinese characters
  assert_equal "孫載之", @chinese_person.name
end

Testing

Functional testing : System Tests

Automated testing of the system as a whole. Tend to be slow, but especially useful for critical code paths like sign in

def test_sign_in_flow
  # Server is started automatically
  go_to "/sign_in"

  click "Email"
  type "jack@example.com"

  click "Password"
  type "123456a!"

  click "Sign in"

  assert_text "Welcome jack@example.com"
end

Testing

Non-Functional testing : Performance Tests

Testing of the systems performance. Can use dumps of the garbage collection, current system state, determine how long something takes

def test_an_expensive_method
  t = Time.now
  do_an_expensive_thing
  delta = Time.now - t
  assert delta < 10 # 10 seconds
end

Testing

Non-Functional testing : Load Tests

Test how much load a system can take on various paths. E.g. can I send 1 million requests per minute? per second? to

legend:UI of Locust.io an OSS load testing framework. Borrowed from https://locust.io/ height:400px


Testing

Non-Functional testing : Security Tests

The use of pentesting, hacking, semantic analysis and other methods to determine if unauthorized access can be gained into a system. This can be XSS, SQL Injection, Memory Buffer Leaks, and more.


Testing

Code Coverage

measure used to describe the degree to which the source code of a program is executed when a particular test suite runs

Aka when I run my tests, what percentage of lines of code in my app are hit?


Testing

Code Coverage

What percent coverage should you aim for?


Linting

lint, or a linter, is a tool that analyzes source code to flag programming errors, bugs, stylistic errors, and suspicious constructs.

~/src/github.com/dcsil/team-app(master) ➜ rubocop
Inspecting 61 files
...........C.C................C..................CC.CCC...WC.

Offenses:

app/models/student.rb:24:42: C: Layout/ExtraSpacing: Unnecessary spacing detected.
  attr_accessor :skip_password_validation  # virtual attribute to skip password validation while saving
                                         ^

Linting


Linting

Can also help a developer do the “right” thing!

Linting can ensure proper use of methods in OSS repos, for example.


Semantic Analysis

Semantic analysis or context sensitive analysis is a process in compiler construction, usually after parsing, to gather necessary semantic information from the source code.

Includes such things as type checking too.


Semantic Analysis

legend:Example of Semmle, a semantic analysis tool, in action height:400px


Continuous Integration (CI)

Overview of how it works

When code is pushed to a remote repository, a system picks up the changes, clones them, runs the test suite, and reports the result to the code.


Continuous Integration (CI)

Parts of a CI System

The basic parts of a CI system are:

  1. Event System
    • Receives events from some remote source indicating a code change
  2. Scheduling system
    • Schedules the job to be run
  3. Coordinator
    • Coordinates workers to run a job. Sometimes will check out the code and create a cached setup for the workers.

Continuous Integration (CI)

Parts of a CI System

  1. Workers
    • Checks out the code if not done in (3) and sets it up. Runs the test suite (or part of it)
  2. Reporter
    • Aggregates any results and reports back to the source of the code change

Continuous Integration (CI)

Parts of a CI System

* test flakiness occurs when a test, that should pass, fails some of the time for unrelated reasons. This could be due to performance issues of the system, time based issues, or something else unknown.


Continuous Integration (CI)

Setup time


Continuous Integration (CI)

Setup time


Continuous Deployment (CD)


Continuous Deployment (CD)

legend:Shipit, a Shopify application, that is used to coordinate deploys


Continuous Deployment (CD)

legend:Shipit, a Shopify application, that is used to coordinate deploys height:400


Databases


Databases


Caching


Local Developer Environments


Local Developer Environments


Local Developer Environments


Local Developer Experience


Resources