diff --git a/csp-tech-radar.csv b/csp-tech-radar.csv index 538d433..4f15835 100644 --- a/csp-tech-radar.csv +++ b/csp-tech-radar.csv @@ -1,14 +1,4 @@ name,ring,quadrant,isNew,description -ELK Stack,adopt,tools,TRUE,"Supporting and developing distributed systems requires the ability to debug events that occur across many systems. Having the logs emitted from each system centralised in a single store that is easily searched is vital for this. The ELK (Elasticsearch, Logstash and Kibana) Stack is a mature open source platform for this task." -CodeScene,adopt,tools,TRUE,"CodeScene identifies patterns in the evolution of your code. This gives you the power to predict its future and find areas that are hard to evolve and prone to defects (i.e. areas of ""tech debt""). This tool has been successfully trialled by many teams over the last few years and its recent v4 upgrade has made it even easier to use. For more information about onboarding, please read this wiki page." -Prometheus and Grafana,adopt,tools,TRUE,"For monitoring and altering of the health of applications in production, the ability to collect and store time series data is important. Prometheus and Grafana provide a set of mature tools to achieve this." -OpenAPI,adopt,tools,TRUE,"OpenAPI is now the leading standard for creating specifications for RESTful API and describing JSON messages. Our department's CSC Interface Specifications initiative is making a big push to get all our interfaces properly documented using OpenAPI. For more information about how to use OpenAPI and the tooling supporting it, please visit the CSC Interface Specifications initiative wiki page." -Gatling,adopt,tools,TRUE,"Gatling is a tool used to perform load and performance non-functional testing against software components. It officially supports HTTP, WebSocket, Server-Sent-Events and JMS interfaces. It fits well in development pipelines and has rich reporting allowing for continuous monitoring of metrics. To ensure performance, tests are written in Scala and a custom DSL.
Gatling is already used extensively across our teams to perform non-functional tests and monitor NFRs as part of their CI/CD pipelines." -Wiremock,adopt,tools,TRUE,"Wiremock is a tool widely used in CSP to mock/stub external webservices as part of the Microservice testing strategy. Using wiremock you can isolate your microservice from it's external dependencies, allowing you to achieve Component-level testing. Deployment of Wiremock is flexible - it can be run within your Java application, JUnit test or as a standalone process." -Pact Foundation,trial,tools,TRUE,A cross platform testing tool framework used for Consumer Driven Contract Testing. It generates JSON contracts via unit tests which can then be exchanged with the provider. It involves minimal setup for both Provider and Consumer and has well written documentation and resources dedicated to it. Its power lies in its simplicity. -Blackduck,trial,tools,TRUE,"Adding security scans to your CI/CD pipeline has never been easier with the Blackduck tooling. It checks for known vunerabilities and license problems for each of your project's dependencies. The PMP team are already using it and all GOTT projects for Peacock are using it too. If your team is interested in using this tool, please let us know and we will organise help from the PMP team or Jake Straker from the OTT Security team. " -Dependabot,assess,tools,TRUE,"A tool that complements Blackduck is Dependabot. This tool automatically updates your project's dependencies for you by creating PRs that your team can quickly accept if your tests still pass. If your team uses GitHub and would like to help assess it, please let us know. It's as easy as adding a configuration file to your GitHub repo." -Consul,hold,tools,TRUE,"Given Kubernetes is our strategic deployment platform of choice, Kubernetes' service discovery and configuration management features make the need for Consul redundant. While systems not yet on Kubernetes may require these features, we would recommend holding off creating more infrastructure with Consul and instead invest the effort moving to k8s." Semantic Versioning,adopt,techniques,TRUE,"Correctly versioning software that makes sense to everyone using it isn't easy. Using a mature versioning scheme like Semantic Versioning helps you version your software service APIs in a way that allows consumers of your service to easily understand the severity of the changes in the new version. It is important to remember that a corresponding git tag of the version should be applied to the commit in the VCS that the versioned artifact was built from." Pipelines as Code,adopt,techniques,TRUE,Pipelines as code is defining the build and deployment pipeline declaratively through code instead of configuring it in a specific CI/CD tooling. Pair Programming,adopt,techniques,TRUE,"Pair Programming is an Agile software development technique in which two programmers work together at some kind of shared workstation setup. One, the driver, writes code while the other, the observer or navigator, reviews each line of code as it is typed in. The two programmers switch roles frequently. We believe that although this may seem as an inefficient usage of our developers' time, the quality of the code produced leads to less time consuming problems later. Other benefits include improved knowledge and skills sharing and team communication." @@ -18,24 +8,3 @@ Long lived branches with Gitflow,hold,techniques,TRUE,"Gitflow is a strict branc Microservices Envy,hold,techniques,TRUE,"Microservices can offer significant advantages to organizations, in terms of improving team autonomy and faster frequency of change. The additional complexity that comes from distributed systems requires an additional level of maturity and investment. We are concerned that some teams are rushing into adopting microservices without understanding the changes to development, test, and operations that are required to do them well. Our general advice remains simple. Avoid microservice envy and start with one or two services before rushing headlong into developing more, to allow your team's time to adjust and understand the right level of granularity." Testing as a separate team,hold,techniques,TRUE,"Fast feedback is a core tenet of Agile and critical to the success of a project. Using a separate QA team slows down this feedback, creates an ""us and them"" mentality and makes it more difficult to build quality into the software. Testing should be a tightly integrated activity and isn't something the team can outsource. We recommend integrated teams where testers work closely with developers instead of having testing as a separate organization." Anemic REST,hold,techniques,TRUE,"Failure to properly model the domain as a set of resources. Naively developing services that simply expose static, hierarchical data models via templated URLs result in