May 07

Formal Code Review with Upsource

Upsource LogoIn the embedded world there is a never ending story to reach the highest quality of code possible. Once you bake a chip with a certain ROM, it’s usually  pretty expensive to fix bugs and a nightmare to upgrade devices in the field. Because of this, the quality delivered ‘for production’ should be thoroughly checked, formally reviewed and signed off as OK before sending it out to the manufacturer.

In previous posts I’ve talked about Software Requirement Traceability which already gives you a better idea on the overall state of your software through linking testcases with certain requirements. But we can go one step further!

People who have worked with Git might know Gerrit as some kind of gatekeeper that will force people to sign off bits of code, commits, before allowing it to be merged into the main repository. Due to various reasons I could not use Gerrit at the company I’m currently doing a project with and had to look elsewhere. Thanks to a friend of mine who is working at ZeroTurnaround I bumped into Upsource (from the guys over at Jetbrains and famous for their IntelliJ IDE). Upsource presents itself as a Polyglot Code Reviewing tool, which isn’t a lie!

I’m not going to bore people with details but rather give an overview on how I’ve implemented it and convinced people to actively use it.

First off, Upsource is a post-commit review framework. Unlike Gerrit, changes will have been merged into your favorite SCM. With this you really have to follow-up on what commits are done. Luckily you can set up Upsource to have triggers so it automatically creates reviews for commits done on, for example, a certain module of your software.

Secondly, these reviews can be auto-assigned to people based on some limited options (Upsource 3.5 should have more capability here, this is scheduled for September 2016 the last time I checked). What I added to my Upsource install is assigning people to a review based on one or more tags in the commit message. For example a message that looks like this: “Refactor sign-in function [DKE]” would have Upsource automatically assign it to me thanks to the [DKE] tag. With this, the committer can immediatelly notify people he would them to have a look (or sanity check) at whatever was in that commit.

Thanks to Upsource and the reviewing, we’ve already ended up with cleaner code, nobody wants to be “that guy” if you know somebody will have a (quick) look at your code. We used to shout feedback about commits back and forth and informally tell the original author to update this and that. Nothing of the converation got captured for future reference. Now we have the entire review history in Upsource and can get back to it in an instant to see why a certain decision to change some code was made. As an added bonus, people on the team might also become more familiar with parts of the code they are not an owner of maintainer of.

Lastly, Upsource provides some neat analytics on how much of your commits have been reviewed by one or more people. This could then also be used to show the management that the quality of the software is continuously being reassessed by the team and no compromises are being made.

I’d like to close with the fact that Upsource neatly integrates with GitHub, YouTrack and JIRA. The setup time took me less than an hour and in less than a day I got most of the system up and running. If your code quality could use a boost, give it a try, you’ll like it!