# Additional Resources

{% tabs %}
{% tab title="🔨Tools" %}

#### 📬  <mark style="color:yellow;">Developer Tools</mark>

{% endtab %}

{% tab title="CI / CD" %}

#### <mark style="color:yellow;">What are CI/CD tools?</mark>&#x20;

Open source CI/CD tools are developed to assist users in automating the procedures between a developer checking in code and releasing that code into production.&#x20;

With CI/CD approach, developers are able to discover defects or bottlenecks in their early stages to avoid integration and deployment issues caused by frequent source code commits

<figure><img src="https://lh6.googleusercontent.com/gPoQNwqOnZ61G2WZKZxJGsrOl3VwOShi0B9bNHUbFVvEf94JqIB3gQ6sS2FgpX4BkWK0xGCaRvXfUU8XUdR_IbrqKsqTgOZr4UvFpBE5e0IGLY4XJ8DuYYVQTRJkxYNgcnqKpzkpKNx1q5M6qXXlgxE" alt=""><figcaption><p>Diagrammatic representation of CI / CD</p></figcaption></figure>

[GitLab](https://docs.gitlab.com/ee/ci/) is an open-source CI/CD tool for managing several areas of the software development lifecycle. The core product is a web-based Git repository manager that includes features like issue tracking, analytics, and a Wiki.&#x20;

To use GitLab CI/CD, developers have to host the codebase in a Git repository and provide the scripts for building, testing, and deploying in a YAML file named “.gitlab-ci.yml” in the root directory. (NO)&#x20;

Github Actions / Dependabot are some examples of in-built Github ci/cd tools.
{% endtab %}

{% tab title="SAST" %}

#### <mark style="color:yellow;">What is SAST?</mark>

Static analysis tools (aka: Static application security tools - SAST) are carried out on a software product in a non-runtime environment.&#x20;

This means that it is unnecessary to execute a program for the analysis tool to debug the software.&#x20;

Code errors are hard to manually detect: Static analysis can find them quite easily, and with accuracy. &#x20;

It saves developers time as the tool pinpoints quality issues such as coding standard violations, programming errors, and security weaknesses before even running the program. [Read more](https://blog.codacy.com/what-are-static-analysis-tools/)

One of the best SAST tools - [SonarQube](https://www.sonarsource.com) and [this one](https://github.com/phpstan/phpstan) for PhP
{% endtab %}

{% tab title="Testing" %}

#### <mark style="color:yellow;">Testing</mark>

There are two main types of testing

* Integration tests
* Unit tests&#x20;

Creating documentation around these two helps define expectations around testing strategy that contributors must have done before adding a new feature.
{% endtab %}
{% endtabs %}

{% tabs %}
{% tab title="Resources" %}

#### 📊 <mark style="color:yellow;">Management Resources</mark>

{% endtab %}

{% tab title="Evalutation" %}

#### <mark style="color:yellow;">Process of Evaluation:</mark>&#x20;

These questions are pertaining to the changes submitted through Issues and Pull Requests since it is an open source project.&#x20;

How are these contributions from various developers going to be integrated into your project?&#x20;

These questions should ideally be outlined in your Contributing Guidelines file or Governance file or be present somewhere in your repository.&#x20;

* Who reviews it?&#x20;
* How often?&#x20;
* Who needs to sign off before it’s accepted?&#x20;
* When should a contributor expect to hear from you?&#x20;
* How can contributors get commit access, if at all?
  {% endtab %}

{% tab title="Governance" %}

#### <mark style="color:yellow;">Governance</mark>&#x20;

While creating a governance file, you will have to lay out how the project is expected to be governed. The two most important points to note while doing so are:&#x20;

* Do we want to hold office hours every week?&#x20;
* Do we want to publicly track who is (or isn’t) making contributions to the project?&#x20;

Documenting this information avoids the community perception that maintainers are a clique that makes its decisions privately.

You can view a sample governance file [here](https://github.com/DPGAlliance/DPG-Standard/blob/main/governance.md).&#x20;
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://digital-public-goods.gitbook.io/open-source/open-sourcing-your-project/additional-resources.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.