Setting up Automated Code Reviews

No more hardcore manual reviews ❌

Introduction

What is a Code Review?

“Code Review, also known as Peer Code Review, is the act of consciously and systematically convening with one’s fellow programmers to check each other’s code for mistakes and has been repeatedly shown to accelerate and streamline the process of software development like few other practices can.” (From SmartBear).

The Benefits of Code Reviews

• Improves code quality: Code reviews improve code quality by detecting issues before they snowball out of control and ensuring consistent standards. This leads to robust software that is built from components for seamless integration and functionality.
• Supports knowledge transfer: Source code that is constantly under review allows developers to learn more reliable techniques and best practices.
• Helps teams create better documentation: Code reviews also help teams to create better documentation, which makes it easier for developers to add features and upgrade existing ones in the future.
• Makes QA testing easier: Another benefit of maintaining consistent standards is a source code that is easier for specialists and testers to understand. In Quality Assurance (QA) testing, testers will not only have to check the quality of the code, but they will also have to identify issues leading to poor tests. This can lead to persistent, avoidable delays in development due to further testing and reworking.

Challenges in Code Reviews

• Code review happens too late in the development process: The work has already been done. To rework or to start again could be very time-consuming. The reviewers have a difficult choice: risk the current release while the work is redone, or let it through and suffer the additional technical debt.
• The Wait Time: This is the biggest issue in code reviews. When the author of the code opens a pull request and marks it ready for review, they need to wait until another person comes along and reviews it. This could be 1 hour after the pull request has been opened (if you are lucky) or it might take a few days or even weeks (if you are not lucky). The wait time is especially painful for us programmers because, after each wait time, the context is lost and needs to be rebuilt again. The longer the wait time the more difficult it is to remember how all the code changes fit together into the shippable feature.

Solution for the challenges in Code Reviews

• Automated code reviews: It will provide quick feedback for the commits you pushed to the repository.

How to integrate automated code reviews into your project?

Required Tool

• Code Inspector GitHub Action

How does it work?

Workflow of the Code Inspector

Steps to follow

Step 1: Create a project in Code Inspector

• Sign up on Code Inspector.
• Create a project.
• Install Code Inspector for a repository or multiple repositories you like to have automated code reviews.

Step 2: Get your Code Inspector API keys

• In your profile, generate API keys.

Generating API keys

• Once you click on the button, the following window will appear.

Generated API keys

Step 3: Configure your Code Inspector API keys in your GitHub repository

• You need to add your Code Inspector API keys into GitHub.
• On GitHub, go in your repository settings, click on the secret Secrets (on the right), and create a new secret.
• Create a secret called CODE_INSPECTOR_ACCESS_KEY and set it to the value of the access key generated at the previous step.

Creating repository secret key for “CODE_INSPECTOR_ACCESS_KEY”

• Create another secret called CODE_INSPECTOR_SECRET_KEY and set it to the value of the secret key generated at the previous step.

Creating repository secret key for “CODE_INSPECTOR_SECRET_KEY”

• Once all secrets have been created, we should have the following secrets generated.

Repository secret keys for Code Inspector

Step 4: Configure the GitHub action

Create a file .github/workflows/main.yml and insert the following content.

main.yml

The following parameters should NOT be changed:

• repo_token: This is how Code Inspector can access your repository
• code_inspector_access_key and code_inspector_access_key: This is how the action can communicate with the Code Inspector analysis engine.

The following parameters CAN be changed:

• min_quality_grade: The minimum grade your project should have. Valid values are: EXCELLENT, GOOD, NEUTRAL, WARNING, CRITICAL
• min_quality_score: The minimum code quality scores your project should have. This is a value between 0 and 100.
• max_defects_rate: The number of defects per line of code. For example, the value 0.001 means 1 defect per 1000 lines of code.
• max_complex_functions_rate: The rate of complex functions (E.g. functions with high cyclomatic complexity). For example, a value of 0.5 means that the code should not have more than 50% of functions with high complexity.
• max_long_functions_rate: The rate of long functions (E.g. functions that are too long to be correctly read by developers). For example, a value of 0.4 means that the code should not have more than 40% of long functions.
• project_name: The name of the project on Code Inspector. This argument is optional: if you set a project name, the analysis engine will use the preferences of this project. Leave blank for not using a project.
• max_timeout_sec: How many seconds the analysis should come back to you. Default is 600 secconds (10 minutes).

Step 5: Enjoy the automated code reviews

• Push a new commit and the Code Inspector engine will check if the new code meets your criteria.

Code Inspector Audits

• To visualize the details of the result, you can use the frontend, command-line client, or use directly API.
• Code Inspector’s frontend dashboard for the project.

Code Inspector Frontend — Dashboard

• Code Inspector’s frontend analysis for the project.

Code Inspector Frontend — Analysis

• Once we click on the “Violations” showing on a red color chip, we can see the violations on the code.

Code Inspector Frontend — Violations

Demo Project

GitHub Repo: https://github.com/osandadeshan/code-quality-demo