Digital Marketing & Communications

We've seen 1s and 0s you wouldn't believe

Making code reviews awesome with free GitHub integrations

📥  Development, Tools

Back in March, we made our editorial Slackbot open source. We mostly did this out of the goodness of our hearts, and because of a sincere desire to give back to the open-source community. But there was a slightly more selfish reason: open-source repositories on Github get free access to a lot of goodies, and I wanted to test them out.

GitHub has well over 100 available integrations in its directory alone, and there are many more tools which can connect to your GitHub account and interact with your commits, pull requests (PRs) and other processes.

Many of these are free to use for public repositories. Some are free for private ones as well – but usually you're more likely to pay some sort of subscription. So it's worth testing them out on something open-source first.

Hakiri

Hakiri is a tool which checks your Ruby applications for security vulnerabilities.

I set up Hakiri to scan my code every time I created a pull request and notify me of the result through GitHub. You can also set up notifications over email or Slack.

Setting up integration through Hakiri's website was a breeze. It immediately gave me a helpful nudge to update some older gems. It also provided some very thorough information about what the security risks were and how to fix them.

I found Hakiri enormously useful and will definitely use it more in the future.

Screenshot of Hakiri

Hakiri notifies you about security risks – in this case, a vulnerability in one of our dependencies. Luckily it was a quick fix!

Hound

Hound checks and enforces your code style every time you create a new PR.

It runs its checks based on your Rubocop config and makes line-by-line comments on your PR for individual issues. If your code has a lot of issues, this could potentially generate a lot of comments, but that alone could potentially discourage style violations.

If everything's fine, Hound will let you know that the code meets your standards with a friendly "Woof!"

We usually use linters with our code editors to automatically flag style violations as we work, so Hound didn't flag very many style violations. But it's still a useful tool and could catch issues in code before a reviewer gets to them, which could save everyone time.

A screenshot of Hound commenting on a GitHub pull request

Hound commenting on a commit

Travis CI

Travis CI is a popular continuous integration tool. We already use Bamboo for this sort of thing, but it can't hurt to check out some competitors.

I configured Travis CI to run the build every time I pushed a commit. Travis CI then reports back through the PR and its own web interface to let us know if the build ran successfully and if all the tests passed. This means really quick, automated feedback on whether the latest version of your code actually works.

Bamboo unfortunately doesn't offer this level of GitHub integration. Atlassian, if you're listening... might be time for a feature update?

Screenshot of a successful build in Travis CI

A successful build in Travis CI. (PR #5 for the tests? I know, I know. Always write your tests first, kids.)

Code Climate

Code Climate provides an automated code review for your PRs.

It checks for issues like style violations, duplicated code and other examples of bad practice. Then it provides you with a GPA (like 3.6) and a file-by-file breakdown of all the problems it found.

It can also provide an estimate of what percentage of your code is covered by your tests – a useful way to find out if there are any gaps you should fill in.

Overall, it's a nice extra check to spot problems in your code and improve its overall quality.

Screenshot of Code Climate

An overview of the code quality. 3.61 is a B+... not bad, but still room for improvement

In conclusion

None of these tools can totally replace an actual code review from another developer. However, they can definitely enhance the review and save you and your reviewer from a lot of monotonous tasks, like running the test suite yourself or checking individual gems for security vulnerabilities.

And if you can catch these problems before your code reaches another person, then you can fix them too, making for a much faster and smoother review – sounds good, right?

Screenshot of automated checks passing in GitHub

Hitting merge with a little help from my robot friends

We use GitHub Enterprise for most of our repositories, which unfortunately does limit some of the integrations we can use. But if you use GitHub, you should definitely look into using some of these tools – I know we will.

Leave a Reply

  • (will not be published)