Skip to content

Default behavior of the Bot

The VIP Code Analysis Bot analyzes and reviews pull requests created in the WordPress VIP GitHub organization. The Bot also comments on pull requests with feedback using the GitHub username wpcomvip-vipgoci-bot. This feedback aims to highlight potential issues before they impact sites, and to assist software professionals with improving submitted code.

The Bot performs analysis using different utilities:

To trigger the VIP Code Analysis Bot to analyze a pull request, create a pull request in a repository that belongs to the wpcomvip GitHub organization. A build status appears when the Bot’s analysis has begun. The build status will update when the analysis is complete, which usually requires several minutes.

Note

The pull request must remain open during the analysis process. If a pull request is merged or closed before the process is complete, the VIP Code Analysis Bot will fail to provide feedback.

As more commits are added to the pull request, the Bot will analyze the code again, flagging any new issues it sees. The Bot will avoid re-posting any previously made feedback. 

If no issues are found in the code of a pull request, the Bot will not post any reviews or comments. Instead, the build state will be “success”, and the build description displayed will be “No significant issues found”.

Screenshot of a successful build returning the build description “No significant issues found”

Considerations

  • Code or objects committed directly to deploy branches, such as production or develop, will not be analyzed by the Bot. Committing directly to deploy branches is strongly discouraged to prevent potential impacts on stability and security on sites. Instead, VIP recommends submitting code via pull requests for analysis by the Bot for any branches which lead to deployment on sites, whether production, testing, or development. Only after evaluation (and possible improvement) should pull requests be merged into the relevant branch.
  • The pull request must remain open during the analysis process. The VIP Code Analysis Bot will fail to provide feedback if a pull request is merged or closed before the analysis process is complete.
  • The pull request must contain at least 1 commit made within the last 7 days to trigger the Bot for analysis. Any new commit made to the branch (e.g. an update to README.md) will trigger the Bot to analyze the pull request.
  • Required status checks are optional and can be enabled in branch protection rules to enforce a successful check from the Bot before pull requests can be merged.
  • Adding the Bot as a reviewer for a pull request is unnecessary and has no influence on the behavior of the Bot.

Last updated: March 05, 2024

Relevant to

  • WordPress