Talk:02 Code Review and Approval Procedure: Difference between revisions
Add topicNo edit summary |
|||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Introduction == | == 1. Introduction == | ||
=== 1.1 Purpose === | |||
Establish a standardized process for reviewing and approving code changes to maintain quality, catch issues early, and ensure audit traceability using tools like Git. | |||
=== 1.2 Scope === | |||
Covers all code changes in software projects across development teams, focusing on Git-based repositories. | |||
=== 1.3 Objectives === | |||
Enforce coding standards, reduce bugs, promote collaboration, and keep detailed records for internal audits. | |||
=== 1.4 Key Terms === | |||
* Git: Version control system for tracking code changes. | |||
* Branching: Creating separate code lines (e.g., feature branches) in Git. | |||
* Pull Request (PR): Git mechanism for proposing and reviewing code changes. | |||
* Reviewer: Assigned team member who evaluates the PR. | |||
=== 1.5 Standards === | |||
Align with company coding guidelines and audit requirements for traceability. | |||
=== 1.6 Audience === | |||
Developers, reviewers, team leads, and auditors. | |||
=== 1.7 How to Use === | |||
Follow this for all code changes; store in Confluence for access. | |||
== 2. Roles and Responsibilities == | |||
=== 2.1 Key Roles === | |||
* Developer: Makes code changes, runs tests, creates PRs. | |||
* Reviewer: Reviews PRs, adds comments, approves or requests changes. | |||
* Team Lead: Assigns reviewers, resolves issues, ensures process adherence. | |||
=== 2.2 Developer Tasks === | |||
* | * Use Git for branching and code changes. | ||
* | * Run test cases before creating PRs. | ||
* | * Act on reviewer comments and update PRs. | ||
=== 2.3 Reviewer Tasks === | |||
* | * Review code, add comments on issues. | ||
* Re-review updates until PR is approved. | |||
* | |||
=== 2.4 Team Collaboration === | |||
* | * Use Slack #code-reviews for notifications. | ||
* | * Link PRs to Jira tickets for tracking. | ||
* ''' | == 3. Code Review and Approval Process Overview == | ||
** Use | |||
** | === 3.1 Goal === | ||
Ensure code changes are reviewed thoroughly via Git, with tests run and comments addressed before approval. | |||
=== 3.2 Core Steps === | |||
* Use Git for all version control. | |||
* Apply branching strategy for code changes. | |||
* Make code changes and run test cases. | |||
* Create Pull Request in Git. | |||
* Assign reviewer(s). | |||
* Reviewer reviews and add comments. | |||
* Comments are acted upon by the developer. | |||
* Review and repeat until PR approval. | |||
* Merge approved PR. | |||
=== 3.3 SDLC Fit === | |||
Integrate with Agile sprints (review PRs daily) or Waterfall phases; track in Jira. | |||
=== 3.4 Change Tracking === | |||
Use Git commits linked to Jira (e.g., “Fix JIRA-123”). | |||
=== 3.5 Process Flow === | |||
* Step 1: Developer branches in Git and makes changes. | |||
* Step 2: Run tests locally or in CI. | |||
* Step 3: Create PR, assign reviewer. | |||
* Step 4: Reviewer adds comments; developer acts on them. | |||
* Step 5: Repeat reviews until approval; merge PR. | |||
=== 3.6 Exceptions === | |||
Emergency changes allow quick approval with Team Lead sign-off; log in Jira. | |||
=== 3.7 Version Control === | |||
* Require Git branches like feature/JIRA-123; protect main. | |||
* '''Automation''': Use GitHub Actions for auto-tests on PR creation. | |||
== 4. Code Review Planning == | |||
=== 4.1 Review Types === | |||
* Feature: For new code changes (e.g., new API). | |||
* Bugfix: For minor updates. | |||
* Emergency: For urgent fixes. | |||
=== 4.2 Scheduling === | |||
* Plan reviews in daily standups; set 24-hour turnaround. | |||
* Use Git branching to isolate changes. | |||
* Notify via Teams when PR is ready. | |||
=== 4.3 Review Criteria === | |||
* Code changes follow style guides. | |||
* Test cases run and pass (e.g., >90% coverage). | |||
* No security issues. | |||
=== 4.4 Risk Checks === | |||
* Verify code changes don't break existing features. | |||
* Ensure test cases cover edge cases. | |||
=== 4.5 Mitigation Plans === | |||
* Run automated tests before PR. | |||
* Use Git rebase for clean history. | |||
=== 4.6 Approvals === | |||
* At least 1 reviewer; 2 for critical changes. | |||
* Log in Git PR. | |||
=== 4.7 Communication === | |||
* Share PR links in Teams. | |||
