Code reviews are a subject that unfortunately brings about too much debate among programmers because they often are unsure how to perform them correctly and where they belong in the development process. It is possible that you may need to make some minor changes to your development workflow, and the review should happen before the code is checked into the mainline.
Most organizations moving to DevOps have discovered that code reviews do seem to work better when using a distributed version-control system, such as Git, which allows a developer to work on their own local version of the repository. Once the developer finishes their work, a simple pull request is made, which also contains a request for someone to review the new code.
One concept that many organizations fail to understand is that while code reviews will hopefully help find bugs in the code, they are not a replacement for a high level of automated test coverage. Remember, the code reviewers should never be doing regression testing in a sense, that is why we have automated tests. An absolute requirement before any code review is performed is that the new code has sufficient automated test coverage (Unit, Functional etc..) in place and all the tests are passing. The reason we still do code reviews though is because sometimes the test cases are poorly written or have missed some business logic, this is where the code reviews are effective. As a side note here, in order to confirm the Unit tests are written properly and cover the business logic it’s not a bad idea to run mutation testing on the Unit tests.
How to make Code Reviews More Effective
Its highly advisable and a DevOps best practice to create small branches since we should be releasing the code in an iterative fashion. This makes the job of the code reviewer much more manageable.
Hold reviews often
Since we should be checking in code in small iterations, we should be requesting code reviews frequently. The job of a code reviewer shouldn’t take hours to perform, we do this by keeping the task very small. Additionally, this allows the coder to receive feedback in a timely manner.
Architect and Engineers
It is preferable to have the software architect and at least one other engineer perform the code review. The architect should play the role of enforcing the architecture best practices.
Should you Use a Tool?
Code review tools such as those in GitHub allow for code review to be performed much faster and possibly more importantly, are part of the delivery pipeline. Tools like GitHub also allow the participants to hold conversations and verify suggested changes are made.