[doc] Add documentation section about quality assurance

evilaliv3 · evilaliv3 · commit 972042e3896d · 2025-03-09T14:49:06.000+01:00
diff --git a/README.md b/README.md
@@ -22,11 +22,11 @@ The software is recognized by the [Digital Public Good Alliance](https://digital
 ## Project Best Practices and Scores
 | Metric | Score
 | :---- | :---- |
-| [OpenSSF Scorecard](https://scorecard.dev/) | [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/globaleaks/globaleaks-whistleblowing-software/badge)](https://scorecard.dev/viewer/?uri=github.com/globaleaks/globaleaks-whistleblowing-software)
-| [OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/) | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3816/badge)](https://bestpractices.coreinfrastructure.org/projects/3816)
 | [MDN HTTP Observatory](https://developer.mozilla.org/en-US/observatory/analyze?host=try.globaleaks.org) | ![Status](https://img.shields.io/badge/observatory-A%2B-brightgreen)
 | [Security Headers](https://securityheaders.com/?q=https%3A%2F%2Ftry.globaleaks.org%2F) | ![Status](https://img.shields.io/badge/security%20headers-A%2B-brightgreen)
 | [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org) | [![Status](https://img.shields.io/static/v1?label=SSLLabs&message=A%2B&color=%3CCOLOR%3E)](https://www.ssllabs.com/ssltest/analyze.html?d=try.globaleaks.org&latest)
+| [OpenSSF Scorecard](https://scorecard.dev/) | [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/globaleaks/globaleaks-whistleblowing-software/badge)](https://scorecard.dev/viewer/?uri=github.com/globaleaks/globaleaks-whistleblowing-software)
+| [OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/) | [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3816/badge)](https://bestpractices.coreinfrastructure.org/projects/3816)
 
 Project statistics on OpenHub: [www.openhub.net/p/globaleaks](https://www.openhub.net/p/globaleaks)
 