* Update Jira with status. | |||
=== 4.8 PR Description === | |||
* Include Jira ID, code changes summary, test results. | |||
=== 4.9 Dependencies === | |||
* Check library versions in Git commits. | |||
== 5. Code Review and Approval Execution == | |||
=== 5.1 Pre-Review Activities === | |||
* '''Git and Branching''': Use Git; create branches (e.g., git checkout -b feature/JIRA-123). | |||
* '''Code Changes''': Do code changes | |||
* '''Run Test Case''': Execute unit/integration tests local | |||
* '''Commit Changes''': Commit changes (e.g., git commit -m "JIRA-123: Add login") | |||
* '''Create Pull Request''': Push branch, create PR in GitHub/Bitbucket with description. | |||
* '''Assign Reviewer''': Select reviewer(s) in PR tool or Jira. | |||
* '''Checklist''': Confirm tests pass, link Jira, notify on Teams. | |||
=== 5.2 Review Execution === | |||
* '''Assign Reviewer''': Team Lead confirms assignment. | |||
* '''Reviewer Reviews and Adds Comments''': Evaluate code, add feedback on standards, tests, and issues. | |||
* '''Comments Are Acted Upon''': Developer updates code, commits, and notifies reviewer. | |||
* '''Review and Repeat''': Re-review updates until all issues resolved and PR approved. | |||
* '''Tools''': GitHub/Bitbucket for reviews; SonarQube for quality. | |||
* '''Checklist''': Verify functionality, style, tests. | |||
* '''Feedback''': Use “Request Changes” or “Approve” in Git tool. | |||
* '''Logging''': Record comments/approvals in Git. | |||
=== 5.3 Post-Review Activities === | |||
* '''Approval''': Reviewer approves; merge PR (e.g., squash merge). | |||
* '''Verification''': Run CI tests post-merge. | |||
* '''Notifications''': Post merge in Teams; update Jira. | |||
* '''Documentation''': Update Confluence if needed. | |||
== 6. Document Control and Versioning == | |||
* '''Owner''': Team Lead; backup Senior Developer. | |||
* '''Changelog''': v1.0 (2025-09-22): Initial based on user points. | |||
* '''Review''': Every 6 months. | |||
* '''Retention''': 3 years in Confluence/AWS S3. | |||
* '''Access''': Team leads edit; auditors view. | |||
* '''Updates''': Approve via Team Lead/CTO. | |||
== 7. Appendices == | |||
* '''Templates''': PR template, review checklist. | |||
* '''Glossary''': Git, PR, Branching. | |||
* '''References''': Coding standards policy. | |||
* '''Contacts''': Team Lead: [Name], [Email], Slack @[handle]. | |||
* '''Sample Logs''': PR approval: “Approved by [Reviewer] at [Date].” | |||
* '''Checklists''': Pre-review table (Git, tests, PR). | |||
Latest revision as of 11:14, 22 December 2025
1. Introduction[edit | edit source]
1.1 Purpose[edit | edit source]
Establish a standardized process for reviewing and approving code changes to maintain quality, catch issues early, and ensure audit traceability using tools like Git.
1.2 Scope[edit | edit source]
Covers all code changes in software projects across development teams, focusing on Git-based repositories.
1.3 Objectives[edit | edit source]
Enforce coding standards, reduce bugs, promote collaboration, and keep detailed records for internal audits.
1.4 Key Terms[edit | edit source]
- Git: Version control system for tracking code changes.
- Branching: Creating separate code lines (e.g., feature branches) in Git.
- Pull Request (PR): Git mechanism for proposing and reviewing code changes.
- Reviewer: Assigned team member who evaluates the PR.
1.5 Standards[edit | edit source]
Align with company coding guidelines and audit requirements for traceability.
1.6 Audience[edit | edit source]
Developers, reviewers, team leads, and auditors.
1.7 How to Use[edit | edit source]
Follow this for all code changes; store in Confluence for access.
2. Roles and Responsibilities[edit | edit source]
2.1 Key Roles[edit | edit source]
- Developer: Makes code changes, runs tests, creates PRs.
- Reviewer: Reviews PRs, adds comments, approves or requests changes.
- Team Lead: Assigns reviewers, resolves issues, ensures process adherence.
2.2 Developer Tasks[edit | edit source]
- Use Git for branching and code changes.
- Run test cases before creating PRs.
- Act on reviewer comments and update PRs.
2.3 Reviewer Tasks[edit | edit source]
- Review code, add comments on issues.
- Re-review updates until PR is approved.
2.4 Team Collaboration[edit | edit source]
- Use Slack #code-reviews for notifications.
- Link PRs to Jira tickets for tracking.
