Skip to content

Code review

Request a VIP code review

Customers with Application Support or Premier Support have the ability to request code review from the VIP Team.

The goal of VIP reviews is to provide feedback for pull requests that address:

  • Security, which includes the security of your site’s access and data as well as its users.
  • Performance, which includes how well your site can handle normal and peak traffic and how quickly your content renders.

VIP also reviews for development best practices that include maintainability, defensive coding practices, clarity, and much more.

VIP’s review focuses on the performance and security considerations in PHP, custom JavaScript, and SVG files. We do not review HTML, CSS, SASS, many popular third-party JavaScript libraries, or built JavaScript files.

Also review VIP’s recommendations for the speediest code review.

After creating a pull request

A pull request should contain code that is complete and ready to merge. Draft pull requests cannot be reviewed.

On a pull request against your review branch (this may not be your production branch), the VIP Code Analysis Bot should comment indicating whether the pull request has been automatically added to our review queue or, when reviews are optional, explain how to add a label to request a review. Once you see this message, if you need a review, please add the label.

Customers with Application Support or Premier Support packages can request specific developer feedback on your codebase (including themes and custom plugins) by adding the [VIP] Review Request label to a pull request against master. Before adding the label, ensure that you’ve addressed as many errors and warnings from the automated scan as possible. Please note that pull requests without the [VIP] Review Request label will not be manually reviewed. The same applies for pull requests with the label that are not against master.

You can find the labels field in the GitHub UI on the right sidebar of your pull request:

Pull requests against your review branch, that are not drafts, with the label [VIP] Review Request surface as a new review request in our internal review queue. The VIP Team will review the pull request directly on GitHub, and suggest any changes by leaving comments. Your team should then go through and make any necessary changes, and if you need further feedback, please “dismiss” the review. This process continues until there are no outstanding issues, at which point the VIP Team will “approve” the request.

Where possible, we recommend keeping pull requests small by breaking them down into atomic commits. If the changeset is larger than 1000 lines of code, it will need to be scheduled for a review. The duration of manual code review can vary depending on the complexity of the code, and your Technical Account Manager will help you determine an appropriate timeline for your project.

Categories of code review feedback

VIP code reviews provide feedback in three categories: Errors, Warnings, and Notices.

  • VIP Errors — This won’t work or will expose your site to severe performance and security concerns. This category was formerly called a VIP Blocker.
  • VIP Warnings — We strongly recommend your team take care of these issues as soon as possible.
  • VIP Notices — Needs to be considered carefully when including them in your VIP theme or plugin.

Requesting urgent reviews

If a change is urgent, a GitHub Admin can merge a Pull Request without VIP’s review at any time. If needed, you can ask VIP to review the changes after they have been merged by opening a support ticket and referencing the Pull Request.

To request an expedited VIP review before merging, you can mention certain trigger keywords either in the title or the initial comment of the pull request: “vip” plus one of “hotfix” or “urgent” will trigger an urgent VIP review request. E.g. “Can VIP please review this on an urgent basis?”

Last updated: January 18, 2022