Checklist for new project
Last updated
Was this helpful?
Last updated
Was this helpful?
Language to use
java, c-sharp
Features of language
Does it allow me to meet the technical needs the application should provide
embedded systems - c/c++
Low memory and fast - c/c++
Machine learning - python
enterprise/middleware - java/c#
etc
Maturity
Stability
Backwards compatibility
Community
Cross platform
Drivers for hardware or databases
libraries
Specific for usecase of application ie machine learning
Stable and Maintained
Huge choice
Secruity and language patches
memory management - manual or automated
memory statistics - jmx, jprofile
Modularity
Concurrency
Knowledge of workers, access to workers
Can host on equipment
Not an issue with docker
bash, python
make, ansible
Monolithic
Might not support a flexible release cycle but doesn’t need potentially fragile distributed communication.
Whole funcitionality can be released at once
(micro)- services
Flexible, only need to deploy ones that changes
Smaller, and thus less code to maintain
distrubited so communication and infrastructure maintainance an issue
Style, organisation
Clean, mvc, domain driven design, framwork??
Event driven (async) or synchronous??
Modularising and package structure??
Java9? OGCD? Static analysis tools
12 factor app
Logic or domain concerns
Logging
Use SLF4J with either Logback or Log4J2 underneath.
How to manage logs
files and or console output
length of rentention
searchable
Format and levels (info/error/warn/debug)
Which information should be logged when?
Exception handling
Should app go down?
Application Server
WAR that works on a separate server like tomcat/wildfly
monolith
Embedded server (jetty/spring), the application starts up this server and runs access to the app
microservices
Docker
Job Execution
What services are needed to be excuted at a regular interval or time
ie leaning up a database or batch-importing third-party data
quartz for more features
spring for basic jobs
Database Refactoring
how to update the structure of your relational database between two versions of your software
migrations
zero down time migrations
In small projects, manual execution of SQL scripts may be acceptable,
in medium-to-large projects you may want to use a database refactoring framework like Flyway or Liquibase
Integrations with internal applications
Do we need an adaptor?
API Technology
How will it communicate with other services
third party apis
is there a choice? What documentation? Can it be changed on their end?
Internal services
types of communications
http rest, Soap, jms, rpc, files/ftp
Contract testing
pacts
Messeging and queues (Asynchronous communcations)
streaming data - kafka
message brokers - amq
API Documentation
The internal and external APIs you create must be documented in some form
Measuring Metrics
Are there any metrics like thoughput that should be measured while the application is running?
Dropwizard
Prometheus Java Client.
Use Grafana to hava dashboards of graphics
Custom metrics, related to application
Monitoring
metrics
status pages
application readiness
tracing
Environment configuration
dynamic or static properties
Secrets
puppet
Authentication
How will users of the application prove that they are who they claim to be? Will users be asked to provide username and password or are there additional credentials to check?
With a client-side single page app, you need to issue some kind of token like in OAuth or JWT, OpenID
In other web apps, a session id cookie may be enough.
Use of tls or mutual tls, checking certificates that are signed by trusted
Basic Auth
Authorization
how will the application check what the user is allowed to do and what is prohibited?
On the server side, Spring Security is a framework that supports implementation of different authorization mechanisms.
Database Technology
Does the application need a structured, schema-based database?
Use a relational database.
Is it storing document-based structures?
Use MongoDB.
Key-Value Pairs?
Redis.
Graphs?
Neo4J.
Who manages this?
Are we stuck on a specific technology
Data
Migrations during deployment
retention policy (how long to hold onto)
Secruity
GDPR
Secruity
What to encrypt when writing
What to return
ie Not customer details but a token
Who has access? What are they authorised to do?
Reporting and dataware house
what needs to be stored for long term use?
Does there need to be a transfer of data to another tech for other teams to use? Or just expose read only views?
Audits
Communication with third parties
What to audit?
Where to store?
What available libraries/frameworks that we can use?
Open source? Version?
Passed secruity check?
Do we create our own custom libraries?
How to make sure frameworks/libraries are not taking over the app
What can be part of the whole app or business logic
Persistence Layer
When using a relational database, Hibernate is the de-facto default technology to map your objects into the database.
there are alternative database-accessing technologies like iBatis and jOOQ
Spring Data JPA also supports many NoSQL databases like Neo4J or MongoDB.
