Customers with Application Support or Premier Support have the ability to request code review from the VIP Team.
The goal of VIP reviews is to provide feedback for pull requests that address:
- Security, which includes the security of your site’s access and data as well as its users.
- Performance, which includes how well your site can handle normal and peak traffic and how quickly your content renders.
VIP also reviews for development best practices that include maintainability, defensive coding practices, clarity, and much more.
Also review VIP’s recommendations for the speediest code review.
After creating a pull request
A pull request should contain code that is complete and ready to merge. Draft pull requests cannot be reviewed.
On a pull request against a review branch (this might not be the branch deploying to a production environment), the VIP Code Analysis Bot should comment indicating whether the pull request has been automatically added to VIP’s review queue. When reviews are optional, a comment from the Bot will explain how to add a label to request a review. If this message appears and a review is needed, add the label.
Customers with Application Support or Premier Support packages can request specific developer feedback on their codebase (including themes and custom plugins) by adding the
[VIP] Review Request label to a pull request against
master. Before adding the label, ensure that as many errors and warnings from the automated scan as possible have been addressed. Pull requests without the
[VIP] Review Request label will not be manually reviewed. The same applies for pull requests with the label that are not against
The labels field can be found in the GitHub UI on the right sidebar of a pull request:
Pull requests against a review branch, that are not drafts, with the label
[VIP] Review Request, will surface as a new review request in VIP’s internal review queue. The VIP Team will review the pull request directly on GitHub, and suggest any changes by leaving comments. The customer’s team should then go through and make any necessary changes. If further feedback is needed, “dismiss” the review. This process continues until there are no outstanding issues, at which point the VIP Team will “approve” the request.
Where possible, it is recommend to create small pull requests by breaking them down into atomic commits. If the changeset is larger than 1000 lines of code, it will need to be scheduled for a review.
The duration of manual code review can vary depending on the complexity of the code. Customers with a Technical Account Manager (TAM) can request assistance with determining an appropriate timeline for a project.
Categories of code review feedback
VIP code reviews provide feedback in three categories: Errors, Warnings, and Notices.
- VIP Errors — Will not work or will expose a site to severe performance and security concerns.
- VIP Warnings — It is strongly recommend that a customer’s team resolves these issues as soon as possible.
- VIP Notices — Needs to be considered carefully when including them in a VIP theme or plugin.
Requesting urgent reviews
Some customer applications are configured to block merging of pull requests without a review from VIP. Users with Admin access to the GitHub repository have the ability to bypass this requirement and merge the pull request. For urgent changes, this is often the fastest way to deploy the pull request.
Customers with Application Support or Premier Support packages can request VIP to urgently review changes after they have been merged by creating a VIP Support request. In the request, provide a link to the specific pull request along with other details that can help VIP to provide meaningful feedback.
If a GitHub Admin is unable to merge a pull request, an expedited review from VIP can be requested by creating a VIP Support ticket set to an “Urgent” priority. If the exact change has already been approved by VIP in a different repository, the review process can be greatly expedited if a link to the previously approved pull request is included in the request. As with non-urgent code reviews, if the changeset is larger than 1000 lines of reviewable code, it must be scheduled for review.