Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to write a safe and reliable Open Source L...

How to write a safe and reliable Open Source Library

You’ve written some code, and you’d like to release it as Open Source. Congratulations!

Publishing an Open Source library goes beyond just releasing your code on Github. New users with different use cases means preparing for the unpredictable. How do you ensure your code is safe and efficient? Is your code easy to read? Do you have a plan for upgrades in the future?

This talk will look at best practices and showcase a checklist to follow when writing and publishing an Open Source Library, from the documentation to ensuring your library works as intended and doesn’t break applications using it.

Xavier Gouchet

April 22, 2022
Tweet

More Decks by Xavier Gouchet

Other Decks in Programming

Transcript

  1. 3

  2. Repository statistics - 2400+ commits - 3 developers - 20+

    contributors - (internal and community) - 30 published versions - 10 libraries 6
  3. Reliability is key 8 ▪ Library lives in hundreds apps…

    ▪ … deployed on thousands devices
  4. Ensure the code is safe 9 ▪ objective zero crash

    ▫ Static Analysis ▫ Code review ▫ *-tests ▪ Real life use cases
  5. Static analysis (Detekt) ▪ Forbid throwing exceptions ▪ Forbid specific

    Kotlin syntax ▫ check ▫ require ▫ !! ▪ List all third party methods throwing exceptions 10
  6. Mandatory Code Review ▪ Notice potential issues early ▪ Increase

    readability ▪ Generate discussion ▫ Data structure ▫ Design Patterns ▫ Third party libraries 11
  7. Unit/Integration/End-to-end Testing ▪ Strict policy on the coverage ▪ Deal

    with flaky test ASAP ▪ Stay confident in our tests 13
  8. Real life use cases ▪ Dogfooding in our own apps

    ▪ Regular tests using OSS apps ▫ Wikipedia ▫ Reddit client ▫ HackerNews client 14
  9. Respect privacy 15 ▪ Leverage Sandbox storage / Cache ▪

    Add GDPR option ▪ Write doc about Data Collection
  10. Limit library performance impact 17 ▪ Offload heavy computation to

    background threads/workers ▪ Track Memory Leaks
  11. Monitor library overhead 18 ▪ Compute the impact of the

    library on ▫ CPU ▫ Memory ▫ Network ▫ …
  12. Opt-in or opt-out by default 21 ▪ Balance between “it

    works out of the box” and “it doesn’t do anything that I don’t know of” ▪ Onboarding should work in 15 minutes
  13. Every thing can be configured ▪ Allow enabling/disabling individual features

    ▪ Allow tweaking sampling rates, thresholds, … 22
  14. Use sensible defaults 23 ▪ New customers don’t need to

    configure everything right now… ▪ … or ever
  15. Communicate ▪ Log any actionable “issue” ▫ configuration error ▫

    feature misuse ▫ key internal events ▪ Add actions or documentation links in the message ▪ Provide information about what the library is doing 24
  16. Keep track of API surface 26 ▪ Prevent any API

    breaking change ▪ Provide new option but keep the old ones working ▫ with @Deprecated ▫ with a LogCat log ▪ Provide migration guide
  17. Monitor dependencies $ ./gradlew :my-lib:dependencies releaseRuntimeClasspath +- project :my-lib |

    +- org.jetbrains.kotlin:kotlin-stdlib:1.3.61 | +- com.example.something:core-lib:1.2.0 | | \- org.jetbrains.kotlin:kotlin-stdlib:1.3.61 → 1.5.31 (*) 28
  18. Monitor dependencies $ ./gradlew :my-lib:dependencies releaseRuntimeClasspath +- project :my-lib |

    +- org.jetbrains.kotlin:kotlin-stdlib:1.5.31 | +- com.example.something:core-lib:1.2.0 | | \- org.jetbrains.kotlin:kotlin-stdlib:1.3.61 → 1.5.31 (*) 29
  19. Kotlin Opt-in annotations 31 @RequiresOptIn(message = "This API is experimental.")

    @Retention(AnnotationRetention.BINARY) @Target(AnnotationTarget.CLASS, AnnotationTarget.FUNCTION) annotation class MyCustomOptIn
  20. Why an Open Source Library 35 ▪ It lives within

    our customer’s code ▫ Readable ▫ Editable ▪ Allows direct contribution ▪ Keeps the engineering team closer to our users ▪ We also use Open Source every day
  21. Contributing.md 36 ▪ Developer environment (IDE, tools, …) ▪ How

    to build and run the code ▪ How to run the tests / static analysis ▪ How to contribute ▫ Issues ▫ PRs ▪ Coding conventions
  22. PR & Issue templates 37 ▪ Dedicated files ▫ .github/ISSUE_TEMPLATE/bug.md

    ▫ .github/PULL_REQUEST_TEMPLATE.md ▪ Custom checklist for everyone
  23. LICENSE 38 ▪ Use an existing license ▫ https://choosealicense.com/ ▪

    Apache / MIT ▫ Compatible with your dependencies
  24. build.gradle[.kts] 41 android { minSDK = 19 targetSdk = 31

    defaultConfig { aarMetadata { minCompileSdk = 29 } } }
  25. Keep an Open Mindset 45 ▪ Every mistake is a

    lesson ▪ Look at other Open Source Libraries
  26. CREDITS Special thanks to all the people who made and

    released these awesome resources for free: ▪ Presentation template by SlidesCarnival ▪ Photographs by Unsplash 47