Index
What is code-review?
After you submit a pull request then there will be someone from the senior development team who will review(or maybe test) your code before merging it to development or master branch.
Code review helps us identify the wrongs before it gets to master code base or get published to a production site. It could be programming-wise or business logic wise. For programming related mistakes there are tools using which one can enforce best practices and for the other, we need to have a person who has an understanding about the flow of the system. The last one can't be automated(at the moment).
Why would you want to automate it?
There are lots of reason to automate your tasks. Like following.
- More free time on work ๐
- It will give you time to focus on more concerning problems
- Higher accuracy than human
- It's a Reliable system to prevent the buggy code to reach production
- ...and much more
It's not like we are completely removing human intervention in the code review process. In fact, Technology will play helping hand in this review process for a senior developer(or a code reviewer).
How can you automate it?
In this tutorial, We will be using sonarqube. Sonarcube is code quality checker which can be hosted on-premise it also has an inbuilt web interface to show the bugs and code sniffs. Sonarqube is an on-premise version which you can download and install on a machine on LAN. on top of that there is a community edition of sonarqube which is free and open source. yay!!
Sonarcloud is the cloud version of the same service and it's free for public repo so we are going to use that.
For the demo purposes, I will be using this repo https://github.com/vasani-arpit/sonarcloud-tutorial which has some intentional mistakes.
Steps
- Go to sonarcloud and sign in with Github
- after authentication is done, click on โ on the top and select analyze new project
- Next, Import your GitHub repo using "Choose an organization on Github button"
- Click on "Bind to an existing SonarCloud organization" and then "Bind Organization" button
- Select/check the repo you want to analyze from the list and click on set up
-
Now go back to your repo and add a file at root level as following and save it as .sonarcloud.properties
# Path to sources sonar.sources=.
push your commit. Sonar cloud will automatically pick up your code and start analyzing the repo.
once the analysis is complete you should see something like following
It is a public project. you can see it on https://sonarcloud.io/dashboard?id=vasani-arpit_sonarcloud-tutorial as well.
It says there is one bug let's see what that is.
as you can see if
and else
block of the code is the same so sonar suggesting me to remove the condition because there is no point in having it. It also tells how much time it will take to resolve this bug. So, Next time when you have an existing project to refactor then pass it through sonarcloud and tell exact efforts needed for reactor so your PM won't ask you every day for the update. ๐
Now, This is something my IDE/compiler won't catch because it only checks for the syntax.
Conclusion
by Partially automating the code-review task you can have better results which human eye can miss. If you like pair-programming then sonarqube/sonarcloud can be your pair-reviewer. ๐
On a serious note, If you are in domain/organization in which you can't put your code on the cloud then you can setup sonarqube (instead of sonarcloud) on your local machine and automate your PR reviews.
Top comments (5)
Great article, even if "automating code-reviews" is a bold statement.
For me stuff like code quality checks or using the correct coding conventions is more part of the CI process than the actual code review.
However, things like that should absolutely be automated because nobody wants to spend precious developer resources on things that easily can be automated ;-)
Thanks
Yes. It is just an quality checks and CI process.
and for the title, I had to come up with something newbie friendly ๐คทโโ๏ธ
Static code analysis (e.g. sonarqube, checkstyle, spotbugs, PVS Studio, linters, ...) is not the same as code review. If it is, then you are doing code review wrong.
In a code review you review if the code does what it is mean to do, in a proper way. Unless you have a formal specifications and model checkers it is not something you can automate. That's why we still do it by hand (besides the fact that you also learn by reading code).
Hey, @arpitvasani ๐ , a great piece of content.๐
Did you check out DeepSource?
It is an automated code review tool with the simplest configuration - which only takes a couple of minutes to setup. It has an Autofix feature that lets you fix code quality issues by automatically creating PR for most code quality issues.
Do give it a try and let me know if you like it. โจ
I use Code Review Bundle to make my code better. Code Review Bundle is a set of perfect diff tools to help you understand the other programmer's decisions and improve the project code quality until it gets feature-complete
devart.com/code-review-bundle/