Can use custom access, jdbctemplate or pure jdbc with sql
Use sql or orm?
Caching
Cache replacement policies (https://en.wikipedia.org/wiki/Cache_replacement_policies) ??
Testing pyramid
Full end to end integration tests
Acceptance Tests
in memory db or test db on container
stubbed out apis or brokers
wiremock, trafficparrot
Unit tests
social tests (start from use case)
using fakes (which are tested)
individual tests
using mocks
Performance tests
SLAs
Stress tests
Contract testing
use this instead of full integration tests
Smoke tests
automated
For deployments into new environments, different clusters
Production tests
Environments for testing
What dependencies are stubbed by us
What dependnecies have a test version that can be used
how to setup data, get resources
Local manual testing
docker
Documentation from tests
Yatspec, cucumber
What tests to document
Test coverage
static style - Pitesting
line coverage - jacoco
app integration tests
Tools
Junit, mockito, assertj, hamcrest
selenium
Component testing
dockerised app
Use of stub app to prime api calls
Manual testing in different environments
provide ways to prime for different test cases (ie gui)
code primings
Continuous Delivery
Are there automatic tasks that deploy your application to a development, staging or production environment?
How will these tasks be executed?
Will scripts or configuration files be manually created or automated using minimum info the app needs to run
Manual gates
A break to ensure the deploying to an environment is though out and everything is ready to go
Quality gates
fails on status page or smoke tests
Release process
during day or night
who needs to be available
Expectations
Location
Equipment
Access to servers/db for fixing bugs
Rollback strategy
Testing strategy
Servers
Docker is a popular choice for virtualization nowadays.
Management of servers and applications
Will this be done manually by SAs ?
Will be done using kubernetes ?
Will it be on the cloud?
Service Registry
When building a (Micro-)Service Architecture, you may need a central registry for your services so that they find each other
Service mesh
istio, consul
Database Operations
What are the requirements towards the database?
Does it need to support hot failover and / or load balancing between database instance?
Does it need online backup?
What is the deletion process?
Central Log Server
Especially in a distributed architecture with many deployment units, but also in a monolithic application (which also should have at least two instances running), a central log server may make bug hunting easier.
The Elastic Stack (Elastic Search, Logstash, Kibana) is popular
Monitoring
How is the health of the server instances monitored and alarmed (Icinga may be a fitting tool)?
Who will be alarmed?
Should there be a central dashboard where all kinds of metrics like thoughput etc. are measured (Prometheus + Grafana may be the tools of choice).
How will be supporting the releases? Timetabling?
Load Balancing
How will the load on the application be balanced between multiple instances of the software?
Is there a hardware load balancer?
Does it have to support sticky sessions?
Does the app need a reverse proxy that routes requests to different deployment units of the application (you may want to use Zuul)?
Nginix
Proxies
Network Infrastructure
How is the network setup?
Are there any communication obstacles between different parts of the application or between the application and third party applications?
Secrets
Vault
Certificates
server
client
Automating environments
Terraform
Expiry dates
certifactes, licenses, secrets
When do they occur? Is there a reminder/monitor - alerting system, emails etc?
Gitops
state of deployments stored in git
flux
IDE
What’s the policy on using IDE’s? licence costs
Is each developer allowed to use his/her IDE of choice?
Making a specific IDE mandatory may reduce costs for providing several parallel solutions while letting each developer use his favorite IDE may reduce training costs.
plugins
custom made, free, paid
legal usage
Mastery, shorcuts
e.g. Intellij, eclipse
Build Tool
Which tool will do the building?
Both Maven and Gradle are popular choices
Old school is Ant
Or do manual using make files and bash scripts
Version Control
Where will the source code be hosted?
Gitlabs (internal) or github (external)
Secruity
access to view and upload/push
secrets hidden/encrypted
Git is quickly becoming the de-facto standard, but Subversion has a better learning curve.
What needs to checked in?
Passwords or sensitve data (encrypted or reference local env variables)
README.md
Standardised for devs to run, test and understand code to be productive
Coding Conventions
How are classes and variables named?
