SonarLint Installation Guide:

Prerequisites:

• VSCode with Salesforce Extensions installed, configured and connected to both Azure DevOps and your ScratchOrg.

• A SonarCloud account (Free for public projects / ~$10mo for most Salesforce projects) - with a project set up which will be used for the SFDX code analysis, note the projectKey as it will be used in step 14.

Configuration Process:

1. Install the into VSCode, and restart VSCode

2. Open your VSCode project related to your ScratchOrg

3. Visit and log in using the Azure DevOps button.

The following is a sample settings.json file for reference:

Code Review Checklist

Overview:

This intent of this document is not to dictate or restrain how you write code, rather it’s intended to be a guide to help you write better code. The document starts with a short list of items to look for when conducting code reviews. The list below identifies, objectively, common programming faults and follies. The rest of this document goes into more detail on these “code smells” and provides some guidance as to how these problems can be avoided.

Rule of Thumb: “A code review should only judge the clarity and substance of the code – not the style.” It is important to note that we are not reviewing the style of coding, only whether that code violates best practices or potentially introduces performance or maintenance issues. To sum up, if the code can stand on its own (is understandable without explanation), there are no potential faults from performance or maintenance issues, and has proper unit tests - it should pass code review.

During code review

• Critique the code, not the coder

• Relate comments to standards, specs, performance etc.

• Avoid “Why didn’t you” and replace with “What was the reasoning behind the deviation of standards here..”

Reasons for Rejecting Code:

• Unit test code coverage doesn’t cover the code under review.

• Code doesn’t compile / doesn’t function as expected (smoke test).

• Code that doesn’t follow:

Overview / Guidelines

• Code should be reviewed before being made available to QA

• During development

  • Static code analysis should be run to ensure:

Code Smells Detail - warnings, something that should be reviewed in detail

• Consider using null object pattern instead of null checks

• If there is a comment above a variable or method that does a better job explaining the functionality of the variable or method name, consider changing the name of the variable or method to be more descriptive.

• NO magic numbers, magic strings,

Standardization: Follow standard naming and coding conventions

• Apex

Javascript:

• Leverage online tools for quickly checking code

• Avoid anonymous callback functions, especially nested anonymous callback functions, (which are not testable) and instead call public functions on the return of asynchronous code.

• use strict should be set

Items addressed by Human Code Review:

• Questions to ask

  • Did the method you modified become easier or harder to maintain after you added your changes?

DevOps Resources

• Salesforce DX Community Group

Architectural Design Patterns

Domain Layer - Domain Driven Design / Anti Monolith

It is desirable to segment the codebase into business domains that are not interdependent so that each business domain can evolve at its own rate and change can be isolated and changes moved to production independently.

In a microservices driven architecture there are significant advantages of ensuring that each microservice own the data that it interacts with and that no other microservice interacts with another's data directly. The net result allows microservice teams to evolve their codebase and underlying data structures/data stores with confidence that it will not impact any other part of the system.

Resources:

• Eric Evans -

• Andrew Fawcett -

Service Layer

Resources:

• Martin Fowler -

• Andrew Fawcett -

Selector Layer / CQRS

To help ensure queries are optimized, organized and reusable it may be important to implement a selector layer.

Resources:

• Andrew Fawcett - Video -

• Andrew Fawcett -

Canary Releases / AB Testing

To minimize impact to production users of new features and to allow for better understanding of user usage it may desirable to employ canary releases and AB testing functionality. Canary releases allow releasing into production functionality but control the audience impacted, for example starting with production test accounts to allow QA to validate functionality in production, then to a smaller portion of the userbase and then finally to the entire userbase. We desire AB testing to allow the business to perform trials of functionality to determine if yields the expected outcome.

Resources:

• Martin Fowler -

• Salesforce Maximizer Blog:

Service Registry / Discovery

Andrew Fawcett suggests using a factory pattern to resolve services in Salesforce, it would be ideal have Service Registry / Discovery implementation. Developing an approahc resolving services would be beneficial. (i.e. ideally not having a direct reference between a visual force or lightning component controller and the service(s) it consumes) Having the ability to switch out implementations, or have multiple implementations with different functionality running in parallel is desired (for example speech to text with both Salesforce Eintstein and Amazon services)

Resources:

• Service Registry -

Application Telemetry

Providing runtime analytics to SREs at the org enables detailed behavior understanding.

Resources:

• Event Monitoring - '

• Financial Times Approach -

• Using with LogStash - Plugin -