Gitlab auto code review best practices

I am trying to set up a CI/CD pipeline where once the developer pushes the local to a remote dev repository in GIT LAB the code review process should take place. I was able to link the GITLAB repo with jenkins earlier so that when a code is pushed towards the git repo the code is build in jenkins automatically using the the trigger. But now i am checking whether the same test and build process can be done within the GITLAB interface with the help of any plugins. The initial code review process can be automated this way and later deployed to the required environment.

Does the gitlab have any automatic code review process? For example, When a developer pushes the branch to the remote repository, Do we have any option where we could have an automatic code review process which checks the basic coding standards and later a maintainer can accept the merge request if it satisfies the code quality standards.

1. I have used Jenkins but not sure whether I will be able to test the code and automatically review the code using Jenkins.

2. I have tried using gitlab CI (By Adding contents to '.gitlab-ci.yml' file) but the pipeline fails each time with different package dependencies as I am not sure what the contents need to add to '.gitlab-ci.yml' for code review in case if it is a Drupal or Magento code.

In this article, we explain why code reviews are very important, why you want to automate some aspects of code reviews and how to do it. In less than ten minutes, you will learn how to have automated code reviews on your GitLab repositories using Code Inspector.

Photo by Christina @ wocintechchat.com on Unsplash

Why automate code reviews?

Code reviews are an important element of software development: it is an opportunity to verify that your code is high quality, correct and does not contain any violations, security issues or vulnerabilities.

But code reviews are also time consuming, and in a world where we work in teams distributed in different timezones, it is difficult to have reviews done quickly. In addition, as code reviews are done by other developers and manual by nature, they can miss some important rules that should be checked and enforced in new code.

This is why automating your code reviews is important. First, automated code reviews are performed in seconds and give feedback quickly to the submitter. This enables real-time feedback that ensures all best practices are followed before you spend time on a manual review. Second, automated code reviews ensure that rule adherence is verified, ensuring better coverage of coding guidelines.

It is important to emphasize that automated code reviews do not replace manual code reviews but complement them. The automated part checks the coding guidelines, detects defective code and highlights potential refactors. It can be done in seconds and ensures that the code being submitted follows coding guidelines and does not contain syntactic and semantic errors. It is an additional layer to ensure code quality. On the other hand, manual reviews are still required to verify that the code being submitted correctly implements the requirements of your system.

Automated code reviews should be used as a first step to ensure that the code does not introduce any defects and enforces coding guidelines. Once the automated review passes, a manual review is requested. Following such a process reduces manual review time while improving the quality of each code submission.

In this article, we explain how to automate code reviews on GitLab using Code Inspector, a platform that helps developers reduce their technical debt and automates your code review. The platform is available for GitHub, Bitbucket and Gitlab. While this article focuses on GitLab, the same functionalities are available for Bitbucket and GitHub.

Note: This article assumes you already have an existing repository on GitLab, and it will walk you through how to perform a code review on your GitLab repository. If you need help creating a GitLab repository, please read this article from the GitLab documentation.

Step 1: Sign up on Code Inspector with your GitLab account

The first step consists of signing up on Code Inspector using your GitLab account. Simply go to the Code Inspector website and log in using your GitLab account.

The Code Inspector frontpage, choose the GitLab login option

Step 2: Create a Code Inspector project with your GitLab repository

Once logged on to the Code Inspector platform, create a project (1) and complete the form: fill in the name (2), its visibility (3) and whether the project is associated with a user or a group (4), as shown in the picture below.

Create a project on Code Inspector

The next screen invites you to select the location of your repository. Select GitLab and click on Next .

Selection of repository type

The last screen invites you to select the repository available on GitLab. Select the repository you would like to use, as shown below. Once complete, click on Save Project.

Repository selection

Your Code Inspector project is all set! Read on for instructions regarding how to create merge requests and have automatic code reviews!

Step 3: Create a Merge Request

Now that you have created a Code Inspector project associated with your GitLab project, let’s create a merge request and let’s have Code Inspector inspect the new code! The next step is to do a merge request on GitLab. This is how to proceed.

First, create a new branch where you will add your change. We create a new branch called code-review-example. Use the following command to do so:

git checkout -b code-review-example

Then, add some code to your repository. This code is the one sent for review. For demonstrating our automated code review process, we add Python code that imports an unused module and is missing documentation on its classes and function. A copy of the code is shown at the end of this section.

