This checklist helps to ensure that our projects meet our Engineering Fundamentals.

• The main branch is locked.
• Merges are done through PRs.
• PRs reference related work items.
• Commit history is consistent and commit messages are informative (what, why).
• Secrets are not part of the commit history or made public. (see Credential scanning)
• Public repositories follow the OSS guidelines, see Required files in default branch for public repositories.

More details on Source Control

• All items are tracked in AzDevOps (or similar).
• The board is organized (swim lanes, feature tags, technology tags).

• Unit tests cover the majority of all components (>90% if possible).
• Integration tests run to test the solution e2e.

More details on Unit Testing

• Project runs CI with automated build and test on each PR.
• Project uses CD to manage deployments to a replica environment before PRs are merged.
• Main branch is always shippable.

• Access control.
• Separation of concerns.
• Robust treatment of secrets.
• Encryption for data in transit (and if necessary at rest) and password hashing.

• Significant business and functional events are tracked and related metrics collected.
• Application faults and errors are logged.
• Health of the system is monitored.
• The client and server side observability data can be differentiated.
• Logging configuration can be modified without code changes (eg: verbose mode).
• Incoming tracing context is propagated to allow for production issue debugging purposes.
• GDPR compliance is ensured regarding PII (Personally Identifiable Information).

• Process Lead (fixed/rotating) to run standup daily.
• Agile process clearly defined within team.
• Tech Lead (+ PO/Others) have responsibility for backlog management and grooming.
• Working agreement between members of team and customer.

• Process for conducting design reviews is included in the Working Agreement
• Design reviews for each major component of the solution are carried out and documented, including alternatives.
• Stories and/or PRs link to the design document.
• Each user story includes a task for design review by default, which is assigned or removed during sprint planning.
• Project advisors are invited to design reviews or asked to give feedback to the design decisions captured in documentation.
• Discover all the reviews that the customer's processes require and plan for them.

• Clear agreement in the team as to function of code reviews.
• Code review checklist or established process.
• A minimum number of reviewers (usually 2) for a PR merge is enforced by policy.
• Linters/Code Analyzers, unit tests and successful builds for PR merges are set up.
• Process to enforce a quick review turnaround.

More details on Code Reviews

• Set time for retrospectives each week/at the end of each sprint.
• 1-3 proposed experiments to be tried each week/sprint to improve the process.
• Experiments have owners and are added to project backlog.
• Longer retrospective for Milestones and project completion.

More details on Retrospectives

• Submit business and technical blockers that prevent project success
• Add suggestions for improvements to leveraged services and components
• Ensure feedback is detailed and repeatable

More details on Engineering Feedback