How to Run Code Reviews to Improve Software Quality

Every developer makes mistakes and these mistakes can add up over time. While these mistakes may not cause defects, they can increase technical debt and make it more expensive to build upon and maintain an application over time. Code reviews are the best way to catch these mistakes before they are merged into production.

Let’s take a look at how to run code reviews to improve software quality without slowing down development velocity.

Code Reviews 101

Code reviews are a best practice that improves quality and reduces defects. After a developer finishes work on an issue, another developer looks over the code to ensure that it has the proper tests, adheres to style guidelines and doesn’t contain any functional errors.

Code reviews work best when incorporated into the development cycle. For instance, an organization may require a code review for new pull requests before they’re merged into the master branch. The goal is to ensure the code reviewer’s time is spent reviewing code that has passed tests and catching any poor decisions before it reaches production.

Code reviewers should keep a few tips in mind:

• Find ways to simplify the code while still meeting the requirements
• Try to understand the original author’s perspective
• Sign off on the code with a “ready to merge” comment
• Keep in mind that the goal is to provide feedback rather than be a gatekeeper

The original authors should also keep a few tips in mind:

• Make it easy to see commits in response to feedback (e.g. don’t squash)
• Try to understand the reviewer’s perspective
• Try to respond to every comment
• Understand that it’s hard to convey emotion and intent online

When done properly, code reviews are a powerful way to share knowledge, improve quality and ensure a consistent coding style. These efforts can dramatically improve everything from estimation to long-term maintainability for the project.

Specific Workflows

Code reviews should be incorporated into an organization’s development cycle—rather than run ad-hoc—to ensure consistency. In particular, leaders should ensure that there’s enough time set aside for code reviews to take place and avoid the temptation to skip them.

A common workflow for code reviews includes:

• Create a local branch for a feature or bug fix
• Create a pull request when finished with tests passing
• Ask for a code review in Slack or other communication tools
• A team member reviews the pull request and makes any comments
• When the changes are made, the author states that it’s ready to merge
• Merge the branch into master
• Delete the remote and local feature branches

Example Jira Board with Code Review Step - Source: Sitepoint

Code reviews work best within an Agile process that leverages test-driven development. By writing tests before code, a code reviewer already knows that the code meets technical requirements. They can focus on finding ways to simplify the code or make it easier to read while easily being able to verify that it still meets requirements.

The exact code review process that an organization uses depends on its budget, resources and requirements. If a code review process isn’t feasible on the whole, it may be worth considering code reviews for entry-level developers or those new to the team as a way to acclimate them to the desired coding styles or other goals.

Automating the Process

Code review works best when it’s done in-person but there are some technologies that can offload some of the effort. With ongoing improvements in machine learning, automated code review could become increasingly popular over the coming years.

The most common form of automated code review handles style recommendations. For instance, Stickler CI is an open source solution that provides automatic style feedback with each commit. You can use default style guides for different languages to customize each tool to fit your organization’s requirements.

HoundCI is similar to Stickler CI and provides style recommendations - Source: ThoughtBot

Static code analysis tools can also identify scalability issues, security vulnerabilities and other issues that might arise during a code review. While many of these tools are available as CLI utilities for developers, including them in a continuous integration (CI) process ensures that they are actually used and prevents the issues from reaching production.

Artificial intelligence and machine learning technologies are making code reviews even more informative and dynamic. For instance, DeepCode analyzes large amounts of code to learn common mistakes and points out issues that humans might miss. These technologies could eventually augment code reviews to make them faster and more reliable.

Leveraging Outside Help

Code reviews can be time-consuming but that doesn’t mean that you can ignore them. If you have a small or inexperienced team or limited resources, you may want to consider outsourcing the code review process. A growing number of development firms provide on-demand code reviews by experienced engineers that enable you to focus on shipping new features.

Sharkbyte’s team augmentation services add capacity to your development team without the high cost of interviewing, hiring and training new developers. As senior-level engineers, we can provide code reviews that help improve your team and ensure that you’re delivering high-quality software while freeing your team to focus on feature development.

Contact us to learn more!

The Bottom Line

Code reviews are an essential component of Agile software development. By keeping the best practices that we’ve covered in mind, you can ensure that you’re delivering high-quality software that’s easy to maintain over the long-term. The key is integrating code reviews into your development cycle rather than running them ad-hoc when you have time.

If you lack the resources for code reviews or would rather focus your team on features, you may want to consider team augmentation or code reviews as a service. Contact us today to learn how our senior engineers can help you improve!