Onboarding

Before setting up your development environment, make sure you have completed the initial onboarding for every talent at Fluid Attacks.

Basic machine configuration

This is the minimum configuration required for your machine

1. Install Linux.

   • Make sure to enable disk encryption during the installation process. Refer to online documentation of your chosen distribution for additional details.

2. Run TimeDoctor using the following command,

   $ export QTWEBENGINE_DISABLE_SANDBOX=1 && ~/timedoctor2/timedoctor2

3. Install Nix.

   • Follow the recommended multi-user installation.

   • In case you have an eventual issue running nix commands, and you receive an output like the following:

     version `GLIBC_2.36' not found

     Then, try typing in your shell:

     $ unset LD_LIBRARY_PATH

     For making this solution persistent, run the following from your home directory:

     $ echo "unset LD_LIBRARY_PATH" >> .bashrc

4. Install Makes.

5. Install Git, Direnv, Sops, and VSCode. You can use Nix for this,

   $ nix-env -iA nixpkgs.git nixpkgs.direnv nixpkgs.sops
   $ NIXPKGS_ALLOW_UNFREE=1 nix-env --install --attr vscode --file https://github.com/nixos/nixpkgs/archive/5fa16cffe329c93aa514db6bf3553e70326df6f7.tar.gz

6. Create a GitLab account.

   1. The username must follow the syntax usernameatfluid, where the username is the one before @fluidattacks in your credentials.

   2. Create a SSH key.

   3. Configure the SSH key in your Gitlab preferences.

   4. Configure Git to sign commits using SSH.

      • If you did not do it, run the following command to automatically sign your commits.

        $ git config --global commit.gpgsign true

   5. Write and email to [email protected] with your GitLab username requesting access to our repository.

Environment

This section will guide you through setting up a terminal with AWS credentials and a code editor in an automated way every time you enter your local checkout of the Universe repository.

After this section you will have:

• A terminal with AWS credentials for the specific product you are developing.
• An editor with:
  • The source code of the Universe repository.
  • Recommended development extensions.
  • Automatic code formatters on save.
  • Auto completion and go to definition.
  • OS libraries required.

Terminal

We'll configure the terminal first. Once the terminal is configured, all of the applications you open from it will inherit the development environment and credentials.

At this point you should have Nix and Makes already installed in your system, so we won't go into those details.

For maximum compatibility, we suggest you use GNU Bash as the command interpreter of your terminal.

Please follow the following steps:

1. Make sure you have the following tools installed in your system:

   • Nix
   • Makes
   • Git
   • Direnv
   • VSCode

   If you are missing any of the previous tools, refer back to the machine configuration

2. Use SSH to clone the Fluid Attacks universe repository into the path of your preference.

   $ git clone [email protected]:fluidattacks/universe.git

3. Enter the root of the repository and configure your Git username and email.

   universe $ git config user.name "Your Name"
   universe $ git config user.email "[email protected]"

   The email must be the corporate email. The username must only contain the first name started in capitals and the last name started in capitals. For example,

   universe $ git config user.name "Aureliano Buendia"
   universe $ git config user.email "[email protected]"

4. Open your Bash configuration file, or the configuration file of your preferred terminal,

   $ code ~/.bashrc

5. Add the following variables to your terminal configuration file, or to a file at universe/.envrc.config:

   # Automatically fill Okta login form to retrieve AWS credentials
   export OKTA_EMAIL=<username>@fluidattacks.com
   export OKTA_PASS=<your-password>
   
   # Define your remote branch for processes like git hooks
   export CI_COMMIT_REF_NAME=<username>atfluid

   You can optionally omit the OKTA_PASS. In that case, it will be asked interactively on the terminal.

6. Add the following to the end of your ~/.bashrc:

   # Configure direnv
   export DIRENV_WARN_TIMEOUT=1h
   source <(direnv hook bash)

7. Load the newly applied configuration,

   $ source ~/.bashrc

8. Change directory to the universe repository:

   $ cd universe

9. Run the command,

   universe $ direnv allow

10. Pick the AWS role you want to load AWS credentials for. The options may change depending on your assigned permissions:

    Select AWS Role:
    Account: fluidsignal (205810638802)
      [ 1 ] dev
      [ 2 ] prod_airs
      [ 3 ] prod_docs
      [ 4 ] prod_integrates
      [ 6 ] prod_observes
      [ 7 ] prod_skims
      [ 8 ] prod_sorts
    Selection: <type a number here>

    • This prompt will be shown only if you have multiple roles assigned.

    • If you see an authentication error, make sure your email and password are correct.

    • If you see the following error:

      Error: Status Code: 404
      Error: Summary: Not Found: Resource not found: me (Session)
      ERROR: SAMLResponse tag was not found!

