Blog What is a code review? How is it realized in our company?

What is a code review?

In the process of software development, it is necessary to introduce routines that work together for the best result of the team. A code review plays a very big role in this and it is very important to use it in the development environment.code review is a systematic examination of the source code.

Basically, its function is to identify problems that may go unnoticed by the programmers and suggest alternative ways to solve them, thus improving the quality of the software. In fact, the code review brings a number of benefits to the company and guarantees the development of better quality products.

To use the code review correctly, it is necessary to adopt a number of procedures, such as:

  • Use a wiki - a document consisting of all project-related activities
  • Use checklists.
  • Use automation in conjunction with manual work to identify recurring patterns and errors.
  • Use process optimization tools.

Thanks to the code review, the system errors and bugs are fixed in time. In this way, the application reaches the production phase and the end user without any inconsistencies.

This also benefits the development team, as everyone involved is technically upgraded. In addition, more efficient collaboration is achieved. In addition, this exchange of knowledge helps the team to find other solutions if there are problems during development. Especially for those who are starting out in programming and do not yet have a very precise critical code sense, this type of feedback enables faster further development. It therefore adds great value not only to the team but also to the company, and another advantage is that responsibilities are shared and no developers are overloaded, which increases the overall productivity of projects.

What is SonarQube?

Ensuring the quality of the software is essential, and for this we can combine known practices with tools such as SonarQube.

SonarQube is a tool to ensure the quality of the source code. It performs several analyses and recognizes, for example

  • Source code snippets that can generate errors
  • Duplicate command lines, preventing the repetition of unnecessary instructions
  • Security

These analyses fulfill quality metrics that are configured in the tool itself according to some predefined patterns, which are, however, easily customizable.

The advantages of SonarQube:

  • Improving the quality of IT systems and applications
  • Better impact assessment
  • Greater visibility of software quality
  • Visibility of improvements and potential problems
  • Risk reduction when implementing new requirements in development
  • SonarQube can be synchronized with other tools

How do we implement Code Review?

At Kenner Soft you can find software developers who offer two code review options:

  • Automatic code review via SonarQube
  • Manual code review, carried out by other developers (usually senior developers, team leaders).

We use a console tool that makes it possible to automatically assign it to the team leader after the task has been completed.

Code Review

The screenshot shows that the programmer created the task and it was automatically assigned to the Team Lead.

By clicking on View the diff you can view the scope of work, i.e. all changes made to the code:

Code Changes

At the same time, the task is subject to review via SonarQube. The report with the results of this review is also automatically added to the task. SonarQube analyzes the code, and if certain problems or possible errors are found, the task is sent back to the developer so that he can fix them or make changes. If no problems are found, the successful one is displayed in the task.

The successful SonarQube report looks like this:

SonarQube Report

The unsuccessful report:

SonarQube Report 2

The code duplications were found here.

The code is transferred via Gitlab CI/CD. The main concepts of CI/CD are Continuous Integration, Continuous Delivery and Continuous Deployment.

CI/CD solves the problems that the integration of new code can cause for DevOps teams.example of the GitLab CI file:

stages:
  - test 

image:
  name: sonarsource/sonar-scanner-cli:latest
  entrypoint: [""]

variables:
  SONAR_TOKEN: "$SONARTOKEN"
  SONAR_HOST_URL: "$SONARHOSTURL"
  GIT_DEPTH: 0

sonarqube-check:
  stage: test
  script:
    - sonar-scanner -Dsonar.qualitygate.wait=true
  allow_failure: true
  tags:
    - sonarqube

After the developer has fixed the errors and the recheck was successful, the task is subject to manual review. If there are certain comments after the manual review, the task with the comments is automatically assigned back to the developer via a console command. It is therefore not necessary to assign the task via the Task Manager (we use Redmine), as it is a fully automated process. You can read about how Redmine and GitLab work together at our company here. If no problems are found after the review, i.e. the team lead has no comments and the review is successful, this task is sent to the test server. Two tests are performed: automatic and manual. You can read more about the testing process in our other article.Our agency Kenner Soft Services GmbH pays a lot of attention to the quality of the services provided. We check the code very thoroughly and carefully to deliver the best result to the client.

About the Author

Alex Novytskyi
CTO bei Kenner Soft Service GmbH. Unterstützung von Unternehmen bei der Verbesserung ihrer digitalen Prozesse mit Shopware, Oxid und JTL. Implementierung von Produktkonfiguration und PIM-Lösung. ERP-Integration und -Automatisierung.
Contact us