feat(developer guides): create initial guides for hiring developers, …

[ScuffedNewt]

…getting hired, and working with multiple developers

addresses issue #20

[AW0005]

I feel like it might be good to summarize the two main ways that a developer can contribute to an existing site when hired under the "hiring a dev" section and what an owner needs to do help set that up. The two ways being pushing to a github vs pushing straight to the server.

[liwoyadan]

Agreeing with Moif; a short explanation between what the key differences are especially security-wise in terms of a developer having access to a shared repository vs a developer having direct access to one's webserver I think might be really beneficial, and probably emphasizing the importance of it given I've met a couple site owners who very quickly toss over SSH credentials because they think making a repository on Github is too much work but don't understand the security implications of doing that.

I do actually have a copy and paste message I wrote (...5 years ago now...) that has the steps outlined on how a site owner can create a private repository, push their code there, and invite a developer in as a collaborator in about ~6 steps that I can throw in if that's also helpful? Though I'm not sure if that's more useful on these pages or on a more general page since hiring a dev isn't the only situation you'd create a private repo for. (thinking emoji)

[ScuffedNewt]

Good idea, I did briefly mention it but yes I do think it's a good investment to make sure people are clear especially hearing your example of people handing over SSH keys willy nilly min

If you'd like to send that paragraph sure, otherwise I'll try cook something up myself!

We could also stick it in a general page, I'll mull it over where best to go

[liwoyadan]

My copy and paste (slightly edited to be more general and not have my email) is:

To set up the private repository on Github, you would need to first have an account on https://github.com and:

1. Once logged in, hit the + button on the upper right corner and select 'New repository'
2. You can name the repository whatever you'd like (most commonly named either the site's name or similar i.e. lk-speciesname), set it to private, and then hit Create repository (you don't need to fiddle with the other settings there)
3. You will then be shown a copyable URL in the "Quick setup" box, it should look something like https://github.com/username/repository-name.git; you will want to copy this URL
4. On the Sourcetree program (or other similar git gui) hit Settings and, just like adding your site's webserver as a remote as detailed in initial setup guides, add the URL you were given as a remote - you can name this remote something like github-repo
5. Once added you can hit the Push button, select the new remote you added with whatever you've named it, and hit push to push all of your local site files to the repository. After this, you can refresh your repository's page on Github and see that all the files are now there!
6. Afterwards, hit Settings on the repository's links at the top and then Collaborators under the subtitle Access; there you will be able to select 'Add people' and can either input the email or Github username of the developer you'd like to add to this private repository as a collaborator. They will receive an email invitation to join!

⭐ During step 5 Sourcetree may prompt you for extra authentication to verify your Github account and that you can access the private repository; it usually tells you what is needed (like a personal access token, sometimes you can just input your account's credentials) and this can generally be googled for a tutorial on setting it up. If you decide to go the PAT (personal access token) route, you can find Github's own information on how to do so here; if using a classic PAT you can input it directly into your repository remote's URL on Sourcetree, i.e. if your PAT is ghp_12345678910, you can add it into the URL after the https:// with an additional @ before the remainder of the remote URL like https://ghp_12345678910@github.com/username/repository-name.git which will allow you to access the private repository with the permissions you set on the token on creation.

[itinerare]

Oh, yeah, definitely nthing that. Honestly, I think regardless of how we structure the info that we should push it more as the recommended way of handling collaboration? And recommend fairly strongly against just handing over SSH credentials.

[itinerare]

This is thoughtful, but I think fine to omit-- and keeps the docs cleaner. At the end of the day, it's a group effort anyhow!

[itinerare]

I think it might work better to move the last couple sentences from the prior section here and tweak it to be a bit more formal; something like...

Suggested change

	The purpose of this document is manifold.
	Having and upholding a ToS is so important that we strongly caution against working with anyone who does not have one, or who refuses to agree to yours. As a thorough ToS is so vital, the following section outlines what it should accomplish in this context and provides some recommendations.

[itinerare]

This should probably be moved from a callout back to plain text... I'm not sure it needs to be in one, but perhaps more importantly, the one after it is really important and shouldn't be "upstaged", if that makes sense.

[itinerare]

Suggested change

	Be extremely cautious when hiring developers from third party platforms. Ensure the developer has relevant experience. We personally DO NOT recommend hiring developers without prior Lorekeeper experience, as the learning curve can be steep.
	Be extremely cautious when hiring developers from third party platforms. Ensure the developer has relevant experience. We personally **do not** recommend hiring developers without prior Lorekeeper experience, as the learning curve can be steep.

Formatting nitpick here, but the message is solid.

[itinerare]

Suggested change

	These are written in absolutes, but they are just guidelines to help you and your hired devs work effectively together. Feel free to use as many or as little as you like, whatever works best for your team!
	These are written in absolutes, but they are just guidelines to help you and your hired developers work effectively together. Feel free to use as many or as little as you like, whatever works best for your team!

[itinerare]

Maybe server/live site? To be clearer... I'm not sure this is the best way to go about it, but I think it's worth a little additional specificity.

[itinerare]

Tweaks for formality/formatting nitpicks...

Suggested change

	Most Lorekeeper projects will have at least two environments, it's good to at least be familiar with the concepts:
	Most Lorekeeper projects will have at least two environments that work occurs in. It's a good idea to familiarize yourself with them and what they're called:
	- Local / Dev — each developer works on their own machine.
	- Staging / QA / Testing — a shared testing environment. Many sites **will not** have a staging environment.
	- Production / Live — the site your users see and interact with.

[itinerare]

I think it'd be good to add a little segue here...

Suggested change

	### **For the Developers:**
	### **For Developers:**
	The following are some best-practice recommendations for how work on a given project should go. As above, these are written in absolutes, but are ultimately just guidelines. Nonetheless, they are recommended for very good reasons!

[itinerare]

Suggested change

	- All work happens in a hosted repository (e.g. GitHub), NOT the live site.
	- All work happens in a hosted repository (e.g. GitHub), **not** the live site.

[itinerare]

Formatting nitpick, but also I think it's a good idea to clarify what this means...

Suggested change

	- Nothing goes straight to “live”. NEVER MODIFY CODE DIRECTLY ON LIVE.
	- **Never send un-reviewed, untested changes directly to a live site**.

[itinerare]

This is a really good point!!

[itinerare]

Suggested change

	- Definition of Done = works as described, tested, and documented. Make sure you ask for clarification if something is unclear.
	- Something is considered "done" when it works as described, is tested, and is documented. Make sure you ask for clarification if something is unclear.

[itinerare]

Personally, I also use develop (in a site context, so != core's branch) as what staging pulls from (as I use deploy workflows, so whatever goes to main goes to live); this suggestion is made with that in mind, but feel free to disregard if consensus isn't that that's a sound recommendation to make more broadly.

Suggested change

	`dev` — integration branch if lots of parallel work.
	`dev` — integration branch, especially if there is a lot of parallel work or you have a staging environment.

[itinerare]

Umpteen comments notwithstanding, really good work on the whole thus far; thank you for taking the time to put this together!