Once the code is written, add it using git:

git add pythoncode.py

Then, commit the changes in the branch:

git commit -a -m "Adding new code"

And finally, push the new branch to the origin of the repository (GitLab):

git push --set-upstream origin code-review-example

Now, what you have created is a new branch from the master branch. This new branch contains new code (the Python script pythoncode.py). The merge request is asking to merge this new code into the master branch. What the automated code review will do is to check that the new code from newbranch is correct. Code Inspector will verify this new code and surface any issues.

When you push your changes, GitLab returns a URL you can use to generate a merge request, as shown below.

The URL to create a merge request is shown when you push your code

When you visit the URL shown when you push the changes, you have a form to create a merge request that will merge the branch with your changes into the main branch of your repository (usually

git add pythoncode.py

0). Add a title and click on

git add pythoncode.py

1.

Open a Merge Request on GitLab

Below is the code used for this code review example (pythoncode.py)

import loggingclass Person:

def __init__(self, firstname, lastname):  
    self.firstname = firstname  
    self.lastname = lastname    def print_person(person):  
    if not person:  
        return None  
    else:  
        return "{0} {1}".format(person.firstname, person.lastname)  

Step 4: See the Merge Request Results

Once you create the merge request, Code Inspector automatically inspects the new code and reports any issues with the changes directly on GitLab. In the main page of the Merge Request, Code Inspector shows the result of its analysis, highlighting the number of issues, as shown below.

Result of the Code Review shown in the Overview tab of the Merge Request

You can then visit the

git add pythoncode.py

3 tab to visualize the issues on each file. All issues reported by Code Inspector are reported as annotations, which makes it easy to visualize where issues are located in your changes.

All errors detected by Code Inspector appear as annotations in the code changes

Step 5: Customize Code Inspector results

You may want to customize Code Inspector by adding more checks, making them more restrictive or ignoring some rules. This is really easy to do!

To ignore rules, visit the merge request view on Code Inspector. To do so, visit the tab

git add pythoncode.py

4 on GitLab and look at the summary link from the last message from Code Inspector (as shown below). The message includes a link to the merge request view on Code Inspector. Click on this link to visit the merge request view on Code Inspector.

Location of the URL from Code Inspector

You will then visualize the merge request results on Code Inspector. In this view, you can click to ignore rules. You can then disable rules that seem to be too restrictive or useless to you.

Code Review interface on Code Inspector

Finally, you can also change the preferences of the project to define which rules are being run on your repository and change analysis parameters. The project preferences on Code Inspector contains an extensive list of analysis parameters to define.

You can change analysis parameters in your project preferences

Summary

In this article, we presented the importance of automated code reviews. We explained how to automate your code reviews on GitLab using Code Inspector. The same features are also available for GitHub and Bitbucket.

It takes less than a few minutes to get your code changes analyzed and receive feedback on your code. Automating code reviews provides quick feedback on the code, guarantees coverage of all rules that need to be verified and more importantly, reduces time spent by engineers on code reviews, increasing overall productivity.

About Code Inspector

Code Inspector is a code analysis platform that helps developers produce better code. The platform generates plans to reduce technical debt and automates code reviews. Code Inspector supports more than 10 languages and is available for major code hosting platforms such as GitHub, GitLab or Bitbucket.

What is automated code review in GitLab?

What the automated code review will do is to check that the new code from newbranch is correct. Code Inspector will verify this new code and surface any issues. When you push your changes, GitLab returns a URL you can use to generate a merge request, as shown below.

What is the best practice for code review?

Review fewer than 400 lines of code at a time A SmartBear study of a Cisco Systems programming team revealed that developers should review no more than 200 to 400 lines of code (LOC) at a time. The brain can only effectively process so much information at a time; beyond 400 LOC, the ability to find defects diminishes.

What is the difference between assignee and reviewer in GitLab?

Assignee and Reviewer have different meanings: Assignee means you own the pull request or issue and are getting it into a merge-ready state. If you are no longer owning a given pull request or issue, take your name off as assignee. Reviewer means you are actively reviewing a pull request.

How do you organize a code review process?

Use this code review checklist as a foundation on which to build your process documentation..

Set clear objectives. ... .

Verify feature requirements. ... .

Identify bugs. ... .

Assess code readability and maintainability. ... .

Check for security vulnerabilities. ... .

Evaluate speed and performance. ... .

Improve documentation. ... .

Spread the word..