SlideShare a Scribd company logo

The Testers' Secret Weapon - Code Reviews

Bertold Kolics
Bertold Kolics

The document discusses code reviews, defining them as a form of static testing where code is reviewed for completeness and correctness prior to integration. It notes code reviews can create shared understanding, reduce rework, help instill best practices, and provide opportunities for learning and training. The document presents case studies from the author's experience at companies like Sun Microsystems and ESO Solutions to illustrate how code review processes and templates were improved to increase quality and throughput. It provides recommendations for effective code reviews like limiting scope, using walkthroughs, addressing issues before review, and overcommunicating context. The document argues code reviews benefit testing specialists, developers and leaders by making teams more valuable, reducing rework, and increasing collaboration and quality.

Software
1 of 26
Download to read offline
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. The Testers’ Secret Weapon - Code Reviews Bertold Kolics HUSTEF 2023 - Budapest, October 4, 2023 1
© 2023 Verosint. All rights reserved. My Context ● Question Asker, Bulldog Engineer ● Not a Gatekeeper ● Verosint - small startup < 20 employees ○ SaaS business ○ We detect & prevent online account fraud ● Past ○ mabl (e2e test automation as a service) - small ○ CS Disco (legal tech) - medium ○ ESO Solutions (healthcare) - medium ○ Ping Identity / UnboundID - small/medium ○ Sun Microsystems - large ○ SZTAKI - medium 2
© 2023 Verosint. All rights reserved. Definition ● What: review code for completeness and correctness ● When: prior to integration into product ● Form of static testing* ● Informal vs. formal ○ mind the context ● Synchronous ○ in-person/virtual walkthrough ○ peer or mob programming ● Asynchronous ○ out of band review typically in the form of a pull request ● Participants: ○ author: engineering (development, test, even ops) ○ reviewer: engineering, ops, technical writers 3 Image credit: Wilfredo Lee/AP/REX/Shutterstock.com
© 2023 Verosint. All rights reserved. Why Accelerate the Achievement of Shippable Quality source: https://www.moderntesting.org/ Code reviews: ● Create shared understanding ● Reduce rework ● Help instill best practices ● Opportunity to learn from others, teach & train ● Influences outcome ● Gels the team when done properly as we rarely work in isolation 4 Remember: soft skills are the hard skills
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems ● Year: 2003. Event: acquisition of Waveset. ● Role: developer ● QA team and technical writers under separate management structure. ● Product: highly-customizable identity provisioning, on-prem ● Process: throw it over the wall ● Initial state ○ frequent patch releases (multiple times a week), regressions ○ implementation with lots of shortcuts, unsuitable for quick ramp of new customers ○ core engineering involvement 5 Image credit: John Anju
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Review Process ● End state ○ max once a month patch release managed by sustaining team ○ design reviews for features ○ longest code review template ever ○ significantly higher quality / throughput ● Code review template forced developers to ○ communicate and create shared understanding ○ slow down: have you heard “slow down to speed up” before? ○ carefully consider all aspects of the changes ○ get buy-in: plan changes first, code next 6 Build the right it & build it right.
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Process ● Developer ○ clarifies requirements if necessary with product or engineering manager ○ consults test specialists if necessary ○ implements increment including tests and changes to documentation ○ tests code manually and with automated tests ○ fills out code review template ○ solicits feedback, revises code ○ integrates change ○ addresses any test failures ○ updates ticket in issue management system: details, links to source changes, etc ● Template reflecting the above process 7
© 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Template ● Contents: ○ Summary of the issue ○ Alternatives considered ○ Details about solution implemented ○ Impact (cross-cutting concerns) ■ performance, scalability, security, accessibility ○ Net new tests implemented ○ Release notes and notes on updating product documentation ● Details about implementation copied into issue manager ○ QA team - all over the moon 😍 ○ Technical writers - no longer felt neglected 8 Image credit: Teams of Distinction
© 2023 Verosint. All rights reserved. Case Study: ESO Solutions ● Year: 2017. Context: leading QA practice for multiple development teams. ● Company: ~200 employees ● Product: electronic health record, SaaS, US customers only ● Team structure: ○ cross-functional, 2-pizza sized: product manager, developers, test engineers ○ matrix organization ○ 2 test engineer / team: SDET and traditional QA ● Process: scrum with planning/standup/retro ceremonies, 2-week cycle ● Key elements: ○ co-located teams - sitting in close proximity ○ review format: most often pairing driven by short delivery cycles ○ evolving test automation engineers to own framework instead of feature automation 9
