Default behavior of the Bot

The VIP Code Analysis Bot analyzes and reviews pull requests created in the WordPress VIP GitHub organization. The Bot also comments on pull requests with feedback using the GitHub username wpcomvip-vipgoci-bot. This feedback aims to highlight potential issues before they impact sites, and to assist software professionals with improving submitted code.

The Bot performs analysis using different utilities:

• PHPCS analysis
• PHP linting
• SVG analysis

To trigger the VIP Code Analysis Bot to analyze a pull request, create a pull request in a repository that belongs to the wpcomvip GitHub organization. A build status will appear once the Bot has started analysis and is updated in a few minutes when the analysis is complete.

As more commits are added to the pull request, the Bot will analyze the code again, flagging any new issues it sees. The Bot will avoid re-posting any previously made feedback. 

If no issues are found in the code of a pull request, the Bot will not post any reviews or comments. Instead, the build state will be “success”, and the build description displayed will be “No significant issues found”.

Required status checks can be enabled in branch protection rules to enforce a successful check from the Bot before pull requests can be merged.

Code or objects committed directly to deploy branches, such as production or develop, will not be analyzed by the Bot. VIP discourages committing directly to deploy branches to prevent potential impacts on stability and security on sites. Instead, VIP recommends submitting code via pull requests for analysis by the Bot for any branches which lead to deployment on sites, whether production, testing, or development. Only after evaluation (and possible improvement) should pull requests be merged into the relevant branch.