Is code and javadoc in english or any other language?
choose an existing code formatter and a Checkstyle rule set and include it as a build breaker into the build process
Findbugs, PMD for build static analysis tools
Sonarcube for hosted analysis tools
Code Quality
How will you measure code quality?
Are the coding conventions enough or will you run additional metrics on the code?
How will those metrics be made visible?
You may want to setup a central code quality server like SonarQube for all to access.
Application fitness
Does it meet the goals of key engineering principles
Evolutionary architecture by Ford
Tests that check fetures, fitness tests
service-level agreement (SLA
operational-level agreement (OLA)
Pairing or/and Code reviews
Will you perform code reviews during development?
How will thos code reviews be supported by software?
github, reviewboard, pairing
When will they be performed?
How will they be done?
conventions set
Metrics used
Is there a precheck before review is done
branch build - runs build, static analysis tests
Pair programming
When will this be done?
How long for?
Monitoring equal pairing
Switching up?
Styles?
Equipment?
one box two computers Or laptops
Monitors
keyboards & mice
desks
chairs
Remote pairing
software? licenses?
Trunk or feature/branch based development
use of feature toggles for trunk based
How/when to merge?
CI setup, so master in good state
build monitor to inform about issues with failng builds
Architecture so different stories in play wont affect all or minmal amount of same code being changed
Continuous Integration
How will the build process be executed on a regular basis?
There are cloud providers like CircleCI or Travis or you may install a local Jenkins server, teamcity or GoCD.
Infrastructure as code for settings for builds
Build Monitors
A screen which displays any failing builds from CI (red builds)
Any metrics from Production
Calendars/events or reminders
Equipment - monitor and box (pc/raspberry pi)
location - visable
CI and CD separated/continous
binary from CI is not the same as deployed version
Each CI build has continous build to deployment
Documentation
Which parts of the application should be documented how?
What information should be documented in a wiki like Confluence?
what should be put into Word documents?
If there is a chance, use a markup format like Markdown ord AsciiDoc instead of Word.
Tests as documents ie acceptance tests
Yatspec, cucumber etc
Format, wording, diagrams, location, searchable
Licensing
Stories
Use of jira to track and document stories
Breaking down when too long?
How to handle TODOs in code?
Printing
Agile
kanban or scrum
Physical dashboard
linked to computer board (jira/trello)
retros
planning sessions
stand ups
Communication
Location
colocated
remote
how to communicate
Meeting rooms
Accessories
whiteboards (large/small)
post its
notepads
secure
chat/messaging
secure
OWASP
Code security
who can access, who can change
Deployment security
who can deploy? who can access the pod?
Data security
network security
Secrets
Authentication and authorisation
vault
Sensitive data
certificates
secure communications
monitoring access
who? what did they do? when?
Frontend Technology
Is the application required to be hosted centrally as a web application or should it be a fat client?
If a web application, will it be a client-side single page app (use Angular) or static web page
if a server-side web framework (I would propose using Apache Wicket or Thymeleaf / Spring MVC over frameworks like JSF or Vaadin, unless you have a very good reason).
If a fat client, are the requirements in favor of a Swing or JavaFX-based client or something completely different like Electron?
Client-side Database
Do the clients need to store data?
In a web application you can use Local Storage and IndexedDB.
In a fat client you can use some small-footprint database like Derby.
Peripheral Devices
Do the clients need access to some kind of peripheral devices like card readers, authentication dongles or any hardware that does external measurements of some sort?
In a fat client you may access those devices directly, in a web application you may have to provide a small client app which accesses the devices and makes their data available via a http server on localhost which can be integrated into the web app within the browser.
Design Framework
How will the client app be layouted and designed?
In a HTML-based client, you may want to use a framework like Bootstrap.
For fat clients, the available technologies may differ drastically.
Measuring Metrics
Are there any events (errors, client version,etc) that the client should report to a central server?
How will those events be communicated to the server?
Offline Mode
Are the clients required to work offline?
Which use cases should be available offline and which not?
How will client side data be synchronized with the server once the client is online?
CDNs
Faster access to resources ie images, music, html etc
Libraries
Secure
Maintained with good support
Use open source
Develop internal libraries
http://adriangrigoras.com/blog/architecture-review-checklist/