Onboarding

Welcome to the rodeo!

This document is designed to encompass onboarding for any engineers joining the VA.gov team. There are slight differences for contractors, USDS HQ, and VA employees, but we act as one team as much as possible, so the differences are minimal and we can all fit together in this document!

Logistics

• Get on Slack and added to at least #vfs-backend, #vfs-engineers, #vfs-all-teams, and any channel for project(s) you will be working on.

• Get added to the department-of-veterans-affairs GitHub organization by following these instructions on the Guidance for new teams and team members page. Filling out the Platform orientation template linked on that page will start the process of getting you added to the right teams in GitHub

  • USDS HQ folks should also be added to the US Digital Service HQ team.

  • DSVA folks should also be added to the Digital Service at VA team.

• If your team uses ZenHub, make sure you can see the VA.gov Zenhub board in order to do sprint planning.

  • You can also download the Zenhub Browser Extension to enable all of Zenhub's functionality within GitHub.

• Get added to all recurring (and non-recurring) meeting invites (it's easy for someone to forward the non-recurring version, so make sure you see future weeks on your calendar as well). These meeting invites include but may not be limited to:

  • Sprint planning

  • Stand-up

  • Retro

• Get your PIV card and onto the VA network as quickly as possible.

  • VA and USDS HQ employees, please talk to your buddy about this (if you don't have a buddy, please talk to your lead, who should help find you a buddy).

• If your team uses PagerDuty, ask a team member to add you.

Background/FAQ

• What is VA.gov ? VA.gov enables Veterans to discover, apply for, track, and manage the benefits they have earned.

• Why are we building VA.gov? Veterans should have a single place to go online that is easy to understand and use to access all their benefits. This may sound simple, and that's the beauty of it; all we are trying to do here is get Veterans access to the benefits they have earned.

• Need more motivation? Check out this blog post from 2016 about adding the Healthcare Application to VA.gov.

• To see the products on VA.gov and some background on them, go to the Performance Dashboard.

• Check out the https://depo-platform-documentation.scrollhelp.site/getting-started/vfs-product-directory to see all of the products we work on.

• How much traffic does VA.gov have? Or check out https://analytics.usa.gov/veterans-affairs/  and under Top Pages click "7 Days".

• If you need access to Google Analytics, follow these instructions. Once access is granted, log in at https://analytics.google.com to view more detailed breakdowns of site traffic.

• What is ID.me? ID.me is a FICAM-accredited federated identity provider, and one of only a handful of companies approved by NIST to identity proof at levels of assurance (LOA) up to 3 in accordance with the 800-63-x standards guidelines. For a great primer on levels of assurance, please see the FICAM use cases which do a great job of spelling it out. ID.me provides authentication for users attempting to access VA services through VA.gov; there is no "VA.gov account", as instead users log into ID.me, their credentials are passed through to VA.gov, and VA.gov uses this information to make additional requests for authorization within VA systems. ID.me is a Veteran-owned business in the DC area.

• What is happening to all the other VA websites that we are migrating functionality from? VA.gov is a place for Veterans to do things. Any content that is solely about the VA (such as leadership bios, organizational structure, or VA career opportunities) will continue to live on VA.gov. Other sites will have their presentation layer (what the Veteran sees) redirected to VA.gov. VA.gov will rely on APIs from many of these other sites for business logic and data, however, so we have to be careful with the language that we use; while Veterans will no longer directly log into these other sites, some of these sites are not "turning off" or "going away" from the VA business perspective. This nuance is very important while working on change management with VA stakeholders.

Technical background

• VA.gov runs in AWS GovCloud.

• A few technical diagrams (accurate at the time they were written, no longer guaranteed to be so) can be found in the devops repo.

• See https://depo-platform-documentation.scrollhelp.site/developer-docs/authorization-design-doc in the Backend developer documentation for background on design decisions.

Potential first actions

• Make sure you have read through the https://depo-platform-documentation.scrollhelp.site/developer-docs/backend-developer-documentation. The content here helps establish a shared language and documents a lot of the teams norms and culture.

• The vets-website repo is the entire front end of VA.gov; this is a good place to get your feet wet, as all projects will at least be linked in some way from a page in this repo.

  • Clone vets-website and get it running locally by following the README. If you want to test out full functionality (not just the front end), see the vets-api README to get the API running locally as well. You may also need (or want) to log in locally, which you can use this document to get instructions on how to do (those instructions are for staging, but the same user and steps, with a different URL, will work locally).

  • Create a branch and make a change (find a small unassigned ticket (likely will be in va.gov-team) or just fix a typo if you see any or if anything in the README is incomplete or unclear!).

  • Submit a PR (make sure the tests pass) and assign to another engineer to review. See https://depo-platform-documentation.scrollhelp.site/developer-docs/writing-small-prs document.

  • Your code will go to production with our daily 3PM deploy.

• Our tech stack (mostly) is an API (called vets-api) built with Rails and single page apps built with React (all in vets-website). Thus it would be valuable to know about both Rails and React. If you can't meet with your tech lead yet, don't know what to do with your time, and you aren't experienced with one of these, learning about them will be valuable. The Rails and React tutorials are decent (or just Google around or check out vets-website or vets-api!).

Sensitive information

You may work with PII/PHI as part of your work, and will undergo VA training that provides additional information.

• Reference the VA 6500 handbook⁵ and your training for additional details.

• When possible, work with the DevOps Support to provision a temporary instance within the VA security boundaries to download and process data that includes sensitive information.

• If you download sensitive information to your VA GFE, permanently remove it as soon as possible.

• Never work with sensitive information on any non-VA system.

• Encrypted VA email is the only appropriate means for communicating sensitive information within the VA.

Security Incident Response https://github.com/department-of-veterans-affairs/devops/blob/master/docs/Incident%20Response%20Playbook.md

Help and feedback

• Suggest content changes to this page.

• Submit new Platform Website content.

• Get help from the Platform Support Team in Slack.

• Submit a feature idea to the Platform.