an anemic REST implementation. In a richly modelled domain, REST should enable more than simple repetitive data fetching. In a fully evolved RESTful architecture, business events and abstract concepts are also modelled as resources, and the implementation should make effective use of hypertext, link relations and media types to maximize decoupling between services" -Docker & Kubernetes (Core Platform),adopt,platforms,TRUE,"The Core Platform is the CSP favoured microservice hosting solution, it is GitOps with Docker and Kubernetes on AWS (https://core-platform-wiki.dev.cosmic.sky/). The Docker image format makes it easier to achieve parity between development and production, making for reliable deployments. It is a natural fit in a microservices-style application as a packaging mechanism for self-contained services. Kubernetes is Google's answer to the problem of deploying containers into a cluster of machines." -ActiveMQ,adopt,platforms,TRUE,"Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client. KahaDB is the default storage database. Still used in a number of projects, with intentions to migrate towards Kafka. ActiveMQ is a push based system, whereas Kafka is pull based system with a more efficient storage format. Please contact the CSP SRE team for more information." -Couchbase (DocumentDB),adopt,platforms,TRUE,"Couchbase (not to be confused with CouchDB) is a fast, scalable NoSQL database that is well used and trusted within Sky OTT. Its masterless architecture makes it easier to scale and maintain than MongoDB and its built-in caching layer gives it better performance. Depending on your requirements, Cassandra is still top when it comes to Availability and Fault Tolerance, however Couchbase’s default CP configuration makes it a good option for ensuring Consistency. Contact CSP-SRE for more information on DB technologies available within CSP" -RDBMS,adopt,platforms,TRUE,"If the data you are looking to persist is relational in structure, and ACID compliance is of the utmost importance (i.e. large volume of concurrent transactions), you may require a more traditional RDBMS technology such as MYSQL, Oracle or Cockroach. If this is the case, the CSP-SRE team are the best point of contact for information on the DB technologies available within CSP" -Kafka,trial,platforms,TRUE,"Apache Kafka is a messaging framework that provides a solution for publishing ordered event feeds to large numbers of independent, lightweight consumers. Configuring Kafka can be difficult, contact the SRE team for help. For CSP usage see https://developer.bskyb.com/wiki/display/CSEH/CSP+Kafka" -.Net 6,adopt,platforms,TRUE,"Java and the JVM is our department's primary server side language and platform of choice. However, where there are still large C# codebases that we wish to dockerise and deploy to the Core Platform, porting the codebase to run on the .Net platform (v6 and above) is a great option to save time, if possible. Be careful to ensure all our dependencies are supported by .Net platform (i.e .Net Standard 2.0+ compliant). We've experienced more obscure .net libraries being abandoned in the past and not having .Net support." -OpenJDK11,adopt,platforms,TRUE,"When using any of the languages that run on the JVM, JDK11 is the runtime platform of choice. As of Java 11 OracleJDK and OpenJDK will essentially be identical, so there is no additional benefit to paying to use Oracle's commercial JDK other than having direct access to Oracle support and help. Find it at https://jdk.java.net/11/ or follow this JDK11 Migration Guide for services on the Core Platform." -Hazelcast,assess,platforms,FALSE,"For database caching, Hazelcast IMDG stores frequently accessed data in memory across an elastically scalable data grid. With its write-through and write-behind capabilities, Hazelcast can propagate any changes in the cached data back to the original store either synchronously or asynchronously. Hazelcast supports entry processing. An entry processor enables fast in-memory operations on your map without you having to worry about locks or concurrency issues. Hazelcast runs the entry processor for all entries on a partitionThread so there will NOT be any interleaving of the entry processor and other mutations. Hazelcast sends the entry processor to each cluster member and these members apply it to map entries - adding more members just means it can process faster. Contact the Gonzales team as they are using it." -Windows Server,hold,platforms,TRUE,The Core Platform is our department's deployment infrastructure of choice. Avoid anything that requires Windows Server operating system to run. -OracleJDK8,hold,platforms,TRUE,"Oracle's JDK8 reached 'End of Public Updates' in January 2019. Any new public updates will only be released for personal use only and should not be used by Sky in a commercial capacity! To avoid not being able to recieve security updates, move off OracleJDK8 and start using OpenJDK alternatives. Ideally OpenJDK11. Follow this JDK11 Migration Guide for services on the Core Platform." -React JS + TypeScript,adopt,languages & frameworks,TRUE,"React.js stands out due to its design around a reactive data flow. Allowing only one-way data binding which greatly simplifies the rendering logic and avoids many of the issues that commonly plague applications written with other frameworks. This library has been widely adopted across Sky and there is a wealth of knowledge across the department. React components, however, with vanilla JavaScript have to rely on linters and prop-types to ensure code quality and catch bugs. TypeScript simplifies JavaScript code, making it easier to read and debug and provides a richer environment for spotting common errors as you type the code. It also follows OOP concepts, and has a powerful type system including generics. There is a community created flavor of create-react-app package that supports TypeScript. It’s called create-react-app-typescript and it can get you up and running easily if you don’t want a custom project setup." -Groovy + Spock, adopt,languages & frameworks,TRUE,"Spock is a test framework that is built on top of Groovy. It enforces BDD at its core and ensures all tests written using the framework follow the BDD conventions. Unlike JUnit, Spock has its own Mocking and test double libraries as well as full support for parameterized test scenarios. By making use of Groovy, Spock introduces new and expressive ways of testing your applications. Spock is compatible with most IDEs, build tools, and continuous integration servers." -Redux JS vs React Hooks,adopt,languages & frameworks,TRUE,"With the increasing complexity of single-page JavaScript applications, we have seen a more pressing need to make client-side state management predictable. Redux, with its three principles of restrictions for updating state, has proven to be invaluable in a number of projects we have implemented.
