Date

31 May 2022

Call-in Information

Time: 10:00 am, Eastern Time (New York, GMT-04:00)

To join the online meeting:

• https://lyrasis.zoom.us/j/84378615572?pwd=bGUxSjlyRTdjOGl5U1B6L0Yva3RQdz09

  Meeting ID: 843 7861 5572
  Passcode: 556561
  One tap mobile
  +16699006833,,84378615572#,,,,*556561# US (San Jose)
  +19292056099,,84378615572#,,,,*556561# US (New York)

  Dial by your location
          +1 669 900 6833 US (San Jose)
          +1 929 205 6099 US (New York)
          +1 253 215 8782 US (Tacoma)
          +1 301 715 8592 US (Washington DC)
          +1 312 626 6799 US (Chicago)
          +1 346 248 7799 US (Houston)
          877 853 5257 US Toll-free
          888 475 4499 US Toll-free
  Meeting ID: 843 7861 5572
  Passcode: 556561
  Find your local number: https://lyrasis.zoom.us/u/kerqtGDrJ4

Slack

• https://vivo-project.slack.com
  • Self-register at: http://bit.ly/vivo-slack
    

Attendees

 Indicating note-taker

1. Dragan Ivanovic 
2. Georgy Litvinov 
3. Benjamin Gross 
4. Benjamin Kampe
5. Veljko Maksimovic
6. Mark Vanin 
7. William Welling 
8. Huda Khan 
9. Rolf Guescini

Agenda

1. Questions/Issues/Pull requests/Announcements
   
   1. VIVO 1.13.0 release candidate -
      1. Release Testing - 1.13.0
      2. Release Notes
2. The ongoing sprint
   1. A Dynamic API label for issues and PR
   2. repositories and branches
      1.  https://github.com/vivo-project/Vitro/tree/sprint-dynapi-2022-feb-staging
      2. https://github.com/vivo-project/Vitro-angular
   3. Tracks
      1. Project board - https://github.com/orgs/vivo-project/projects/2 
      2. Ontology
         1. RDF representation of dynamic actions and resourceAPIs
      3. Binding
         1. Binding to Java objects representation 
      4. Execution
         1. Execution of a dynamic action
      5. RCP Endpoint
      6. REST Endpoint
      7. Security
         1. Definition of dynamic action roles
         2. Authentication (endpoint and UI)
         3. Authorization
            1. JWT
      8. Validation
         1. syntax,
         2. SHACL rules for all dynamic actions
      9. UI for exposing dynamic API
         
         1. Angular & Angular Material
            1. the server side module 
               1. https://angular.io/guide/universal
            2. a central state management up front
               1. https://ngrx.io/
            3. i18n library 
               
               1. https://ngneat.github.io/transloco/
            4. GitHub CI Actions
               1. build
               2. lints
                  1. adopt a style guide and have it enforced using linting
               3. tests
                  1. incorporate best practices and have test coverage in initial commit
                     1. CodeCov vs Coverall vs Other options
            5. library for common modules and custom elements
               1. one or two or more modules
      10. CRUD operations for custom actions
      11. UI for management of custom actions
      12. Exploitation

Notes

Dragan: Announced VIVO 13.0.0 release candidate for testing via email. The hope is that some people who are not part of this sprint can maybe test the release candidate while the sprint is in progress. 

New Github label for DynamicAPI will be created for issues and tasks that concern this new part of VIVO.

Dragan: How to review William’s initial Angular PR?

William: Run different ngm scripts to see if they all work, + people who are interested in frontend development should go over the code to see if everything makes sense. Also advocates for using CLI tools for creating any new Angular component. Does not expect comments on PR, since there is no code that isn’t automatically generated with Angular tools. Suggests using release branches instead of staging. All feature dev happens on feature branches, and after that they get merget to the release branch. This approach negates the need for sprint branches. 

Dragan: How should we take care of CORS?

William: Thinks CORS should not be done on the level of application code, but rather on the level of tomcat server. Isn’t even sure that it is possible to do this on application level when it comes to java servlets.

Mark will read more about the CORS filters, and then we will continue the discussion about how to implement CORS filters.

Should we use one or multiple GitHub CI Actions? Having multiple builds should not slow down our CI pipeline since duplicate tasks (like downloading dependencies) would be cached. The agreement was to split Github CI actions into multiple files.

Short discussion about linters and security analysis tools. Some tools to check: jslint for js linting, lgtm.com, for java  security analysis, checkstyles for java style analysis, SonarCube. CodeCov will be used for test code coverage.

After short discussion about libraries and common modules, William and Dragan and Georgy agreed to start development using no libraries, because we currently don't have enough human resources to create abstractions for every possible use case.

Dragan: Should “Compute Scope” be part of isValid or not.

Georgy: It should be part of the validation process. ComputeScope will then be private, since it is never called directly.

Draft notes in Google Docs

Task List

Previous Tasks 

• Dragan Ivanovic to open an issue for a reverse proxy (redirecting) - https://vivo-project.slack.com/archives/C8RL9L98A/p1651739159126489
  • https://github.com/vivo-project/VIVO/issues/3698
• Dragan Ivanovic to contact Andrew Wood for resolving the issue with registration for the Slack channel
• All to consider participation in the sprint and if decide  to participate to register for the sprint - link
• Dragan Ivanovic to send a require to add in the Leadership group agenda a topic for discussing Copyright owner in License
• All please help in filling this document - spreadsheet
•  Dragan Ivanovic to create a draft version of a Google Spreadsheet document with labeled columns representing requirements and to share with committers
• Committers to review the structure of the document and to fill it with data for JS and CSS frameworks