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. In The Trenches 10
© 2023 Verosint. All rights reserved. Practices that worked for me ● Don’t lose sight of the goal ● Don’t make it personal ● Be curious ● Teach & learn ● Pick your battles ● Size matters ● Time - yours and theirs, interruptions ● Reviewed code is not bug free code 11 Image credit: png image from pngtree.com Remember: more time spent on reading code than writing
© 2023 Verosint. All rights reserved. Extent of Code Changes ● The brain cannot keep focused on large code changes ○ too much changes lead to subpar reviews ● Keep code changes under 400 lines 12 Image credit: IMDB
© 2023 Verosint. All rights reserved. Code Walkthroughs ● Consider code walkthroughs for new features, large changes ● Best if accompanied by ○ READMEs ○ Drawings / sketches ○ Example code / automated tests ○ Whiteboard ● In person or over Zoom ● Allow time for questions 13
© 2023 Verosint. All rights reserved. Before Code Reviews ● Run static analyzers ○ Helps reviewers focus on higher level concerns ● Ensure that automated tests are passing ○ Helps reduce the requests for reviewing code changes again 14 Image credit: Wikipedia
© 2023 Verosint. All rights reserved. Avoid Interruptions ● Interruptions are productivity killers ● Bundling technique ○ work interruptions limited to certain days or part of the day ○ for example: code reviews daily after standup ● Get your ducks in the row before requesting review ○ respect the time and interruptions code review ● Anti-pattern example: ○ requesting a review multiple times for multiple revisions in the same pull request 15
© 2023 Verosint. All rights reserved. Checklists / Templates to The Rescue ● Sets expectations ● Easier for reviewers to follow a consistent format ● May be specific to a repository 16
© 2023 Verosint. All rights reserved. Exceptions Are OK, too ● Consider relaxing code review requirements without sacrificing quality ● Examples: ○ 1-line code change ○ Changing only message catalog keys ○ Updating project README 17
© 2023 Verosint. All rights reserved. Overcommunicate ● Don’t forget to set the context ● Links are helpful ○ tickets ○ design documents ○ decisions records ● Add your own code review comments in areas ○ where implementation choice may not be clear ○ where additional considerations were needed ● Eliminates back-and-forth ● Sometimes I mention: “I am not a Vulcan, I cannot mind-meld” ● Anti-pattern example: ○ 10-line code comment to explain a complex conditional 18
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. What’s In It For Me? 19
© 2023 Verosint. All rights reserved. Testing Specialists ● Make yourself more valuable to the team ○ coaching developers on testing ○ removing yourself eventually as the bottleneck ○ shorten the feedback loop ● Learn programming ○ reading is easier first than writing ● When done properly ○ code reviews create another collaborative venue ○ foster shared understanding ○ gel the team 20
© 2023 Verosint. All rights reserved. Developers ● Opportunity to learn testing techniques ○ testing - especially feature-level - is a must-have skill, not a dedicated job ● Opportunity to share knowledge between developers ○ junior developers, interns can learn best practices to use, patterns to follow ○ senior developers can exercise their coaching, technical leadership skills ● Less rework, more new work ○ do you prefer fixing bugs or develop new features? Most will pick the latter. ● Think value ○ you are not valued on the # of lines of code you produce ○ reviews help to focus our efforts 21
© 2023 Verosint. All rights reserved. Leaders ● Make it part of the software development lifecycle ○ will also pay dividends when customers ask about development practices ● Code reviews can ○ gel the team, ○ provide growth professionally to team members, ○ increase the value the team delivers 22
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Wrapping It Up 23
© 2023 Verosint. All rights reserved. Key Takeaways ● Code reviews are an essential part of the software development life cycle ● Can be done in many shapes and forms ○ having an agreed upon process appropriate for the context is key ● When done properly, it ○ helps create shared understanding, ○ becomes a powerful teaching tool, ○ provides a platform for coaching testing as well as development skills, ○ gels the team 24
© 2023 Verosint. All rights reserved. Resources ● My Code Review Guidelines ● Newsletters ○ The Pragmatic Engineer by Gergely Orosz ○ The Beautiful Mess by John Cutler ● Podcasts ○ A/B Testing ○ Testing Peers ○ Maintainable Software ● Books ○ Your Code As A Crime Scene (2nd edition coming) ○ Software Design X-Rays ○ Clean Code: A Handbook of Agile Software Craftsmanship ○ SmartBear’s Best Practices and e-book ○ User Story Mapping ○ Accelerate 25 bit.ly/hustef2023
© 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Thank you 26