'Getting Started with Redux' and 'Idiomatic Redux' tutorials are a good starting point for new and experienced users. It is a minimal library with a rich ecosystem of utility libraries, all which make unit-testing easier with minimal amounts of mocking. Be sure to use Immutable JS objects in your state store to improve predicatbility and ease of debugging even further.
That being said, for apps with simple state storage needs (like a simple support UI) leveraging React v16.8's hooks feature is a great, simpler alternative." -Python 3,adopt,languages & frameworks,TRUE,"If you are developing in Python you should use Python 3. Python is an excellent candidate for the following purposes: proof of concept, testing, bash script replacement and machine learning. Python is not recommended for production back-end services due to a lack of type safety and performance" -ASP.Net Core,adopt,languages & frameworks,TRUE,"Java and the JVM is our department's primary server side language and platform of choice. If the requirement is to port legacy ASP.Net web applications to run on the linux .Net Core platform then you can look into ASP.Net Core. It will require some code changes in the way your application is bootstrapped, but much of your application will remain unchanged." -Spring Boot with Open JDK11,adopt,languages & frameworks,TRUE,"Spring boot is a holistic solution for building Java based microservices. Built on top of Spring's DI framework, it provides out of the box auto-configuring support for REST, data access, security, monitoring and many others. Beware of the bloated-ness though. Open JDK 11 is the current LTS version of java" -Kotlin,assess,languages & frameworks,TRUE,"Kotlin has experienced an accelerated rate of adoption and rapid growth of tooling support. Some of the reasons behind its popularity are its concise syntax, null safety, ease of transition from Java and interoperability with other JVM-based languages in general, and that it doubles as a great introductory language to functional programming. With JetBrains adding the ability to compile Kotlin to native binaries on multiple platforms, as well as transpile to JavaScript, we believe it has the potential of much wider use by the larger community of mobile and native application developers. Some of the tooling such as static and coverage code analysis have yet to mature, but given the industry adoption of Kotlin in many production applications, we believe Kotlin should be assessed in our department." -GoLang,assess,languages & frameworks,TRUE,"Go is well suited for writing back end microservices. Now over a decade old, Go has proven a massive success especially in cloud infrastructure, K8s and Docker are both written in Go. Designed at Google to provide type safety and performance efficiency for server side code without the overhead of Java and C++. Go has a garbage collector but no virtual machine, simplified concurrency based on Hoare's Communicating Sequential Processes and no type hierarchy." -Rust,assess,languages & frameworks,TRUE,"Rust can be used to build WebAssembly(WASM) modules, CLI tools and network services. According to GitHub, Rust was the second-fastest growing programming language in 2019. Rust was incubated at Mozilla but is now run by a non-profit Foundation. With its lack of vm or garbage collector Rust is focused on building high performance, type and memory safe code, many potential bugs are eliminated at compile time." -Camel,adopt,languages & frameworks,TRUE,Apache Camel is a Java open source integration framework based on the book Enterprise Integration Patterns by Hohpe and Woolf. Camel provides a DSL that works well with the Spring framework. Camel is an obvious alternative to Mule and has been used successfully in a number of projects. -VueJS,trial,languages & frameworks,TRUE,"Vue.js has become one of the successfully applied, loved and trusted frontend JavaScript frameworks among the community. Although there are other, well-adopted alternatives, such as React.js, the simplicity of Vue.js in API design, its clear segregation of directives and components (one file per component idiom) and its simpler state management have made it a compelling option among others. A good place to start learning about VueJS is https://v3.vuejs.org/guide/introduction.html. The CSP Masterminds team is familiar with VueJS, and have successfully trialled it as part of a BSS Release initiative (code can be found in https://github.com/sky-uk/csp-bss-release-automation/tree/master/releasemanagerui."