      Please remove your AWS Okta processor configuration directory by running:

      $ rm -rf ~/.aws-okta-processor/
      $ rm -rf ~/.aws/boto/cache

      And then try again. This error happens when AWS Okta processor tries to reuse a cached expired session.

11. Pick the development environment you want to load:

    Select the development environment you want to load:
    
    Once the environment has finished loading,
    please close your code editor if it is open,
    and then open it by invoking it from this terminal.
    
    You can reload the environment at any moment with: $ direnv allow
    
    1) airs             3) docs             5) integratesForces    7) melts         9) sorts
    2) common           4) integratesBack   6) integratesStreams   8) skims        10) none
    Selection: <type a number here>

12. AWS commands run from this terminal will be authenticated to AWS now. If you need to get the value of the secrets explicitly, you can echo any of the AWS variables exported, namely:

    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • AWS_SESSION_TOKEN
    • AWS_DEFAULT_REGION

13. (Optional) Some tools are used occasionally, so they are not part of the development environment, for instance: kubectl, jq, awscli, among others.

    If you require any extra tools, you can search them here and install them with Nix. If you happen to use them very frequently, you can add them to the development environment. The development environment is yours and for your benefit, help us take care of it.

At this point, you can open a new terminal, and all of the applications you open by calling them from this terminal will inherit the development environment and credentials. This works because every command that you execute on the terminal (like awscli, kubectl, or your code editor) is spawned as a child process, and environment variables like PATH, AWS_*, among others, are inherited by the child process from the parent process.

For specific last steps to have each product running in local please refer to Components page.

Editor

We highly recommend you use Visual Studio Code because most of the team uses it, and it works very well for our purpose.

To install it, refer back to the machine configuration

Now, you can open the universe directory, either using the File > Open Folder option in the menu or from a terminal

universe $ code .

You will probably see a popup to install the recommended extensions, please install them:

If you didn't see the popup, please go to the extensions tab (Ctrl+Shift+X), type @recommended, and install the recommended extensions for the workspace.

You can click on the small cloud button to the right of WORKSPACE RECOMMENDATIONS and to the left of the pencil to download them all at the same time:

You can test if everything works correctly by opening a JSON file, adding empty lines between elements, and then saving the file. The empty lines should be removed, and the keys sorted alphabetically. In other words, the file should be automatically formatted on save.

For further customization, you can install other extensions or open the settings with Ctrl+, to configure things like the font, font size, or theme. If you think an extension or setting can be useful to other developers, please add it to the workspace configuration.

Take into account that certain extensions or settings can prevent the environment from working. Feel free to ask for help in the engineering space on Google Workspace if something doesn't work.

First commit

You have almost finished the onboarding.

1. Read the Contributing section carefully.

2. Create a new issue following the onboarding template and assign it to you.

3. Create your local branch.

   • Branch name must be equal to Gitlab username.

4. All changes that you are going to upload must be from your branch.

5. Add your name, username and email to the .mailmap.

   Add your name in alphabetical order,

   Your Name <[email protected]> usernameatfluid <[email protected]>

6. Add your changes in Git.

7. Create a commit following the syntax.

8. Check if the commit message is valid, using Makes:

   universe $ m . /lintGitCommitMsg

9. Push your commit to the repository.

10. If the pipeline fails, you can see the logs of the failed jobs to get feedback about what went wrong.

11. When the pipeline succeeds, you can then proceed to create a Merge Request.

12. Once the Merge Request is approved and merged, and every other item in the issue is done, you can go ahead and close the issue.

Daily Progress Report

The daily progress report is sent when you want to track your daily tasks (issues), where you can communicate with your teammates about the progress of your work. Also, you can share difficulties or doubts you have.

The report should be filled out at the end of the day if you were not able to upload at least one commit to the production branch, that is, if you did not have a MR that was approved and merged.

We know that it is vital that you are aware of how to make a progress report, so here we show you how to do it.

First you have to access the progress report URL.

In the Progress type item, click on Standard. It will display other fields.

The following information to be filled in:

• Group: Here you have to click on the work team you are part of; in this case, click on Production.
• Talent: Corporate email of the person sending the report.
• Progress date: The date you send the report.
• Organization: The name of the company which is Fluid Attacks.
• Interested: The email address of your immediate supervisor who will receive your report.

To fill the report, you need to address three topics,

What did I do today?: Here you write your progress report for the day.

What will I do tomorrow?: You write what your next tasks will be.

I would need help with any difficulties: You write here if you are having trouble with something that is not allowing you to make progress, and the support you require to fix it.

When you have finished filling out this questionnaire, click on the Submit button, and this report will be sent to your immediate supervisor.