Automation analysis

[simchavos]

I'm researching automation maturity, and have investigated your repository and looked at the GitHub workflows and Maven plugins you are using! I'll give you a quick summary of what I found, and the automation tasks I recommend you to focus on next (:

Level of maturity	Basic	Intermediate	Advanced
Collaboration	‎ ✅ Completed this level!
	✔️ Generate documentation from source code ✔️ Prepare or create documentation artifacts	❌ Commit validation ❌ Bot commits	❌ Publish documentation ❌ Issues or PRs management
Code quality	‎ ✅ Completed this level!
	✔️ Run tests	✔️ Test coverage and validity ✔️ Static code style analysis ❌ Generate test reports ❌ Automatic code formatting ❌ Static code quality analysis	✔️ Verify packaging correctness ✔️ Sign artifacts ✔️ License checks ❌ Vulnerability scans
Development	‎ ⚠️ Still working on this level!
	✔️ Build environment configuration ❌ Package management	✔️ Build files configuration	✔️ Optimization
Artifacts	‎ ⚠️ Still working on this level!
	✔️ Code compilation ✔️ Dependency management of artifact ❌ Source code version control	✔️ Build tasks, resources and configuration ✔️ Packaging ✔️ Generate source and metadata artifacts ✔️ Release tagging ✔️ Publish artifacts to a registry	❌ Generate release notes ❌ Containerization ❌ Push container to remote

And now? Next steps!

It is not always clear which automation tasks should be prioritized. It is however important to balance your automation efforts, as a uniform level of maturity is most productive. I'm here to help! Below is a list of tasks that you can work on to help level up your maturity across the automation domains:

• Implement Package management; implemented by 36% of GitHub repositories
• Implement Source code version control; implemented by 4% of GitHub repositories

What do you think?

Do you think my analysis is correct and do these recommendations help you? Or have I missed something?

For my master's thesis I'm doing research into the use of automations in GitHub repositories. With my findings, I want to see if I can help out developers with what automations they could focus on. Do you want to help me out? Leaving a response is much appreciated!

[grgrzybek]

Thank you very much @simchavos for your effort!

This looks really amazing and helpful. I can imagine your analysis being an important part of project governance to check health of a project and keep track of automation.

Splitting the governance into areas (quality, collaboration, ...) and maturity levels sounds very professional - it looks like a really good design.

I like the idea of this kind of report with links to explanations of given items - users could decide whether they need given item or can lower its priority.

In this particular case you have to mind that Pax Web project is rather niche project for very mature, but little innovative OSGi technology. While OSGi itself doesn't make your analysis less relevant, it impacts the way the project is being developed (or rather maintained at this stage).

There are really few people in the world that maintain this project (just look at https://github.com/ops4j/org.ops4j.pax.web/graphs/contributors) and we rather do it in our spare time, so by definition we rather use intuition (and experience) instead of strict governance procedures. So while I don't see any reasons to not use your analysis and suggestion, I feel it may be more useful for projects with a bit more active contributors.

Now one particular question - I don't quite understand Package Management item - Pax Web is a Maven project so I feel this item is enabled. Or do you rather mean that package management should be used in addition - like some build/test/ci scripts should use another package management solution for running tests for example?

Anyway - great work and I wish you success with this idea ;)