Recommended

A Tester's Life
A Tester's LifeA Tester's Life
A Tester's Life
Bertold Kolics
 
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
DevDay.org
 
ASPgems company profile
ASPgems company profileASPgems company profile
ASPgems company profile
Agustin Cuenca
 
Building Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software EngineeringBuilding Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software Engineering
Muhammad Shehata
 
Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...
Agustin Benito Bethencourt
 
Software Project management
Software Project managementSoftware Project management
Software Project management
sameer farooq
 
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
p6academy
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
SADEED AMEEN
 

Recommended

A Tester's Life
A Tester's LifeA Tester's Life
A Tester's Life
Bertold Kolics
 
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
DevDay.org
 
ASPgems company profile
ASPgems company profileASPgems company profile
ASPgems company profile
Agustin Cuenca
 
Building Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software EngineeringBuilding Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software Engineering
Muhammad Shehata
 
Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...
Agustin Benito Bethencourt
 
Software Project management
Software Project managementSoftware Project management
Software Project management
sameer farooq
 
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
p6academy
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
SADEED AMEEN
 
Defensive API programming techniques for Gophers
Defensive API programming techniques for GophersDefensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
Bertold Kolics
 
From class to architecture
From class to architectureFrom class to architecture
From class to architecture
Marcin Hawraniak
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
Moss Drake
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agile
Alyssa Fox
 
Agile process
Agile processAgile process
Agile process
SatishreddyMandadi
 
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewMuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
Jitendra Bafna
 
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmas
SQALab
 
Legacy code development and maintenance
Legacy code development and maintenanceLegacy code development and maintenance
Legacy code development and maintenance
Denis Kondratenko
 
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventPrashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
Xebia India
 
Architecture in action 01
Architecture in action 01Architecture in action 01
Architecture in action 01
Krishna Sankar
 
Pull requests do's and don'ts
Pull requests do's and don'tsPull requests do's and don'ts
Pull requests do's and don'ts
Arie Bregman
 
Software Engineering Primer
Software Engineering PrimerSoftware Engineering Primer
Software Engineering Primer
Georg Buske
 
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
Ryo Jin
 
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfDesign and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
IRJET Journal
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
ssuser2cde60
 
PROCESS MODELS.ppt
PROCESS MODELS.pptPROCESS MODELS.ppt
PROCESS MODELS.ppt
DrTThendralCompSci
 
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsTales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
Particular Software
 
8220 sad inquiry
8220 sad inquiry8220 sad inquiry
8220 sad inquirybbass03
 
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxLecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
elham706227
 
Taskfile - makefiles are fun again
Taskfile - makefiles are fun againTaskfile - makefiles are fun again
Taskfile - makefiles are fun again
Bertold Kolics
 
Email privacy
Email privacyEmail privacy
Email privacy
Bertold Kolics
 

More Related Content

Similar to The Testers' Secret Weapon - Code Reviews

Defensive API programming techniques for Gophers
Defensive API programming techniques for GophersDefensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
Bertold Kolics
 
From class to architecture
From class to architectureFrom class to architecture
From class to architecture
Marcin Hawraniak
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
Moss Drake
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agile
Alyssa Fox
 
Agile process
Agile processAgile process
Agile process
SatishreddyMandadi
 
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewMuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
Jitendra Bafna
 
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmas
SQALab
 
Legacy code development and maintenance
Legacy code development and maintenanceLegacy code development and maintenance
Legacy code development and maintenance
Denis Kondratenko
 
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventPrashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
Xebia India
 
Architecture in action 01
Architecture in action 01Architecture in action 01
Architecture in action 01
Krishna Sankar
 
Pull requests do's and don'ts
Pull requests do's and don'tsPull requests do's and don'ts
Pull requests do's and don'ts
Arie Bregman
 
Software Engineering Primer
Software Engineering PrimerSoftware Engineering Primer
Software Engineering Primer
Georg Buske
 
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
Ryo Jin
 
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfDesign and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
IRJET Journal
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
ssuser2cde60
 
