1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Software Development Best Practices: Code Reviews – Part 3

Published by Mike Solinap
on August 4, 2014

In this third and final installment of my three-part software engineering best practices series on code reviews, we will look at the various tools available to facilitate the code review process.

We’ve already looked at the benefits of code reviews and why conducting them is crucial to your software development lifecycle — we’ve also examined how to properly go about the review process. Desiring to adhere to best practices is great, but it’s no good downloading a tool if you’re unsure why you need it or what to do with it, so if you missed those previous articles, make sure you read part one and part two before reading on.

Gerrit

Gerrit is a free web-based tool built for use with Git repositories. It was developed at Google for use developing the Android OS and is currently a required tool for anyone wishing to contribute code to the AOSP.

Gerrit is the best at integrating into the development workflow and making code reviews as unobtrusive as possible. It does this in three ways:

  1. Instead of pushing code directly to the git repository, users push code to Gerrit using a similar process as pushing to Git. From the developer’s perspective they are just doing a normal commit.
  2. Gerrit can incorporate automated testing as part of the signoff process, requiring code to pass both automated testing and manual inspection. This is convenient because it groups these two activities together instead of running them independently. If the automated tests fail, there’s a record in the same place as the manual reviews and reviewers don’t need to spend their time reviewing something that doesn’t work.
  3. After the review passes, Gerrit automatically handles the remaining task of merging the submitted changes into the main repository without having to further involve the author.

Some of the notable users include: Google/Android/GWT, CollabNet, eBay, Eclipse Foundation, Garmin, LibreOffice, Tizen, and Qualcomm.

ReviewBoard

Like Gerrit, ReviewBoard is a free web-based tool. Unlike Gerrit, ReviewBoard is compatible with a variety of SCM tools and supports both pre- and post-commit reviews, making it a much more flexible option if looking to add a formal code review tool into an existing software development process. The list of supported SCMs includes; Bazaar, ClearCase, CVS, Git, Mercurial, Perforce, and SVN — and post-commit reviews, or “audits”, make it possible to retroactively evaluate an existing code base.

In addition to source code, ReviewBoard allows arbitrary file types to be attached to a review request, allowing the review of supporting file such as images. The UI verges on cartoonish, but remains pleasant to look at and easy to navigate.

In terms of developer workflow, after an author makes a change, they submit a review request. This request can be made manually via a web interface, or through a command line interface. Following a passing review, the author can then push their changes to the main repository and close out their review request.

Some of the notable users include: Amazon, Cisco, Cloudera, NetApp, Twitter, VMware, Yahoo, LinkedIn, Apache Software Foundation, and KDE.

Crucible

Crucible is a proprietary tool belonging to Atlassian’s suite of developer tools. While not “open-source” in the sense of being free, users are able to view and modify the product’s source code to customize it for their own purposes. Since it is an Atlassian product, Crucible has very tight integration with industry standard tools like Jira and Confluence and contains a UI consistent with Atlassian’s overall look and feel.

Supporting CVS, Subversion, Git, Mercurial, and Perforce, Crucible should be flexible enough to integrate into the majority of projects without too much hassle. In addition to allowing both pre- and post-commit code reviews, Crucible offers the unique ability to do quick “cut-and-paste reviews” for creating and documenting informal reviews as code is being written.

If used on its own, Crucible requires users to manually submit review requests to initiate a code review. When integrated with other Atlassisan tools, reviews can be initiated directly from Jira tickets or by using FishEye’s “smart commit” feature which can trigger a review when code is checked into a repository.

Following a successful review, the author is notified via email and can add any closing remarks to the review documentation before closing the review. Whether any additional action on the part of the author is necessary is dependent on the overall setup. If FishEye triggered the review based on a repo commit, then nothing more needs to be done as the changes have been committed. On the other hand, if the author had to manually request the review prior to a commit, then the author will have the additional responsibility to push the code to the repository.

Some of the notable users include: Canon, Splunk, Red Hat, IEEE, Intuit, McAfee, NASA, and Zynga

Differential

Much like Crucible, Differential is a component in a suite of developer tools put forth by Phabricator. In case you haven’t heard of Phabricator, it’s an open-source collection of tools that are based on Facebook’s internal tools. If you’re a startup looking to set up your development infrastructure, or otherwise have no preexisting allegiances to people like Atlassian, then Phabricator could be a great solution for addressing a variety of needs. If you’re only interested in using Differential for your code review, it may require some effort. Specifically, you will have to install the complete set of tools and individually uninstall the ones deemed unnecessary.

Differential is a PHP web application able to run on the server of your choice and supports Subversion, Git, and Mercurial. Capable of both pre- and post-commit reviews, the typical workflow involves either manually creating a review request via the web UI or the Arcanist command line tool. After successfully passing the review, the author can then push to the main repository.

The big selling point for Differential is that it and the other tools bundled with it are highly integrated, fast, and scale easily. The tradeoff is that they really are meant to all be used together and trying to use individual tools on their own makes them less effective and less streamlined.

Some of the notable users include: Facebook, Bloomberg, Dropbox, deviantART, Khan Academy, Discus and Groupon.

Next Steps:

David Hubbell
Software Engineer
SPK and Associates

Latest White Papers

Atlassian Cloud: Understanding Zero Trust Security

Atlassian Cloud: Understanding Zero Trust Security

Where To Start & Why It Matters What is the Atlassian Cloud Zero Trust Security model? Well, for decades, enterprise security controls were built to protect a large, single perimeter around a corporation. Often described as castle-and-moat security, This approach...

Related Resources

Use Nessus To Harden Your Cybersecurity

Use Nessus To Harden Your Cybersecurity

Cybersecurity should be baked into the onset of IT and product development processes. Additionally, treating cybersecurity as an afterthought opens your organization up to vulnerabilities and risk. Therefore hardening your IT product cybersecurity with a tool like...

2022: The Year So Far Tech Review

2022: The Year So Far Tech Review

There’s been a lot of innovation, software and product releases in the past six months alone. So, we are rounding up the best tech review and engineering releases for the first half of 2022. The tech forecast for 2022 was heavily influenced by how the world adjusted...

CloudBees SDA:  Software Delivery Without Silos

CloudBees SDA:  Software Delivery Without Silos

Tired of missing deadlines, and only measuring performance of departments, but not of your entire software delivery organization? This blog will show you how CloudBees Software Delivery Automation (CloudBees SDA) can break down silos, drive DevOps mentality and...