@@ -9,12 +9,334 @@ implemented in a private class, so that it is not exposed to public
99
1010Following diagram showcases current Architecture of the Android Security Toolkit
1111
12+ [ TODO: Diagram]
13+
14+ This part of the Android Security Framework is private. It is published on the
15+ maven central repository. The example app is published on the github, making
16+ it possible for other users to contribute and use the framework.
17+
1218## Release Process
1319
20+ In order to release a new version of this framework:
21+
22+ - increment the version of release
23+ in [ build.gradle file] ( ./securitytoolkit/build.gradle.kts )
24+ - merge the changes via a release branch into main. Pipeline will make release
25+
1426## DevOps
1527
28+ In order to support this project, the following tasks are present:
29+
30+ - Check the daily running pipeline for any errors and fix them
31+ - Check user Feedback in the corresponding Example Project on GitHub
32+ - Run the example App locally to check for any compilation or runtime errors
33+ - Fix anything by contributing
34+
1635## Contributing
1736
37+ In order to contribute to this repository:
38+
39+ - Read the whole README (this) file
40+ - Setup local development environment
41+ - Confirm to the branching model
42+ - Create a feature PR and merge after a review
43+
44+ ### Development Environment
45+
1846## Coding Guidelines
1947
20- ## Branch Model (Git)
48+ We are following
49+ the [ Kotlin coding conventions] ( https://kotlinlang.org/docs/coding-conventions.html )
50+ and the [ Kotlin style guide] ( https://developer.android.com/kotlin/style-guide ) .
51+
52+ ### Documentation
53+
54+ For further information on Documentation
55+ see https://developer.android.com/kotlin/style-guide#documentation
56+ and [ Document Kotlin code: KDoc] ( https://kotlinlang.org/docs/kotlin-doc.html )
57+
58+ ** DO**
59+
60+ + ... place the opening ` /** ` on a separate line and begin each subsequent line
61+ with an asterisk
62+ + ... place short comments on a single line
63+ + ... put a space after ` // `
64+ + ... put copyright and licence headers in a multiline comment
65+
66+ ** PREFER**
67+
68+ + ... incorporating the description of parameters and return values directly
69+ into the documentation comment
70+ + ... adding links to parameters wherever they are mentioned
71+ + ... using ` @param ` and ` @return ` only when a lengthy description is required
72+ which doesn't fit into the flow of the
73+ main text
74+
75+ ** DON'T**
76+
77+ - ... put copyright and licence headers in KDoc-style or single-line-style
78+ comments
79+
80+ ### Structure
81+
82+ A .kt file comprises the following, in order:
83+
84+ 1 . Copyright and/or license header (optional)
85+ 2 . File-level annotations
86+ 3 . Package statement
87+ 4 . Import statements
88+ 5 . Top-level declarations
89+
90+ The contents of a class should go in the following order:
91+
92+ 1 . Property declarations and initializer blocks
93+ 2 . Secondary constructors
94+ 3 . Method declarations
95+ 4 . Companion object
96+
97+ ** DO**
98+
99+ + ... separate each section with one blank line
100+ + ... group import statements for classes, functions, and properties
101+
102+ ** CONSIDER**
103+
104+ + ... structuring declarations in a file after a logical order
105+ + ... ordering declarations for reading from top-to-bottom
106+
107+ ** DON'T**
108+
109+ - ... use wildcard imports
110+ - ... line-wrap imports
111+
112+ ### Naming
113+
114+ ** DO**
115+
116+ + ... use lowerCamelCase for package names (` org.example.myProject ` )
117+ + ... use UpperCamelCase for classes and objects
118+ + ... use SCREAMING_SNAKE_CASE for constant properties
119+ + ... use lowerCamelCase for top-level or object properties
120+ + ... use SCREAMING_SNAKE_CASE or UpperCamelCase for enum constants
121+
122+ ** CONSIDER**
123+
124+ + ... using a noun or a noun phrase explaining what a class
125+ is (` List ` , ` PersonReader ` )
126+ + ... using a verb or a verb phrase saying what the method
127+ does (` close ` , ` readPersons ` )
128+ + ... suggesting if a method is mutating an object (` sort ` ) or returning a new
129+ one (` sorted ` )
130+ + ... capitalizing acronyms if they consist of two letters (` IOStream ` ) and
131+ capitalize only first letter if they are
132+ longer (` XmlFormatter ` , ` HttpInputStream ` )
133+
134+ ** AVOID**
135+
136+ - ... using meaningless words (` Manager ` , ` Wrapper ` )
137+
138+ ### Formatting
139+
140+ ** DO**
141+
142+ + ... use four spaces for indentation