diff --git a/documentation/index.rst b/documentation/index.rst
@@ -10,3 +10,4 @@ Documentation
   user/index.rst
   developer/index.rst
   roadmap/index.rst
+  qualityassurance/index.rst
diff --git a/documentation/qualityassurance/badges.rst b/documentation/qualityassurance/badges.rst
@@ -0,0 +1,55 @@
+.. only:: html
+
+   +---------------------------+-------------------------------------------------------------+
+   | **Metric**                | **Score**                                                   |
+   +---------------------------+-------------------------------------------------------------+
+   | Build Status              | |build-stable|                                              |
+   +---------------------------+-------------------------------------------------------------+
+   | Tests Status              | |tests-stable|                                              |
+   +---------------------------+-------------------------------------------------------------+
+   | Tests Coverage            | |coverage-stable|                                           |
+   +---------------------------+-------------------------------------------------------------+
+   | Code Quality              | |quality-stable|                                            |
+   +---------------------------+-------------------------------------------------------------+
+   | Documentation             | |docs-stable|                                               |
+   +---------------------------+-------------------------------------------------------------+
+   | MDN HTTP Observatory      | |mdn-http-observatory|                                      |
+   +---------------------------+-------------------------------------------------------------+
+   | Security Headers          | |security-headers|                                          |
+   +---------------------------+-------------------------------------------------------------+
+   | SSLLabs                   | |ssllabs-status|                                            |
+   +---------------------------+-------------------------------------------------------------+
+   | OpenSSF Scorecard         | |ossf-scorecard|                                            |
+   +---------------------------+-------------------------------------------------------------+
+   | OpenSSF Best Practices    | |ossf-best-practices|                                       |
+   +---------------------------+-------------------------------------------------------------+
+
+.. |build-stable| image:: https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml/badge.svg?branch=stable
+   :target: https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml?query=branch%3Astable
+
+.. |tests-stable| image:: https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/tests.yml/badge.svg?branch=stable
+   :target: https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/tests.yml?query=branch%3Astable
+
+.. |coverage-stable| image:: https://app.codacy.com/project/badge/Coverage/c09f1ec9607f4546924d19798a98dd7d?branch=stable
+   :target: https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard
+
+.. |quality-stable| image:: https://app.codacy.com/project/badge/Grade/c09f1ec9607f4546924d19798a98dd7d?branch=stable
+   :target: https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard
+
+.. |docs-stable| image:: https://readthedocs.org/projects/globaleaks/badge/?version=stable&style=flat
+   :target: https://docs.globaleaks.org/en/stable/
+
+.. |mdn-http-observatory| image:: https://img.shields.io/badge/observatory-A%2B-brightgreen
+   :target: https://developer.mozilla.org/en-US/observatory/analyze?host=demo.globaleaks.org
+
+.. |security-headers| image:: https://img.shields.io/badge/security%20headers-A%2B-brightgreen
+   :target: https://securityheaders.com/?q=https%3A%2F%2Fdemo.globaleaks.org%2F
+
+.. |ssllabs-status| image:: https://img.shields.io/static/v1?label=SSLLabs&message=A%2B&color=%3CCOLOR%3E
+   :target: https://www.ssllabs.com/ssltest/analyze.html?d=demo.globaleaks.org&latest
+
+.. |ossf-scorecard| image:: https://api.scorecard.dev/projects/github.com/globaleaks/globaleaks-whistleblowing-software/badge
+   :target: https://scorecard.dev/viewer/?uri=github.com/globaleaks/globaleaks-whistleblowing-software
+
+.. |ossf-best-practices| image:: https://bestpractices.coreinfrastructure.org/projects/3816/badge
+   :target: https://bestpractices.coreinfrastructure.org/projects/3816
diff --git a/documentation/qualityassurance/index.rst b/documentation/qualityassurance/index.rst
@@ -0,0 +1,40 @@
+Quality Assurance
+=================
+The development of GlobaLeaks maintains rigorous software quality standards through a comprehensive Quality Assurance (QA) process, ensuring the platform remains robust, secure, and of the highest quality.
+
+.. include:: badges.rst
+
+**Code Review Process**
+To ensure high code quality and maintain the integrity of the project, GlobaLeaks enforces mandatory code reviews for all its contributions. Code reviews play a key role in maintaining consistency, identifying potential issues early, and promoting best practices. Every submitted pull request undergoes peer review by the GlobaLeaks maintainers and community where the code is scrutinized for clarity, adherence to project guidelines, potential security vulnerabilities, and performance optimizations. Reviewers provide feedback and suggestions, and the author of the PR is responsible for addressing any concerns raised. Once feedback is incorporated, the code is re-reviewed by the maintainers, and upon approval, the PR is merged into the main codebase. This collaborative process helps catch issues before they are deployed, ensuring that only high-quality, well-tested code is integrated into the project.
+
+For more details on this matter, you could check the `CONTRIBUTINGhttps://github.com/globaleaks/globaleaks-whistleblowing-software/blob/stable/CONTRIBUTING.md`_ guidelines.
+
+**Automated Testing and Code Coverage**
+
+The development methodology includes an extensive suite of automated tests, covering unit tests, integration tests, and end-to-end tests to ensure correctness and prevent regressions. The code coverage consistently exceeds 90%, ensuring that the majority of the codebase is tested. Test execution is automated through Continuous Integration (CI), which ensures that any untested or faulty code is quickly identified, preventing it from being merged into the main codebase.
+
+For more details on test coverage, you can view the `Test Coverage on Codacy <https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard>`_ and `Test Status on GitHub <https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/tests.yml?query=branch%3Astable>`_.
+
+**Code Quality Assurance**
+
+Code quality is maintained through a combination of static code analysis, automated linters, and mandatory code reviews. Static analysis tools identify potential vulnerabilities, performance bottlenecks, and violations of best practices, while linters ensure code consistency and readability. Code reviews are required for all pull requests, helping maintain high standards and reducing the chance of introducing errors.
+
+For more details on code quality, refer to the `Code Quality Dashboard on Codacy <https://app.codacy.com/gh/globaleaks/globaleaks-whistleblowing-software/dashboard>`_.
+
+**Continuous Integration and Deployment**
+
+Every commit and pull request is automatically tested using CI/CD pipelines, ensuring that faulty or untested code is not merged. Security scans and dependency checks are also automated as part of the CI process, helping identify potential security vulnerabilities or issues with third-party libraries. Before deployment, releases undergo pre-production testing to ensure stability.
+
+You can view the `Build Status on GitHub <https://github.com/globaleaks/globaleaks-whistleblowing-software/actions/workflows/build.yml?query=branch%3Astable>`_.
+
+**Performance and Security Testing**
+
+The project undergoes load and stress testing to simulate real-world usage scenarios and ensure it can handle high traffic. Security best practices are enforced through regular security audits and penetration testing, identifying vulnerabilities before they can be exploited. This ensures the system is both performant and secure.
+
+For further information, check the evaluations by `Probely Security Header <https://securityheaders.com/?q=https%3A%2F%2Fdemo.globaleaks.org%2F>`_, `MDN HTTP Observatory <https://developer.mozilla.org/en-US/observatory/analyze?host=demo.globaleaks.org>`_ and `Qualys SSL Labs <https://www.ssllabs.com/ssltest/analyze.html?d=demo.globaleaks.org>`_.
+
+**Project Best Practices**
+
+The project adheres to OpenSSF best practices, which focus on improving the security of both the development and deployment processes. The OpenSSF Scorecard evaluates various security practices such as vulnerability management, dependency updates, and code quality, ensuring the project meets industry standards. Additionally, the project complies with the Core Infrastructure Initiative (CII) Best Practices, which further enhances its security and overall software quality by addressing areas like code review, testing, and documentation.
+
+You can view the `OpenSSF Scorecard <https://scorecard.dev/viewer/?uri=github.com/globaleaks/globaleaks-whistleblowing-software>`_ and `CII Best Practices <https://bestpractices.coreinfrastructure.org/projects/3816>`_.
