The VIP Code Analysis Bot analyzes pull requests created in the WordPress VIP GitHub organization, and submits a GitHub pull request review once the analysis is complete. The Bot also comments on pull requests with other messages as needed. The Bot posts these feedback and messages using the GitHub username wpcomvip-vipgoci-bot (see GitHub profile).
The Bot performs analysis using different utilities:
The aim of this feedback is to highlight potential issues before they impact sites, and to make it easier for software professionals to improve submitted code. All feedback from the Bot should be carefully evaluated.
To trigger the VIP Code Analysis Bot to analyze a pull request, create a pull request in a repository that belongs to the wpcomvip GitHub organization. The analysis will be performed and results posted in a few minutes time.
A build status will appear once the Bot has started analysis and is updated when analysis is complete. As more commits are added to the pull request, the Bot will analyze the code again, flagging any new issues it sees. The Bot will avoid re-posting any previously made feedback.
If no issues are found in the code of a pull request, the Bot will not post any reviews or comments. Instead, the build state will be “success”, and the build description displayed will be “No significant issues found”.
Code or objects committed made directly to branches, such as
develop will not be analyzed by the Bot. VIP discourages committing directly to deploy branches to prevent potential impacts on stability and security on sites. Instead, VIP recommends that all code is submitted first via pull requests for analysis by the Bot and to evaluate and act on the posted feedback. Only after evaluation (and possible improvement), should pull requests be merged into the relevant branch. VIP recommends the above process for any branches which lead to deployment on sites, whether production, testing or development.