PROCESS MODELS.ppt
PROCESS MODELS.pptPROCESS MODELS.ppt
PROCESS MODELS.ppt
DrTThendralCompSci
 
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsTales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
Particular Software
 
8220 sad inquiry
8220 sad inquiry8220 sad inquiry
8220 sad inquirybbass03
 
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxLecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
elham706227
 

Similar to The Testers' Secret Weapon - Code Reviews (20)

Defensive API programming techniques for Gophers
Defensive API programming techniques for GophersDefensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
 
From class to architecture
From class to architectureFrom class to architecture
From class to architecture
 
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
 
Info dev flexibility in agile
Info dev flexibility in agileInfo dev flexibility in agile
Info dev flexibility in agile
 
Agile process
Agile processAgile process
Agile process
 
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code ReviewMuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
 
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike BursellDevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
 
The tester's dilemmas
The tester's dilemmasThe tester's dilemmas
The tester's dilemmas
 
Legacy code development and maintenance
Legacy code development and maintenanceLegacy code development and maintenance
Legacy code development and maintenance
 
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia eventPrashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
 
Architecture in action 01
Architecture in action 01Architecture in action 01
Architecture in action 01
 
Pull requests do's and don'ts
Pull requests do's and don'tsPull requests do's and don'ts
Pull requests do's and don'ts
 
Software Engineering Primer
Software Engineering PrimerSoftware Engineering Primer
Software Engineering Primer
 
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
 
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage ShelfDesign and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
 
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiwHindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
 
PROCESS MODELS.ppt
PROCESS MODELS.pptPROCESS MODELS.ppt
PROCESS MODELS.ppt
 
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systemsTales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
 
8220 sad inquiry
8220 sad inquiry8220 sad inquiry
8220 sad inquiry
 
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptxLecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
 

More from Bertold Kolics

Taskfile - makefiles are fun again
Taskfile - makefiles are fun againTaskfile - makefiles are fun again
Taskfile - makefiles are fun again
Bertold Kolics
 
Email privacy
Email privacyEmail privacy
Email privacy
Bertold Kolics
 
Password Managers - Lastpass
Password Managers - LastpassPassword Managers - Lastpass
Password Managers - Lastpass
Bertold Kolics
 
Make DevOps inclusive
Make DevOps inclusiveMake DevOps inclusive
Make DevOps inclusive
Bertold Kolics
 
GitHub Actions demo with mabl
GitHub Actions demo with mablGitHub Actions demo with mabl
GitHub Actions demo with mabl
Bertold Kolics
 
Improve quality culture using visualization
Improve quality culture using visualizationImprove quality culture using visualization
Improve quality culture using visualization
Bertold Kolics
 
Funnels of Hiring Test Engineers
Funnels of Hiring Test EngineersFunnels of Hiring Test Engineers
Funnels of Hiring Test Engineers
Bertold Kolics
 
Session Based Testing Made Fun
Session Based Testing Made FunSession Based Testing Made Fun
Session Based Testing Made Fun
Bertold Kolics
 

More from Bertold Kolics (8)

Taskfile - makefiles are fun again
Taskfile - makefiles are fun againTaskfile - makefiles are fun again
Taskfile - makefiles are fun again
 
Email privacy
Email privacyEmail privacy
Email privacy
 
Password Managers - Lastpass
Password Managers - LastpassPassword Managers - Lastpass
Password Managers - Lastpass
 
Make DevOps inclusive
Make DevOps inclusiveMake DevOps inclusive
Make DevOps inclusive
 
GitHub Actions demo with mabl
GitHub Actions demo with mablGitHub Actions demo with mabl
GitHub Actions demo with mabl
 
Improve quality culture using visualization
Improve quality culture using visualizationImprove quality culture using visualization
Improve quality culture using visualization
 
Funnels of Hiring Test Engineers
Funnels of Hiring Test EngineersFunnels of Hiring Test Engineers
Funnels of Hiring Test Engineers
 
Session Based Testing Made Fun
Session Based Testing Made FunSession Based Testing Made Fun
Session Based Testing Made Fun
 

Recently uploaded

Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Yara Milbes
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 

Recently uploaded (20)

Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 

The Testers' Secret Weapon - Code Reviews

  • 1. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. The Testers’ Secret Weapon - Code Reviews Bertold Kolics HUSTEF 2023 - Budapest, October 4, 2023 1
  • 2. © 2023 Verosint. All rights reserved. My Context ● Question Asker, Bulldog Engineer ● Not a Gatekeeper ● Verosint - small startup < 20 employees ○ SaaS business ○ We detect & prevent online account fraud ● Past ○ mabl (e2e test automation as a service) - small ○ CS Disco (legal tech) - medium ○ ESO Solutions (healthcare) - medium ○ Ping Identity / UnboundID - small/medium ○ Sun Microsystems - large ○ SZTAKI - medium 2
  • 3. © 2023 Verosint. All rights reserved. Definition ● What: review code for completeness and correctness ● When: prior to integration into product ● Form of static testing* ● Informal vs. formal ○ mind the context ● Synchronous ○ in-person/virtual walkthrough ○ peer or mob programming ● Asynchronous ○ out of band review typically in the form of a pull request ● Participants: ○ author: engineering (development, test, even ops) ○ reviewer: engineering, ops, technical writers 3 Image credit: Wilfredo Lee/AP/REX/Shutterstock.com
  • 4. © 2023 Verosint. All rights reserved. Why Accelerate the Achievement of Shippable Quality source: https://www.moderntesting.org/ Code reviews: ● Create shared understanding ● Reduce rework ● Help instill best practices ● Opportunity to learn from others, teach & train ● Influences outcome ● Gels the team when done properly as we rarely work in isolation 4 Remember: soft skills are the hard skills
  • 5. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems ● Year: 2003. Event: acquisition of Waveset. ● Role: developer ● QA team and technical writers under separate management structure. ● Product: highly-customizable identity provisioning, on-prem ● Process: throw it over the wall ● Initial state ○ frequent patch releases (multiple times a week), regressions ○ implementation with lots of shortcuts, unsuitable for quick ramp of new customers ○ core engineering involvement 5 Image credit: John Anju
  • 6. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Review Process ● End state ○ max once a month patch release managed by sustaining team ○ design reviews for features ○ longest code review template ever ○ significantly higher quality / throughput ● Code review template forced developers to ○ communicate and create shared understanding ○ slow down: have you heard “slow down to speed up” before? ○ carefully consider all aspects of the changes ○ get buy-in: plan changes first, code next 6 Build the right it & build it right.
  • 7. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Process ● Developer ○ clarifies requirements if necessary with product or engineering manager ○ consults test specialists if necessary ○ implements increment including tests and changes to documentation ○ tests code manually and with automated tests ○ fills out code review template ○ solicits feedback, revises code ○ integrates change ○ addresses any test failures ○ updates ticket in issue management system: details, links to source changes, etc ● Template reflecting the above process 7
  • 8. © 2023 Verosint. All rights reserved. Case Study: Sun Microsystems - Template ● Contents: ○ Summary of the issue ○ Alternatives considered ○ Details about solution implemented ○ Impact (cross-cutting concerns) ■ performance, scalability, security, accessibility ○ Net new tests implemented ○ Release notes and notes on updating product documentation ● Details about implementation copied into issue manager ○ QA team - all over the moon 😍 ○ Technical writers - no longer felt neglected 8 Image credit: Teams of Distinction
  • 9. © 2023 Verosint. All rights reserved. Case Study: ESO Solutions ● Year: 2017. Context: leading QA practice for multiple development teams. ● Company: ~200 employees ● Product: electronic health record, SaaS, US customers only ● Team structure: ○ cross-functional, 2-pizza sized: product manager, developers, test engineers ○ matrix organization ○ 2 test engineer / team: SDET and traditional QA ● Process: scrum with planning/standup/retro ceremonies, 2-week cycle ● Key elements: ○ co-located teams - sitting in close proximity ○ review format: most often pairing driven by short delivery cycles ○ evolving test automation engineers to own framework instead of feature automation 9
  • 10. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. In The Trenches 10
  • 11. © 2023 Verosint. All rights reserved. Practices that worked for me ● Don’t lose sight of the goal ● Don’t make it personal ● Be curious ● Teach & learn ● Pick your battles ● Size matters ● Time - yours and theirs, interruptions ● Reviewed code is not bug free code 11 Image credit: png image from pngtree.com Remember: more time spent on reading code than writing