143+ + ... put the opening brace at the end of the line where the construct begins
144+ + ... put the closing brace on a separate line aligned horizontally with the
145+ opening construct
146+ + ... put spaces around binary operators (` a + b ` )
147+ + ... put spaces between control flow keywords (` if ` , ` when ` , ` for ` ,
148+ and ` while ` ) and the corresponding opening
149+ parenthesis
150+ + ... put ` get ` and ` set ` keywords on separate lines for more complex properties
151+ + ... apply the Kernighan and Ritchie style on braces for nonempty blocks and
152+ block-like constructs
153+ + ... separate each statement with a line break
154+
155+ ** PREFER**
156+
157+ + ... using an expression body for functions with the body consisting of a
158+ single expression
159+ + ... omitting braces for ` when ` branches and ` if ` expressions which have no
160+ more than one ` else ` branch and which fit
161+ on a single line
162+ + ... omitting return types if an expression function body or a property
163+ initializer is a scalar value or the return
164+ type can be clearly inferred from the body
165+
166+ ** CONSIDER**
167+
168+ + ... one-line formatting for very simple read-only properties
169+ + ... using trailing commas
170+
171+ ** AVOID**
172+
173+ - ... horizontal alignment of any kind
174+ - ... lines longer than 80
175+
176+ ** DON'T**
177+
178+ - ... use tabs for indentation
179+ - ... put spaces around the "range to" operator (` 0..i ` )
180+ - ... put spaces around unary operators (` a++ ` )
181+ - ... put a space after ` ( ` , ` [ ` , or before ` ] ` , ` ) `
182+ - ... put a space around ` . ` or ` ? `
183+ - ... put spaces around angle brackets used to specify type
184+ parameters: ` class Map<K, V> { ... } `
185+ - ... put spaces around ` :: `
186+ - ... put a space before ` ? ` used to mark a nullable type
187+ - ... put a space before an opening parenthesis in a primary constructor
188+ declaration, method declaration or method call
189+
190+ ### Idiomatic use of language features
191+
192+ ** DO**
193+
194+ + ... use named arguments when a method takes multiple parameters of the same
195+ primitive type
196+ + ... use named arguments for ` Boolean ` , unless the meaning of all parameters is
197+ absolutely clear from context
198+ + ... use the ` ..< ` operator to loop over an open-ended range
199+ + ... use extension functions liberally
200+
201+ ** PREFER**
202+
203+ + ... declaring local variables and properties as ` val ` rather than ` var ` if
204+ they are not modified after initialization
205+ + ... using immutable collection interfaces (` Collection ` , ` List ` , ` Set ` , ` Map ` )
206+ to declare collections which are not
207+ mutated
208+ + ... declaring functions with default parameter values to declaring overloaded
209+ functions
210+ + ... defining a type alias for functional types or a types with type parameters
211+ that are used multiple times in a
212+ codebase
213+ + ... ` import ... as ... ` if you use a private or internal type alias for
214+ avoiding name collision
215+ + ... using ` if ` for binary conditions instead of ` when `
216+ + ... using higher-order functions (` filter ` , ` map ` etc.) to loops
217+ + ... using a regular ` for ` loop instead ` forEach `
218+ + ... using string templates to string concatenation
219+
220+ ** CONSIDER**
221+
222+ + ... restructuring a lambda so that it will have a single exit point
223+ + ... (if that's not possible or not clear enough) converting the lambda into an
224+ anonymous function
225+
226+ ** AVOID**
227+
228+ - ... using multiple labeled returns in a lambda
229+
230+ ** DON'T**
231+
232+ - ... use a labeled return for the last statement in a lambda
233+
234+ ### Avoid redundant constructs
235+
236+ ** AVOID**
237+
238+ - ... using semicolons
239+ - ... returning Unit
240+
241+ ** DON'T**
242+
243+ - ... use curly braces when inserting a simple variable into a string template
244+
245+ ### Additional Coding guidelines
246+
247+ ** DO**
248+
249+ + ... use MVVM and repository pattern
250+ + ... handle state in the ViewModel
251+ + ... use Dependency Injection with Hilt like specified by Android (
252+ see https://developer.android.com/training/dependency-injection/hilt-android )
253+ + ... limit the scope of @Composable to describing UI components
254+ + ... follow the single-activity architecture pattern
255+
256+ ## Linter
257+
258+ Different Linters are used to ensure the best code quality possible:
259+
260+ - gradle lint
261+ - detekt
262+
263+ Gradle Lint uses standard configuration.
