Tiger Team Onboarding

{%hackmd theme-dark %} # Presentation (available at https://hackmd.io/@lucascsousa/Skd3mHW56) ## DevOps - You can assing you Radix email as the recipient of your DevOps notifications by setting it as your **"Contact email"** in your [Profile page](https://dev.azure.com/CelaneseCorporation/_usersSettings/about) - Make sure you are part of your project's Team in DevOps - This will give you access to the Board, Repositories, Wikis and Pipelines ## Git flow [3 environment branches](https://dev.azure.com/CelaneseCorporation/Digital%20Plant/_wiki?pageId=437&friendlyName=Git-Flow-and-Branching-strategy#): - **dev** - local/initial testing grounds - **qa** - PO and other testers main testing - **prod** - real user data ### Development steps: - Start development from `dev` branch, name branch with the following pattern: - `feature/` | `bugfix/` | `infra/` - `[number of WorkItem]-` - `[smallDescriptiveTitle]` - After development and local tests are finished, open a Pull Request - Pull Request procedure: - Title: Use a small descriptive title, optionally, you can also include: - An Emoji that represents the type of PR: |Type|Emoji| |----|-----| |feature|✨| |fix|🐞| |docs|📄| |style|💎| |refactor|♻️| |performance|🚀| |test|🚨| |build|📦| |ci|👷| - The Environment in brackets ex: [Dev] - The Category of the changes ex: [Dashboards] - Ex: ✨[DEV][47773][Turnaround] - Changed "Average Budget" and "Average Cost" - Description: Detailed description of changes, you can use the "Add commit messages button" to add them as a list of items instead - Link Work Item: Mandatory - Set Auto-Complete (only check delete branch option and leave merge type as the default) ## Development best practices: - Enable `ESLint` formatter `esbenp.prettier-vscode` and auto-run on save - Enable `SonarLint` - ServerUrl: `https://sonarqube.nexus.radixeng.com` - Token: VSCode will do it automatically or Go to SonarQube url (login as Radix) -> MyAccount -> Security -> Generate new **User** token - Add your WorkItem task numbers with a `#` on your commit messages - Use optional chaining operator often `a?.b` ### Using the VDI (VM or Virtual Desktop - Celanese VPN) - https://client.wvd.microsoft.com/arm/webclient/index.html or download application in Microsoft Store - Applications will only be accessible from here ### UI Library and other libs - UI Library (Everything - must be accessed from Celanese VPN) - https://app-dplantuilibrary-d-ussc-01.azurewebsites.net/docs - MaterialUI (General UI) - https://mui.com/material-ui/all-components/ - ApexCharts (Charts) - https://apexcharts.com/docs/creating-first-javascript-chart/ - Apollo (GraphQL queries) - https://www.apollographql.com/docs/ - Axios (HTTP requests) - https://axios-http.com/docs/example ### Environment Variables - Are declared in the `.env` file in the root of your nextjs project - Should have descriptive names, in SNAKE_UPPER_CASE - Should **include** urls, clientIds, model and space names, etc - Should ***not* include*** client secrets, API Keys, private or secure information - That info is declared in the scope of the deployment pipeline - It can be used in the `.env.local` file locally, for tests, but it should ***NOT* be commited** ## Cognite ### Access Flow To allow users or service accounts to access data in cognite, make sure they have the following requirements: 1. Application needs a **Azure Group** for each access level role 2. Cognite needs a mirrored **Cognite Group** for each *Azure Group* above, they will have it's _capabilities_ defined here (`read` and/or `write`) 2.1 Each Cognite Group will reference the Aure Group by it's id in the `Source ID` field 2.2 Capabilities are usually **_scoped_**, meaning they will apply to a specific _dataset_, _space_, or are **unscoped** and apply to **ALL** 3. Application needs a **Service Principal** account for each service account 3.1 Examples of service accounts: Front-end user-impersonation, Data modeler (Cognite deployment account), custom API account, etc 4. Service account needs to be in one of the appropriate Azure Group #### Users (portal applications) 5. Service Principal needs to have the following permissions granted with **_Admin Consent_**: - API Name: `Cognitedata API: az-eastus-1` - claim value: `IDENTITY` - claim value: `DATA.VIEW` - claim value: `user_impersonation` - (optional) API Name: `Microsoft Graph` - claim value: `email` - claim value: `offline_access` - claim value: `openid` - claim value: `profile` - claim value: `User.Read` 6. End User is in Celanese Active Directory 6.1 Eg: your _firstName.lastName_contractor@celanese.com_ account 7. End User needs to be the appropriate Azure Group 8. You will provide the the applicationId of the Service Principal as the `CliendId` in your OAuth flow #### Service Accounts (APIs and pipeline users) (cont. from general) 5. You will provide the the applicationId of the Service Principal as the `CliendId` in your OAuth flow and use the `clientSecret` of that principal ## Useful notes - [Links to every Use Case application (Celanese Apps)](https://dev.azure.com/CelaneseCorporation/Digital%20Plant/_wiki?pageId=501&friendlyName=Use-Case-Links#)