  • 12. © 2023 Verosint. All rights reserved. Extent of Code Changes ● The brain cannot keep focused on large code changes ○ too much changes lead to subpar reviews ● Keep code changes under 400 lines 12 Image credit: IMDB
  • 13. © 2023 Verosint. All rights reserved. Code Walkthroughs ● Consider code walkthroughs for new features, large changes ● Best if accompanied by ○ READMEs ○ Drawings / sketches ○ Example code / automated tests ○ Whiteboard ● In person or over Zoom ● Allow time for questions 13
  • 14. © 2023 Verosint. All rights reserved. Before Code Reviews ● Run static analyzers ○ Helps reviewers focus on higher level concerns ● Ensure that automated tests are passing ○ Helps reduce the requests for reviewing code changes again 14 Image credit: Wikipedia
  • 15. © 2023 Verosint. All rights reserved. Avoid Interruptions ● Interruptions are productivity killers ● Bundling technique ○ work interruptions limited to certain days or part of the day ○ for example: code reviews daily after standup ● Get your ducks in the row before requesting review ○ respect the time and interruptions code review ● Anti-pattern example: ○ requesting a review multiple times for multiple revisions in the same pull request 15
  • 16. © 2023 Verosint. All rights reserved. Checklists / Templates to The Rescue ● Sets expectations ● Easier for reviewers to follow a consistent format ● May be specific to a repository 16
  • 17. © 2023 Verosint. All rights reserved. Exceptions Are OK, too ● Consider relaxing code review requirements without sacrificing quality ● Examples: ○ 1-line code change ○ Changing only message catalog keys ○ Updating project README 17
  • 18. © 2023 Verosint. All rights reserved. Overcommunicate ● Don’t forget to set the context ● Links are helpful ○ tickets ○ design documents ○ decisions records ● Add your own code review comments in areas ○ where implementation choice may not be clear ○ where additional considerations were needed ● Eliminates back-and-forth ● Sometimes I mention: “I am not a Vulcan, I cannot mind-meld” ● Anti-pattern example: ○ 10-line code comment to explain a complex conditional 18
  • 19. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. What’s In It For Me? 19
  • 20. © 2023 Verosint. All rights reserved. Testing Specialists ● Make yourself more valuable to the team ○ coaching developers on testing ○ removing yourself eventually as the bottleneck ○ shorten the feedback loop ● Learn programming ○ reading is easier first than writing ● When done properly ○ code reviews create another collaborative venue ○ foster shared understanding ○ gel the team 20
  • 21. © 2023 Verosint. All rights reserved. Developers ● Opportunity to learn testing techniques ○ testing - especially feature-level - is a must-have skill, not a dedicated job ● Opportunity to share knowledge between developers ○ junior developers, interns can learn best practices to use, patterns to follow ○ senior developers can exercise their coaching, technical leadership skills ● Less rework, more new work ○ do you prefer fixing bugs or develop new features? Most will pick the latter. ● Think value ○ you are not valued on the # of lines of code you produce ○ reviews help to focus our efforts 21
  • 22. © 2023 Verosint. All rights reserved. Leaders ● Make it part of the software development lifecycle ○ will also pay dividends when customers ask about development practices ● Code reviews can ○ gel the team, ○ provide growth professionally to team members, ○ increase the value the team delivers 22
  • 23. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Wrapping It Up 23
  • 24. © 2023 Verosint. All rights reserved. Key Takeaways ● Code reviews are an essential part of the software development life cycle ● Can be done in many shapes and forms ○ having an agreed upon process appropriate for the context is key ● When done properly, it ○ helps create shared understanding, ○ becomes a powerful teaching tool, ○ provides a platform for coaching testing as well as development skills, ○ gels the team 24
  • 25. © 2023 Verosint. All rights reserved. Resources ● My Code Review Guidelines ● Newsletters ○ The Pragmatic Engineer by Gergely Orosz ○ The Beautiful Mess by John Cutler ● Podcasts ○ A/B Testing ○ Testing Peers ○ Maintainable Software ● Books ○ Your Code As A Crime Scene (2nd edition coming) ○ Software Design X-Rays ○ Clean Code: A Handbook of Agile Software Craftsmanship ○ SmartBear’s Best Practices and e-book ○ User Story Mapping ○ Accelerate 25 bit.ly/hustef2023
  • 26. © 2023 Verosint. All rights reserved. © 2023 Verosint. All rights reserved. Thank you 26