264+ Detekt uses ` config/detekt/detekt.yml ` configuration file.
265+
266+ All of this are configured in the pipeline, but can also be configured locally
267+ with the following methods:
268+
269+ - Intellij Plugins:
270+ - gradle lint can be run via "Code" -> "Inspect Code…" option
271+ - detekt plugin can be installed and configured
272+ - Command Line:
273+ - run ` ./gradlew lint ` from app root directory
274+ - run ` ./gradlew detekt ` from app root directory
275+
276+ ## Branching model
277+
278+ The branching workflow is based on Gitflow as
279+ documented [ here] ( https://www.atlassian.com/de/git/tutorials/comparing-workflows/gitflow-workflow ) .
280+
281+ <img src =" https://wac-cdn.atlassian.com/dam/jcr:cc0b526e-adb7-4d45-874e-9bcea9898b4a/04%20Hotfix%20branches.svg?cdnVersion=431 " alt =" drawing " width =" 700 " style =" margin-bottom 20px " />
282+
283+ According to Gitflow two branches are representing the state of the current
284+ project. The first one is the ` main ` branch,
285+ which contains the release history and the ` develop ` branch, which is the
286+ integration branch for new features. Every
287+ feature is developed on its own branch, which is branched off from ` develop ` .
288+ The name of a feature branch is
289+ constructed according to the following scheme:
290+
291+ ` feature/[Ticket number from Jira]-short-description-of-feature `
292+
293+ If a feature is completed, it is merged into ` develop ` after another developer
294+ has reviewed the code and approved the
295+ changes.
296+
297+ If ` develop ` contains all required features for a release, a ` release ` branch is
298+ forked from ` develop ` . The ` release `
299+ branch name is constructed according to the following scheme:
300+
301+ ` release/[short-description] `
302+
303+ On ` release ` only bugfixes and related changes are made, which are continuously
304+ merged back to ` develop ` . Likewise to
305+ the ` feature ` branches, bugfix branches should follow the same naming
306+ convention:
307+
308+ ` bugfix/[Bug-Ticket number from Jira]-short-description-of-bug `
309+
310+ If the ` release ` branch is ready for deployment, is merged into ` main ` and
311+ tagged with a version number. After
312+ merging into ` main ` , the ` release ` branch is no longer of use and can be
313+ deleted.
314+
315+ ` hotfix ` branches are required when a deployed version has a critical bug, that
316+ needs to be fixed as soon as possible.
317+ A ` hotfix ` branch is branched off from ` main ` and merged back into ` main ` as
318+ well as into ` develop ` . When merging
319+ a ` hotfix ` branch into ` main ` the version number should be incremented. The
320+ naming convention for a hotfix branch is:
321+
322+ ` hotfix/[short-description] `
323+
324+ ### Merging policies
325+
326+ All features and bugfixes can only be merged into ` develop ` and ` main ` when
327+ another developer has reviewed and approved
328+ the code changes. For this purpose the developer has to create a Pull Request (
329+ PR). Additionally, to the code review,
330+ the reviewer checks if new code segments are tested properly by unit, widget and
331+ integration tests, if needed. The
332+ pipeline and thus the tests must also have been successfully ran for the PR to
333+ be merged. The PR itself is then merged
334+ by the creator and the corresponding branch deleted to keep the repository in a
335+ clean state.
336+
337+ We are using Git Rebase to integrate changes from one branch into another. With
338+ Rebase commits are written from a source
339+ branch onto the top of a target branch. When rebasing a feature branch onto
340+ develop, the git history is kept clean and
341+ linear.
342+
0 commit comments