CODE REVIEWWORDCAMP US 2016

RYAN MARKELHELLO, WORLD!

CODE REVIEW

ABOUT ME

▸ I’m a (really) long-time WordPress user.

▸ I work at Automattic.

▸ On the WordPress.com VIP team.

▸ I can (kind of) code.

▸ With some help.

▸ On a good day.

OK; SO WHY DO YOU CARE SO MUCH ABOUT CODE REVIEW? AND WHY SHOULD I?

All of you, just now

CODE REVIEW

CODE REVIEW IS A WAY OF LIFE

WHAT IS WORDPRESS.COM VIP?

DIGRESSION:

CODE REVIEW

WORDPRESS.COM

▸ Largest single WordPress installation in the world

▸ Serving:

▸ 21.5 billion page views per month

▸ 55.8 million new posts per month

▸ Many millions of sites/blogs

CODE REVIEW

WORDPRESS.COM VIP

▸ Enterprise-level WordPress hosting

▸ On the WordPress.com infrastructure

▸ 2.5 billion page views per month

▸ 99.9976% uptime

▸ 349ms average response time

CODE REVIEW

WORDPRESS.COM VIP

▸ Sites run on WordPress.com sites, just like yours and mine

▸ Clients have a custom svn repository for their theme

▸ They commit changes to their theme directly to their directory on WordPress.com

▸ A problem with a WordPress.com VIP site can affect:

▸ Other VIP sites

▸ More of the WordPress.com network

WE REVIEW ALL CODE BEFORE DEPLOYING IT

WHY CODE REVIEW?1.

CODE REVIEW

WHY CODE REVIEW?

▸ Safe code

▸ Finding XSS, unescaped and unsanitized code

▸ Scalable code

▸ Smart queries, cached functions, DRY code

▸ Readable code

▸ Coding standards (whitespace, formatting, etc.)

▸ Learning!

WE DON’T […] REVIEW TO ADD MORE TIME TO OR DELAY YOUR LAUNCH SCHEDULES.

WordPress.com VIP

CODE REVIEW

WE DO […] CODE REVIEWS TO HELP YOU LAUNCH SUCCESSFULLY.

WordPress.com VIP

CODE REVIEW

WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE?

2.

CODE REVIEW

WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE?

▸ Validation, sanitizing, and escaping

▸ XSS in Javascript

▸ Uncached WordPress functions

▸ Smart fetching of remote data

▸ Terrifying queries that set databases on fire

▸ Best practices and WordPress coding standards

▸ Typos

HOW DO YOU DO CODE REVIEW?

3.

AUTOMATIC CODE REVIEW

CODE REVIEW

AUTOMATIC CODE REVIEW

▸ PHP CodeSniffer

▸ WordPress Coding Standards rules

▸ VIP Quickstart and/or VIP Scanner

▸ Continuous integration testing

▸ e.g., Travis

▸ WP Enforcer

MANUAL CODE REVIEW

THE WORDPRESS.COM VIP CODE REVIEW PROCESS

DIGRESSION:

THE “DEPLOY QUEUE”

(REDACTED)

CODE REVIEW

WORDPRESS.COM VIP CODE REVIEW PROCESS

▸ Client commits changes to repository

▸ Changeset displayed in a special view that contains:

▸ Commit itself (diff, revision #, repository data, etc.)

▸ Changelog entry for each revision

▸ Reviewer can either:

▸ Open a ticket to discuss the change and leave notes

▸ Deploy or revert as needed

CODE REVIEW

WORDPRESS.COM VIP CODE REVIEW PROCESS

▸ 9.5 million lines of code reviewed to date

▸ Over 144 thousand individual deploys

▸ Average time from commit to deploy (this includes review!) is around two hours

THAT’S COOL, BUT WHAT TOOLS CAN I USE TO ACCOMPLISH THE SAME?

You, just now again

CODE REVIEW

DO YOU USE GITHUB?

PULL REQUESTS ARE LIKE BUILT-IN CODE REVIEW OPPORTUNITIES

CALYPSODIGRESSION:

[CODE REVIEWS] HELP TO KEEP CODE QUALITY CONSISTENT,

Calypso Project Documentation

CODE REVIEW

THEY SPREAD OWNERSHIP OF THE CODE,

Calypso Project Documentation

CODE REVIEW

AND THEY HELP EVERY PERSON WORKING ON CALYPSO IMPROVE OVER TIME.

Calypso Project Documentation

CODE REVIEW

CODE REVIEW

CALYPSO

▸ Pull requests are peer reviews waiting to happen

▸ Stay positive - comment on the code, not the person

▸ Have a list of things to look for in code review

▸ Checklists are your friends

▸ When you are creating a pull request

▸ When you are reviewing and (hopefully) merging it

YOU NEED DOCUMENTATION

CODE REVIEW […] GREATLY INCREASED THE QUALITY OF OUR CODEBASE…

Andy Peatling, WordPress.com Developer Blog

CODE REVIEW

…AND HELPED EVERYONE LEVEL UP THEIR JAVASCRIPT SKILLS.

Andy Peatling, WordPress.com Developer Blog

CODE REVIEW

WAYS TO DO MANUAL CODE REVIEW

CODE REVIEW

MANUAL CODE REVIEW

▸ Github pull requests

▸ No one merges their own PR

▸ Use the comments! They are a great tool!

▸ Line number comments are fantastic

▸ If you don’t use Github or a similar tool

▸ Diff reviews (use a good text editor) - WordPress core!

MAKE IT PART OF YOUR TEAM CULTURE

WHAT IF I’M A SOLO DEVELOPER? WHAT DO I DO?

A few of you, maybe for the last few minutes

CODE REVIEW

SLEEP ON YOUR CODE

CODE REVIEW

SELF CODE-REVIEW

▸ Create pull requests or diffs of your own code and queue them up for review

▸ Don’t merge to master/production/head the same day if you can help it

▸ Clear your mental context between writing your code and reviewing your own code

▸ Use automatic code review tools to get you part of the way there

EVERYONE CAN DO CODE REVIEW

WHEN NOT TO DO CODE REVIEW

4.

NEVER

REVIEWED CODE IS BETTER CODE

THANK YOUWORDCAMP US 2016

NO, REALLY; THANK YOU

RYANMARKEL.COM/WCUS2016

▸ Download of these slides and my notes

▸ Links to the resources listed and quoted in this presentation

▸ Contact form so you can reach me if you have any questions

▸ Lots of blog posts that have nothing to do with code review, this talk, or really WordPress at all