3. Code Review and Approval Process Overview[edit | edit source]
3.1 Goal[edit | edit source]
Ensure code changes are reviewed thoroughly via Git, with tests run and comments addressed before approval.
3.2 Core Steps[edit | edit source]
- Use Git for all version control.
- Apply branching strategy for code changes.
- Make code changes and run test cases.
- Create Pull Request in Git.
- Assign reviewer(s).
- Reviewer reviews and add comments.
- Comments are acted upon by the developer.
- Review and repeat until PR approval.
- Merge approved PR.
3.3 SDLC Fit[edit | edit source]
Integrate with Agile sprints (review PRs daily) or Waterfall phases; track in Jira.
3.4 Change Tracking[edit | edit source]
Use Git commits linked to Jira (e.g., “Fix JIRA-123”).
3.5 Process Flow[edit | edit source]
- Step 1: Developer branches in Git and makes changes.
- Step 2: Run tests locally or in CI.
- Step 3: Create PR, assign reviewer.
- Step 4: Reviewer adds comments; developer acts on them.
- Step 5: Repeat reviews until approval; merge PR.
3.6 Exceptions[edit | edit source]
Emergency changes allow quick approval with Team Lead sign-off; log in Jira.
3.7 Version Control[edit | edit source]
- Require Git branches like feature/JIRA-123; protect main.
- Automation: Use GitHub Actions for auto-tests on PR creation.
4. Code Review Planning[edit | edit source]
4.1 Review Types[edit | edit source]
- Feature: For new code changes (e.g., new API).
- Bugfix: For minor updates.
- Emergency: For urgent fixes.
4.2 Scheduling[edit | edit source]
- Plan reviews in daily standups; set 24-hour turnaround.
- Use Git branching to isolate changes.
- Notify via Teams when PR is ready.
4.3 Review Criteria[edit | edit source]
- Code changes follow style guides.
- Test cases run and pass (e.g., >90% coverage).
- No security issues.
4.4 Risk Checks[edit | edit source]
- Verify code changes don't break existing features.
- Ensure test cases cover edge cases.
4.5 Mitigation Plans[edit | edit source]
- Run automated tests before PR.
- Use Git rebase for clean history.
4.6 Approvals[edit | edit source]
- At least 1 reviewer; 2 for critical changes.
- Log in Git PR.
4.7 Communication[edit | edit source]
- Share PR links in Teams.
- Update Jira with status.
4.8 PR Description[edit | edit source]
- Include Jira ID, code changes summary, test results.
4.9 Dependencies[edit | edit source]
- Check library versions in Git commits.
5. Code Review and Approval Execution[edit | edit source]
5.1 Pre-Review Activities[edit | edit source]
- Git and Branching: Use Git; create branches (e.g., git checkout -b feature/JIRA-123).
- Code Changes: Do code changes
- Run Test Case: Execute unit/integration tests local
- Commit Changes: Commit changes (e.g., git commit -m "JIRA-123: Add login")
- Create Pull Request: Push branch, create PR in GitHub/Bitbucket with description.
- Assign Reviewer: Select reviewer(s) in PR tool or Jira.
- Checklist: Confirm tests pass, link Jira, notify on Teams.
5.2 Review Execution[edit | edit source]
- Assign Reviewer: Team Lead confirms assignment.
- Reviewer Reviews and Adds Comments: Evaluate code, add feedback on standards, tests, and issues.
- Comments Are Acted Upon: Developer updates code, commits, and notifies reviewer.
- Review and Repeat: Re-review updates until all issues resolved and PR approved.
- Tools: GitHub/Bitbucket for reviews; SonarQube for quality.
- Checklist: Verify functionality, style, tests.
- Feedback: Use “Request Changes” or “Approve” in Git tool.
- Logging: Record comments/approvals in Git.
5.3 Post-Review Activities[edit | edit source]
- Approval: Reviewer approves; merge PR (e.g., squash merge).
- Verification: Run CI tests post-merge.
- Notifications: Post merge in Teams; update Jira.
- Documentation: Update Confluence if needed.
6. Document Control and Versioning[edit | edit source]
- Owner: Team Lead; backup Senior Developer.
- Changelog: v1.0 (2025-09-22): Initial based on user points.
- Review: Every 6 months.
- Retention: 3 years in Confluence/AWS S3.
- Access: Team leads edit; auditors view.
- Updates: Approve via Team Lead/CTO.
7. Appendices[edit | edit source]
- Templates: PR template, review checklist.
- Glossary: Git, PR, Branching.
- References: Coding standards policy.
- Contacts: Team Lead: [Name], [Email], Slack @[handle].
- Sample Logs: PR approval: “Approved by [Reviewer] at [Date].”
- Checklists: Pre-review table (Git, tests, PR).