project icon indicating copy to clipboard operation
project copied to clipboard

Published 20 hours ago verified publisher icon mojaloop

[DMP 2024]: Mojaloop GitHub metrics and maintenance

Open elnyry-sam-k opened this issue 10 months ago • 9 comments

Ticket Contents

Description

This has two aspects, the first one being more high level information such as the lines of code, contributors, dependencies, repositories, commits. An automated app (or docker container based service running on cloud) that can easily provide this periodically or on a need basis can help teams view the overall data efficiently and as needed.

Secondly, a more in-depth information of the dependencies being used by each service, noted against each of its license, version number, patch status can greatly help internal assessments when security bulletins are issued or vulnerabilities identified. This can be maintained in an internal repo, based on the information and level of detail involved.

Goals & Mid-Point Milestone

Goals

  • [ ] Scripts to access details of all Mojaloop repositories and tabulate into groups based on attributes, quality lables, topics (platform groups, vnext, documentation/project and so on).
  • [ ] Update existing tooling to use latest dependencies, versions of tooling
  • [ ] Use new tooling or update existing tooling to generate and publish GitHub metrics on a monthly basis (Metrics such as Total contributors, Total commits, Lines of code, Repositories, Dependencies used)
  • [ ] Software Bill of Materials (SBOM) of each repo / service generated and documented and aggregated to maintain a list at Mojaloop level with each dependency at the lowest level containing details such as version, license, Mojaloop services which use it and other maintenance details [Goals Achieved By Mid-point Milestone]
  • [ ] Automate process to publish metrics (in specified format) and SBOM monthly once formats are finalized
    • [ ] Flag anomalies, discrepancies) as part of this for issues identified
    • [ ] For a specific set of repositories (core platform repos), create and maintain a list of open security alerts (dependabot and possibly codeql)
  • [ ] Scripts / workflows to follow DA best practices
    • [ ] Example: Workflow to close PRs inactive for more than a year)
  • [ ] Further explore and Implement tooling for dependency management and maintenance.

Setup/Installation

An example: https://github.com/mojaloop/community-tools

Expected Outcome

  • [ ] Mojaloop metrics can be assessed periodically (In CI or separate VMs on cloud, etc) or on demand and published
  • [ ] SBOM published in desired format (with details specified)
  • [ ] Mojaloop dependency management enhanced with better tooling (In addition to dependabot, snyk, npm audit checks and other existing checks)

Acceptance Criteria

No response

Implementation Details

An example: https://github.com/mojaloop/community-tools

But the goal is to automate gathering of metrics, data at macro and micro levels.

Mockups/Wireframes

No response

Product Name

Mojaloop GitHub Metrics

Organisation Name

Bandhu

Domain

Financial Inclusion

Tech Skills Needed

CI/CD, DevOps, JavaScript, Node.js, Other

Mentor(s)

Sam Kummary, James Bush, Paul Makin along with other SMEs and community contributors as required

Category

API, Analytics, Documentation, Security

elnyry-sam-k avatar Apr 17 '24 20:04 elnyry-sam-k

Hey @elnyry-sam-k. I would like to take up this project. I have previous experience working on SBOM related technologies (and cron jobs for automatic updates). Also, I am familiar with CI integration process to deploy GitHub stats. I'll be working out on a design doc soon, Till then any guidance related to the project would be helpful. Thanks!

dvjsharma avatar Apr 20 '24 17:04 dvjsharma

hi @dvjsharma

Thanks for reaching out! This sounds great. I can provide guidance but please allow me to follow the guidance from the C4GT/DMP team and I'll get back to you or they might reach out to you..

Appreciate your enthusiasm and I hope to get started as soon as possible on this!

elnyry-sam-k avatar Apr 23 '24 09:04 elnyry-sam-k

Do not ask process related questions about how to apply and who to contact in the above ticket. The only questions allowed are about technical aspects of the project itself. If you want help with the process, you can refer instructions listed on Unstop and any further queries can be taken up on our Discord channel titled DMP queries. Here's a Video Tutorial on how to submit a proposal for a project.

AbhimanyuSamagra avatar Apr 23 '24 11:04 AbhimanyuSamagra

Hello, @elnyry-sam-k Sir, I guess I am a little late to get involved. However, I am Devarsh Shah from India. I am about to graduate with a major in Computer Science Degree and a huge DevOps Enthusiast.

I have also done a little bit of research on what Mojaloop is, and what the responsibility is on the shoulder of Mojaloop and I got to know about, Learn Mojaloop Moodle Website, where I enrolled myself in MOJA 103 module and studied it and revised the monitoring tools such as Prometheus and Grafana which can be leveraged here.

Based on the description I understood that, we will be automating the publishing of SBOM(which will be created in earlier steps.) Monthly and I am very excited to do this automation.

Warm Regards, Devarsh

devarsh10 avatar May 04 '24 19:05 devarsh10

hi @devarsh10

Thanks for reaching out!

Appreciate your enthusiasm and I hope to get started as soon as possible on this! Please allow me to follow the guidance from the C4GT/DMP team and I'll get back to you or they might reach out to you..

elnyry-sam-k avatar May 07 '24 14:05 elnyry-sam-k

Hello @elnyry-sam-k

My name Mahesh Kasbe and I am a final year student at University of Mumbai pursuing computer science, I have been an active contributor in open source communities like Kubernetes, ArgoCd etc.. Currently I am a mentor for Google summer of Code (2024) @NRNB where i was a past GSOC'23 contributor i worked on the developing the production grade CI/CD Pipeline for graphspace project, I have also participated and completed Linux Foundation Mentorship 2023 where i worked for CNCF project Openkruise by integrating their workloads with helm and argocd.

Looking at the project description I believe that i am the most suitable candidate for working on this project, I have created the SBOM and Github Metrics for past open-source organizations and also have a good amount of knowledge on automating CI/CD tools, I have also uploaded a whole Proposal including the possible approach, timeline and brief of the solution. I will be glad to work on this project and i am determined to complete it before the deadline, looking forward to learn a lot from the mentor.

Warm Regards Mahesh

maheshkasabe avatar May 07 '24 18:05 maheshkasabe

Hi @elnyry-sam-k, how are you doing? Can you please tell me how I can reach out to the mentor of this project I want to understand this issue and want to show them the proposal. Can you please help me?

Suraj-kumar00 avatar May 07 '24 18:05 Suraj-kumar00

Hello @elnyry-sam-k, I hope you are doing well. I am working on a proposal for Mojaloop GitHub metrics and maintenance. I checked out the Community-Tools repo and found oss-stats and oss-dash directories using gulp. I have been exploring around git hub data collection automation and CI/CD recently. I am a DevOps enthusiast and would love to make contributions to this project. Are there any good first issues you can lead me to. P.s.: I know i am a bit late, but i found out about this opportunity fairly recently.

git-ankuryadav avatar May 14 '24 13:05 git-ankuryadav

Hello @elnyry-sam-k haven't received any notification regarding the project yet! Since the Slack channel requires a @mojaloop.org is there any other way i can join the slack?

maheshkasabe avatar May 31 '24 10:05 maheshkasabe