Can we automate code-review? Yes we can

arpitvasani

Arpit Vasani

Posted on September 23, 2019

Can we automate code-review? Yes we can

Index

What is code-review?

After you submit a pull request then there will be someone from the senior development team who will review(or maybe test) your code before merging it to development or master branch.

Code review helps us identify the wrongs before it gets to master code base or get published to a production site. It could be programming-wise or business logic wise. For programming related mistakes there are tools using which one can enforce best practices and for the other, we need to have a person who has an understanding about the flow of the system. The last one can't be automated(at the moment).

Why would you want to automate it?

I'll replace you with AI meme

There are lots of reason to automate your tasks. Like following.

  • More free time on work 😉
  • It will give you time to focus on more concerning problems
  • Higher accuracy than human
  • It's a Reliable system to prevent the buggy code to reach production
  • ...and much more

It's not like we are completely removing human intervention in the code review process. In fact, Technology will play helping hand in this review process for a senior developer(or a code reviewer).

How can you automate it?

In this tutorial, We will be using sonarqube. Sonarcube is code quality checker which can be hosted on-premise it also has an inbuilt web interface to show the bugs and code sniffs. Sonarqube is an on-premise version which you can download and install on a machine on LAN. on top of that there is a community edition of sonarqube which is free and open source. yay!!

Sonarcloud is the cloud version of the same service and it's free for public repo so we are going to use that.

For the demo purposes, I will be using this repo https://github.com/vasani-arpit/sonarcloud-tutorial which has some intentional mistakes.

Steps

  1. Go to sonarcloud and sign in with Github
  2. after authentication is done, click on âž• on the top and select analyze new project
  3. Next, Import your GitHub repo using "Choose an organization on Github button"
  4. Click on "Bind to an existing SonarCloud organization" and then "Bind Organization" button
  5. Select/check the repo you want to analyze from the list and click on set up
  6. Now go back to your repo and add a file at root level as following and save it as .sonarcloud.properties

    # Path to sources
    sonar.sources=.
    
  7. push your commit. Sonar cloud will automatically pick up your code and start analyzing the repo.

  8. once the analysis is complete you should see something like following
    sonar could overview image It is a public project. you can see it on https://sonarcloud.io/dashboard?id=vasani-arpit_sonarcloud-tutorial as well.

It says there is one bug let's see what that is.

sonar cloud bug overview

as you can see if and else block of the code is the same so sonar suggesting me to remove the condition because there is no point in having it. It also tells how much time it will take to resolve this bug. So, Next time when you have an existing project to refactor then pass it through sonarcloud and tell exact efforts needed for reactor so your PM won't ask you every day for the update. 😜

Now, This is something my IDE/compiler won't catch because it only checks for the syntax.

Conclusion

by Partially automating the code-review task you can have better results which human eye can miss. If you like pair-programming then sonarqube/sonarcloud can be your pair-reviewer. 😀

On a serious note, If you are in domain/organization in which you can't put your code on the cloud then you can setup sonarqube (instead of sonarcloud) on your local machine and automate your PR reviews.

💖 💪 🙅 🚩
arpitvasani
Arpit Vasani

Posted on September 23, 2019

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Can we automate code-review? Yes we can
automation Can we automate code-review? Yes we can

September 23, 2019