CODE REVIEWWORDCAMP ST. LOUIS 2016
RYAN MARKELHELLO, WORLD!
CODE REVIEW
ABOUT ME
▸ I’m a (really) long-time WordPress user.
▸ I work at Automattic.
▸ On the WordPress.com VIP team.
▸ I can (kind of) code.
▸ With some help.
▸ On a good day.
OK; SO WHY DO YOU CARE SO MUCH ABOUT CODE REVIEW? AND WHY SHOULD I?
All of you, just now
CODE REVIEW
CODE REVIEW IS A WAY OF LIFE
WHAT IS WORDPRESS.COM VIP?
DIGRESSION:
CODE REVIEW
WORDPRESS.COM
▸ Largest single WordPress installation in the world
▸ Serving:
▸ 21.5 billion page views per month
▸ 55.8 million new posts per month
▸ Many millions of sites/blogs
CODE REVIEW
WORDPRESS.COM VIP
▸ Enterprise-level WordPress hosting
▸ On the WordPress.com infrastructure
▸ 2.5 billion page views per month
▸ 99.9976% uptime
▸ 349ms average response time
CODE REVIEW
WORDPRESS.COM VIP
▸ Sites run on WordPress.com sites, just like yours and mine
▸ Clients have a custom svn repository for their theme
▸ They commit changes to their theme directly to their directory on WordPress.com
▸ A problem with a WordPress.com VIP site can affect:
▸ Other VIP sites
▸ More of the WordPress.com network
WE REVIEW ALL CODE BEFORE DEPLOYING IT
WHY CODE REVIEW?1.
CODE REVIEW
WHY CODE REVIEW?
▸ Safe code
▸ Finding XSS, unescaped and unsanitized code
▸ Scalable code
▸ Smart queries, cached functions, DRY code
▸ Readable code
▸ Coding standards (whitespace, formatting, etc.)
▸ Learning!
WE DON’T […] REVIEW TO ADD MORE TIME TO OR DELAY YOUR LAUNCH SCHEDULES.
WordPress.com VIP
CODE REVIEW
WE DO […] CODE REVIEWS TO HELP YOU LAUNCH SUCCESSFULLY.
WordPress.com VIP
CODE REVIEW
WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE?
2.
CODE REVIEW
WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE?
▸ Validation, sanitizing, and escaping
▸ XSS in Javascript
▸ Uncached WordPress functions
▸ Smart fetching of remote data
▸ Terrifying queries that set databases on fire
▸ Best practices and WordPress coding standards
▸ Typos
HOW DO YOU DO CODE REVIEW?
3.
AUTOMATIC CODE REVIEW
CODE REVIEW
AUTOMATIC CODE REVIEW
▸ PHP CodeSniffer
▸ WordPress Coding Standards rules
▸ VIP Quickstart and/or VIP Scanner
▸ Continuous integration testing
▸ e.g., Travis
▸ WP Enforcer
MANUAL CODE REVIEW
THE WORDPRESS.COM VIP CODE REVIEW PROCESS
DIGRESSION:
THE “DEPLOY QUEUE”
(REDACTED)
CODE REVIEW
WORDPRESS.COM VIP CODE REVIEW PROCESS
▸ Client commits changes to repository
▸ Changeset displayed in a special view that contains:
▸ Commit itself (diff, revision #, repository data, etc.)
▸ Changelog entry for each revision
▸ Reviewer can either:
▸ Open a ticket to discuss the change and leave notes
▸ Deploy or revert as needed
CODE REVIEW
WORDPRESS.COM VIP CODE REVIEW PROCESS
▸ 9.5 million lines of code reviewed to date
▸ Over 144 thousand individual deploys
▸ Average time from commit to deploy (this includes review!) is around two hours
THAT’S COOL, BUT WHAT TOOLS CAN I USE TO ACCOMPLISH THE SAME?
You, just now again
CODE REVIEW
DO YOU USE GITHUB?
PULL REQUESTS ARE LIKE BUILT-IN CODE REVIEW OPPORTUNITIES
CALYPSODIGRESSION:
[CODE REVIEWS] HELP TO KEEP CODE QUALITY CONSISTENT,
Calypso Project Documentation
CODE REVIEW
THEY SPREAD OWNERSHIP OF THE CODE,
Calypso Project Documentation
CODE REVIEW
AND THEY HELP EVERY PERSON WORKING ON CALYPSO IMPROVE OVER TIME.
Calypso Project Documentation
CODE REVIEW
CODE REVIEW
CALYPSO
▸ Pull requests are peer reviews waiting to happen
▸ Stay positive - comment on the code, not the person
▸ Have a list of things to look for in code review
▸ Checklists are your friends
▸ When you are creating a pull request
▸ When you are reviewing and (hopefully) merging it
YOU NEED DOCUMENTATION
CODE REVIEW […] GREATLY INCREASED THE QUALITY OF OUR CODEBASE…
Andy Peatling, WordPress.com Developer Blog
CODE REVIEW
…AND HELPED EVERYONE LEVEL UP THEIR JAVASCRIPT SKILLS.
Andy Peatling, WordPress.com Developer Blog
CODE REVIEW
WAYS TO DO MANUAL CODE REVIEW
CODE REVIEW
MANUAL CODE REVIEW
▸ Github pull requests
▸ No one merges their own PR
▸ Use the comments! They are a great tool!
▸ Line number comments are fantastic
▸ If you don’t use Github or a similar tool
▸ Diff reviews (use a good text editor) - WordPress core!
MAKE IT PART OF YOUR TEAM CULTURE
WHAT IF I’M A SOLO DEVELOPER? WHAT DO I DO?
A few of you, maybe for the last few minutes
CODE REVIEW
SLEEP ON YOUR CODE
CODE REVIEW
SELF CODE-REVIEW
▸ Create pull requests or diffs of your own code and queue them up for review
▸ Don’t merge to master/production/head the same day if you can help it
▸ Clear your mental context between writing your code and reviewing your own code
▸ Use automatic code review tools to get you part of the way there
EVERYONE CAN DO CODE REVIEW
WHEN NOT TO DO CODE REVIEW
4.
NEVER
REVIEWED CODE IS BETTER CODE
THANK YOUWORDCAMP ST. LOUIS 2016
NO, REALLY; THANK YOU
RYANMARKEL.COM/WCSTL2016
▸ Download of these slides and my notes
▸ Links to the resources listed and quoted in this presentation
▸ Contact form so you can reach me if you have any questions
▸ Lots of blog posts that have nothing to do with code review, this talk, or really WordPress at all
Top Related