Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ryan Markel - WordCamp StL 2016 - Code Review

1,875 views

Published on

Do you even code review? Maybe you will after you flip through this presentation. More information at https://ryanmarkel.com/wcstl2016/

Published in: Internet
  • Be the first to comment

Ryan Markel - WordCamp StL 2016 - Code Review

  1. 1. CODE REVIEW WORDCAMP ST. LOUIS 2016
  2. 2. RYAN MARKEL HELLO, WORLD!
  3. 3. CODE REVIEW ABOUT ME ▸ I’m a (really) long-time WordPress user. ▸ I work at Automattic. ▸ On the WordPress.com VIP team. ▸ I can (kind of) code. ▸ With some help. ▸ On a good day.
  4. 4. OK; SO WHY DO YOU CARE SO MUCH ABOUT CODE REVIEW? AND WHY SHOULD I? All of you, just now CODE REVIEW
  5. 5. CODE REVIEW IS A WAY OF LIFE
  6. 6. WHAT IS WORDPRESS.COM VIP? DIGRESSION:
  7. 7. CODE REVIEW WORDPRESS.COM ▸ Largest single WordPress installation in the world ▸ Serving: ▸ 21.5 billion page views per month ▸ 55.8 million new posts per month ▸ Many millions of sites/blogs
  8. 8. CODE REVIEW WORDPRESS.COM VIP ▸ Enterprise-level WordPress hosting ▸ On the WordPress.com infrastructure ▸ 2.5 billion page views per month ▸ 99.9976% uptime ▸ 349ms average response time
  9. 9. CODE REVIEW WORDPRESS.COM VIP ▸ Sites run on WordPress.com sites, just like yours and mine ▸ Clients have a custom svn repository for their theme ▸ They commit changes to their theme directly to their directory on WordPress.com ▸ A problem with a WordPress.com VIP site can affect: ▸ Other VIP sites ▸ More of the WordPress.com network
  10. 10. WE REVIEW ALL CODE BEFORE DEPLOYING IT
  11. 11. WHY CODE REVIEW? 1.
  12. 12. CODE REVIEW WHY CODE REVIEW? ▸ Safe code ▸ Finding XSS, unescaped and unsanitized code ▸ Scalable code ▸ Smart queries, cached functions, DRY code ▸ Readable code ▸ Coding standards (whitespace, formatting, etc.) ▸ Learning!
  13. 13. WE DON’T […] REVIEW TO ADD MORE TIME TO OR DELAY YOUR LAUNCH SCHEDULES. WordPress.com VIP CODE REVIEW
  14. 14. WE DO […] CODE REVIEWS TO HELP YOU LAUNCH SUCCESSFULLY. WordPress.com VIP CODE REVIEW
  15. 15. WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE? 2.
  16. 16. CODE REVIEW WHAT DO YOU LOOK FOR WHEN YOU REVIEW CODE? ▸ Validation, sanitizing, and escaping ▸ XSS in Javascript ▸ Uncached WordPress functions ▸ Smart fetching of remote data ▸ Terrifying queries that set databases on fire ▸ Best practices and WordPress coding standards ▸ Typos
  17. 17. HOW DO YOU DO CODE REVIEW? 3.
  18. 18. AUTOMATIC CODE REVIEW
  19. 19. CODE REVIEW AUTOMATIC CODE REVIEW ▸ PHP CodeSniffer ▸ WordPress Coding Standards rules ▸ VIP Quickstart and/or VIP Scanner ▸ Continuous integration testing ▸ e.g., Travis ▸ WP Enforcer
  20. 20. MANUAL CODE REVIEW
  21. 21. THE WORDPRESS.COM VIP CODE REVIEW PROCESS DIGRESSION:
  22. 22. THE “DEPLOY QUEUE”
  23. 23. (REDACTED)
  24. 24. CODE REVIEW WORDPRESS.COM VIP CODE REVIEW PROCESS ▸ Client commits changes to repository ▸ Changeset displayed in a special view that contains: ▸ Commit itself (diff, revision #, repository data, etc.) ▸ Changelog entry for each revision ▸ Reviewer can either: ▸ Open a ticket to discuss the change and leave notes ▸ Deploy or revert as needed
  25. 25. CODE REVIEW WORDPRESS.COM VIP CODE REVIEW PROCESS ▸ 9.5 million lines of code reviewed to date ▸ Over 144 thousand individual deploys ▸ Average time from commit to deploy (this includes review!) is around two hours
  26. 26. THAT’S COOL, BUT WHAT TOOLS CAN I USE TO ACCOMPLISH THE SAME? You, just now again CODE REVIEW
  27. 27. DO YOU USE GITHUB?
  28. 28. PULL REQUESTS ARE LIKE BUILT-IN CODE REVIEW OPPORTUNITIES
  29. 29. CALYPSO DIGRESSION:
  30. 30. [CODE REVIEWS] HELP TO KEEP CODE QUALITY CONSISTENT, Calypso Project Documentation CODE REVIEW
  31. 31. THEY SPREAD OWNERSHIP OF THE CODE, Calypso Project Documentation CODE REVIEW
  32. 32. AND THEY HELP EVERY PERSON WORKING ON CALYPSO IMPROVE OVER TIME. Calypso Project Documentation CODE REVIEW
  33. 33. CODE REVIEW CALYPSO ▸ Pull requests are peer reviews waiting to happen ▸ Stay positive - comment on the code, not the person ▸ Have a list of things to look for in code review ▸ Checklists are your friends ▸ When you are creating a pull request ▸ When you are reviewing and (hopefully) merging it
  34. 34. YOU NEED DOCUMENTATION
  35. 35. CODE REVIEW […] GREATLY INCREASED THE QUALITY OF OUR CODEBASE… Andy Peatling, WordPress.com Developer Blog CODE REVIEW
  36. 36. …AND HELPED EVERYONE LEVEL UP THEIR JAVASCRIPT SKILLS. Andy Peatling, WordPress.com Developer Blog CODE REVIEW
  37. 37. WAYS TO DO MANUAL CODE REVIEW
  38. 38. CODE REVIEW MANUAL CODE REVIEW ▸ Github pull requests ▸ No one merges their own PR ▸ Use the comments! They are a great tool! ▸ Line number comments are fantastic ▸ If you don’t use Github or a similar tool ▸ Diff reviews (use a good text editor) - WordPress core!
  39. 39. MAKE IT PART OF YOUR TEAM CULTURE
  40. 40. WHAT IF I’M A SOLO DEVELOPER? WHAT DO I DO? A few of you, maybe for the last few minutes CODE REVIEW
  41. 41. SLEEP ON YOUR CODE
  42. 42. CODE REVIEW SELF CODE-REVIEW ▸ Create pull requests or diffs of your own code and queue them up for review ▸ Don’t merge to master/production/head the same day if you can help it ▸ Clear your mental context between writing your code and reviewing your own code ▸ Use automatic code review tools to get you part of the way there
  43. 43. EVERYONE CAN DO CODE REVIEW
  44. 44. WHEN NOT TO DO CODE REVIEW 4.
  45. 45. NEVER
  46. 46. REVIEWED CODE IS BETTER CODE
  47. 47. THANK YOU WORDCAMP ST. LOUIS 2016
  48. 48. NO, REALLY; THANK YOU RYANMARKEL.COM/WCSTL2016 ▸ Download of these slides and my notes ▸ Links to the resources listed and quoted in this presentation ▸ Contact form so you can reach me if you have any questions ▸ Lots of blog posts that have nothing to do with code review, this talk, or really WordPress at all

×