How to review code
Tone and good-nature culture
- Accept that many programming decisions are opinions. Discuss tradeoffs, which you prefer, and reach a resolution quickly.
- Ask questions; don't make demands. ("What do you think about naming thisÂ
:user_id
?")
- Ask for clarification. ("I didn't understand. Can you clarify?")
- Avoid selective ownership of code. ("mine", "not mine", "yours")
- Avoid using terms that could be seen as referring to personal traits. ("dumb", "stupid"). Assume everyone is attractive, intelligent, and well-meaning.
- Be explicit. Remember people don't always understand your intentions online.
- Be humble. ("I'm not sure - let's look it up.")
- Don't use hyperbole. ("always", "never", "endlessly", "nothing")
- Be careful about the use of sarcasm. Everything we do is public; what seems like good-natured ribbing to you and a long-time colleague might come off as mean and unwelcoming to a person new to the project.
- Consider one-on-one chats or video calls if there are too many "I didn't understand" or "Alternative solution:" comments. Post a follow-up comment summarizing one-on-one discussion.
- If you ask a question to a specific person, always start the comment by mentioning them; this will ensure they see it if their notification level is set to "mentioned" and other people will understand they don't have to respond.
Reviewee
Please keep in mind that code review is a process that can take multiple iterations, and reviewers may spot things later that they may not have seen the first time.
- The first reviewer of your code is you. Before you perform that first push of your shiny new branch, read through the entire diff. Does it make sense? Did you include something unrelated to the overall purpose of the changes? Did you forget to remove any debugging code?
- Be grateful for the reviewer's suggestions. ("Good call. I'll make that change.")
- Don't take it personally. The review is of the code, not of you.
- Explain why the code exists. ("It's like that because of these reasons. Would it be more clear if I rename this class/file/method/variable?")
- Extract unrelated changes and refactorings into future merge requests/issues.
- Seek to understand the reviewer's perspective.
- Try to respond to every comment.
- Let the reviewer select the "Resolve discussion" buttons.
- Push commits based on earlier rounds of feedback as isolated commits to the branch. Do not squash until the branch is ready to merge. Reviewers should be able to read individual updates based on their earlier feedback.
Reviewer
Understand why the change is necessary (fixes a bug, improves the user experience, refactors the existing code). Then:
- Try to be thorough in your reviews to reduce the number of iterations.
- Communicate which ideas you feel strongly about and those you don't.
- Identify ways to simplify the code while still solving the problem.
- Offer alternative implementations, but assume the author already considered them. ("What do you think about using a custom validator here?")
- Seek to understand the author's perspective.
- If you don't understand a piece of code, say so. There's a good chance someone else would be confused by it as well.
- After a round of line notes, it can be helpful to post a summary note such as "LGTM :thumbsup:", or "Just a couple things to address."
- Consider using the Squash and merge feature when the merge request has a lot of commits.
The right balance
One of the most difficult things during code review is finding the right balance in how deep the reviewer can interfere with the code created by a reviewee.
- Learning how to find the right balance takes time; that is why we have reviewers that become maintainers after some time spent on reviewing merge requests.
- Finding bugs and improving code style is important, but thinking about good design is important as well. Building abstractions and good design is what makes it possible to hide complexity and makes future changes easier.
- Asking the reviewee to change the design sometimes means the complete rewrite of the contributed code. It's usually a good idea to ask another maintainer or reviewer before doing it, but have the courage to do it when you believe it is important.
- There is a difference in doing things right and doing things right now. Ideally, we should do the former, but in the real world we need the latter as well. A good example is a security fix which should be released as soon as possible. Asking the reviewee to do the major refactoring in the merge request that is an urgent fix should be avoided.
- Doing things well today is usually better than doing something perfectly tomorrow. Shipping a kludge today is usually worse than doing something well tomorrow. When you are not able to find the right balance, ask other people about their opinion.
Code quality reminders
Areas of the code quality we value:
•
Naming - names are clear, concise, and follow domain and language terminology.
•
Separation of concerns - ability to separate code into logical units: methods, classes, files, modules, components.
•
Code organization - ability to logically organize units in libraries, by domain, by layer, etc.
•
Readability - writing code which can be understood by others. Clarity over smartness.
•
Maintainability - writes code that is possible to support, refactor and expand with future requirements.
•
Efficiency - code is performing up to the required task and SLAs. Does not mean premature or over-optimization over readability.
•
Reliability and robustness - writing code capable of handling errors, unexpected situations and performing under load.
•
Commits quality - atomic with clear descriptions and organization.
•
Scalability - writing code which can be scaled to larger than expected loads.
•
Security - Keeps security in mind in all aspects of software creation and social interactions in order to build solid software and avoid leaks of any type.
•
Testing - Delivers code that has the necessary test coverage. Chooses the correct testing methodology, gets maximum results with minimal effort, tests are easy to read and maintain.
•
Documentation of the public APIs
• Following the codingÂ
best practices (company or language-specific)
• UsingÂ
appropriate tools and technologies