Code reviews
Random thoughts
There are two parties involved in code reviews — the author and the reviewer — and both have responsibilities. It is the responsibility of the author to create changesets that are easy to review.
There is no one-size-fits-all code review. It depends on (among others):
-
… the seniority of the changeset author. Junior engineers could use more detailed reviews, and it can be incredibly useful to switch to synchronous reviews (in-person or over a video/audio call) or even pair-programming.
-
… the state of the product. If it is not in production, then the stakes are lower, and code reviews could be done even after merge, or even after deployment. Stuff behind feature flags might be integrated (merged) and deployed even without a review. It might even be reasonable to postpone a review until the project is nearing completion, and then to a review of the entire codebase. For prototypes (which are not intended/supposed to ever end in production), it is reasonable to forego code reviews entirely.
-
… what is changed. Changes to tests and documentation have much lower stakes, while changes to security aspects (authentication and authorization) might need a second pair of eyes.
All code is malleable, and code that isn’t ideal does not necessarily need to be blocked from being merged. Some code is easy to modify after the fact, while other code is not (schema changes are tough).
To do: it can be better to have a conversation before making a code change. Only make a code change if there is a rough plan agreed upon.
To do: Tooling and processes cannot replace human communication. Good communication is critical. See also: Phrase suggestions as open questions.
To do: Pair programming constitutes an implicit code review.
To do: Expectations around how quickly an initial review can be expected.
Open questions
What is the research on code reviews? See also: The purpose of code review is not to find defects.
How do code reviews differ…
- … inside a team at a company?
- … between teams at a company?
- … in an open-source context?