Hey, I want your opinion on code reviews, what is the best way to use them in a professional environment? Pick one of the following and give me your thoughts (from the most forgiving to the most strict):

  1. no code reviews, they are useless
  2. optional code reviews
  3. mandatory reviews on code that is already merged, optional fixes
  4. mandatory reviews on code before merging (like a pull request), with a time-frame for optional fixes (i.e. whether to fix what has been pointed out is up to the author), merge will occur anyway.
  5. mandatory reviews on code before merging (PR) with mandatory fixes.

Of course in open source development with public contributions, you’ll often see (5), but I’m not convinced it could work in professional dev.

Edit: I’m talking about a team of 5 mid to senior devs (no junior or interns) working on a 2-3 year project without many security concerns, but feel free to give me your general opinion.

  • KairuByte@lemmy.dbzer0.com
    35·
    2 days ago

    Why would the answer ever be anything other than 5?

    Let’s just go full boar hypothetical: Someone is trying to merge malicious code. Anything other than 5 means the malicious code gets merged.

    • cristian64@reddthat.com
      3·
      2 days ago

      I can only think that what they have in mind is a small project with only few people involved. Otherwise anything other than 5 is ridiculous.

    • coredev@programming.dev
      25·
      2 days ago

      In a small shop where people really know and trust each other and all have high quality standards and would never break main - is code review necessary and for what purposes if so?

      • ikirin@feddit.org
        1·
        15 hours ago

        I work in a similar environment. Most of our projects lifecycle we were 4 devs who knew each other reasonably well and all had high trust in each other. Unless it was a one-liner or a hotfix at 4am did get merged without a code review. Most if the reviews were just hitting the checkmark, things look fine done. But sometimes someone makes a mistake, as is human. In that case we caught it before it hit main.

      • KairuByte@lemmy.dbzer0.com
        16·
        2 days ago

        Yes, absolutely.

        “Never break main” is the same concept as “never get in a car accident.” Good in theory, but it’s no replacement for insurance.

        Everyone makes mistakes. PRs help catch those mistakes. Yes, bugs will still sneak in, no one is perfect, but a proper PR process is absolutely vital no matter the team size.

      • TehPers@beehaw.orgEnglish
        4·
        2 days ago

        Yes, it’s necessary. Even if everyone writes perfect, bug-free code, people learn from code reviews.