Code Reviews

Owner: Project Lead (or Code Reviewer) Last revision: 12.11.2021

Project lead is responsible for weekly code reviews, including final code review before deployment. To help with code reviews, we created a checklist. Use this template ↗ to do code reviews.

Remember, these are rough guidelines you should adapt to each project.

• Code Quality
• DevOps
• Security
• Testing
• Technical PM
• User Experience
• Resources

Code Quality#

• Is code conforming to code style? If not, do it!
• Did we clean up code? (orphaned comments, debugging controls, etc.) If not, do it!
• Did we check for @TODO occurences? If not, do it!
• Did we run phpinsights? If not, do it!
• Did we check all pages for n+1 problems? If not, do it!
• Does code use modern OOP features (e.g. type hinting)?
• Did we use Laravel Telescope to track slow queries and other issues? If not, do it!

DevOps#

• Does our deployment server use SSL certificates? If not, set it up!
• Does our server redirect www to non-www and to https? If not, set it up!
• Do we have Docker local environment set-up to match server config? If not, do it!
• Do we have CI/CD set-up? If not, do it!
• Do we have separate production and staging environments set-up? If not, do it!
• Are backups set-up? If not, set it up!
• Is artisan scheduler set-up in crontab?

Security#

• Are /api routes protected by auth:api middleware? If not, do it!
• Is user object in localStorage verified against server-side? If not, do it!
• Is APP_ENV set to production? Is APP_DEBUG set to false? If not, do it!

Testing#

• Did we do functional testing? If not, do it!
• Did we do browser tests? If not, do it!
• Did we do stress tests for performance and scalability? If not, do it!

Technical PM#

• Do we have Bugsnag set-up for PHP & JS, and integrated into Slack channel? If not, do it!
• Do we have a setup.md file? If not, do it!
• Did we replace develop branch with staging? If not, do it!
• Is IPS up-to-date?
• Are class diagrams / data models / API docs up-to-date?

User Experience#

• Did we run page speed tests?
  • https://gtmetrix.com
  • https://tools.pingdom.com
  • https://webpagetest.org
• Do we have proper error handling. Custom pages for 404, 500, 503, Token Mismatch
• Did we verify that all HTTP status codes are ok with https://github.com/spatie/http-status-check
• Did we scan for mixed content with https://github.com/spatie/mixed-content-scanner-cli

Resources#

• Code review template ↗