Post on 16-Apr-2017
CODE REVIEW
ABOUT ME
▸ I’m a (really) long-time WordPress user.
▸ I work at Automattic.
▸ On the WordPress.com VIP team.
▸ I can (kind of) code.
▸ With some help.
▸ On a good day.
OK; SO WHY DO YOU CARE SO MUCH ABOUT CODE REVIEW? AND WHY SHOULD I?
All of you, just now
CODE REVIEW
CODE REVIEW
WORDPRESS.COM
▸ Largest single WordPress installation in the world
▸ Serving:
▸ 21.5 billion page views per month
▸ 55.8 million new posts per month
▸ Many millions of sites/blogs
CODE REVIEW
WORDPRESS.COM VIP
▸ Enterprise-level WordPress hosting
▸ On the WordPress.com infrastructure
▸ 2.5 billion page views per month
▸ 99.9976% uptime
▸ 349ms average response time
CODE REVIEW
WORDPRESS.COM VIP
▸ Sites run on WordPress.com sites, just like yours and mine
▸ Clients have a custom svn repository for their theme
▸ They commit changes to their theme directly to their directory on WordPress.com
▸ A problem with a WordPress.com VIP site can affect:
▸ Other VIP sites
▸ More of the WordPress.com network
CODE REVIEW
WHY CODE REVIEW?
▸ Safe code
▸ Finding XSS, unescaped and unsanitized code
▸ Scalable code
▸ Smart queries, cached functions, DRY code
▸ Readable code
▸ Coding standards (whitespace, formatting, etc.)
▸ Learning!
WE DON’T […] REVIEW TO ADD MORE TIME TO OR DELAY YOUR LAUNCH SCHEDULES.
WordPress.com VIP
CODE REVIEW
CODE REVIEW
WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE?
▸ Validation, sanitizing, and escaping
▸ XSS in Javascript
▸ Uncached WordPress functions
▸ Smart fetching of remote data
▸ Terrifying queries that set databases on fire
▸ Best practices and WordPress coding standards
▸ Typos
CODE REVIEW
AUTOMATIC CODE REVIEW
▸ PHP CodeSniffer
▸ WordPress Coding Standards rules
▸ VIP Quickstart and/or VIP Scanner
▸ Continuous integration testing
▸ e.g., Travis
▸ WP Enforcer
CODE REVIEW
WORDPRESS.COM VIP CODE REVIEW PROCESS
▸ Client commits changes to repository
▸ Changeset displayed in a special view that contains:
▸ Commit itself (diff, revision #, repository data, etc.)
▸ Changelog entry for each revision
▸ Reviewer can either:
▸ Open a ticket to discuss the change and leave notes
▸ Deploy or revert as needed
CODE REVIEW
WORDPRESS.COM VIP CODE REVIEW PROCESS
▸ 9.5 million lines of code reviewed to date
▸ Over 144 thousand individual deploys
▸ Average time from commit to deploy (this includes review!) is around two hours
AND THEY HELP EVERY PERSON WORKING ON CALYPSO IMPROVE OVER TIME.
Calypso Project Documentation
CODE REVIEW
CODE REVIEW
CALYPSO
▸ Pull requests are peer reviews waiting to happen
▸ Stay positive - comment on the code, not the person
▸ Have a list of things to look for in code review
▸ Checklists are your friends
▸ When you are creating a pull request
▸ When you are reviewing and (hopefully) merging it
CODE REVIEW […] GREATLY INCREASED THE QUALITY OF OUR CODEBASE…
Andy Peatling, WordPress.com Developer Blog
CODE REVIEW
…AND HELPED EVERYONE LEVEL UP THEIR JAVASCRIPT SKILLS.
Andy Peatling, WordPress.com Developer Blog
CODE REVIEW
CODE REVIEW
MANUAL CODE REVIEW
▸ Github pull requests
▸ No one merges their own PR
▸ Use the comments! They are a great tool!
▸ Line number comments are fantastic
▸ If you don’t use Github or a similar tool
▸ Diff reviews (use a good text editor) - WordPress core!
WHAT IF I’M A SOLO DEVELOPER? WHAT DO I DO?
A few of you, maybe for the last few minutes
CODE REVIEW
CODE REVIEW
SELF CODE-REVIEW
▸ Create pull requests or diffs of your own code and queue them up for review
▸ Don’t merge to master/production/head the same day if you can help it
▸ Clear your mental context between writing your code and reviewing your own code
▸ Use automatic code review tools to get you part of the way there
NO, REALLY; THANK YOU
RYANMARKEL.COM/WCUS2016
▸ Download of these slides and my notes
▸ Links to the resources listed and quoted in this presentation
▸ Contact form so you can reach me if you have any questions
▸ Lots of blog posts that have nothing to do with code review, this talk, or really WordPress at all