The VIP Code Analysis Bot analyzes and reviews pull requests created in the WordPress VIP GitHub organization. The Bot also comments on pull requests with feedback using the GitHub username wpcomvip-vipgoci-bot. This feedback aims to highlight potential issues before they impact sites, and to assist software professionals with improving submitted code.
The Bot performs analysis using different utilities:
To trigger the VIP Code Analysis Bot to analyze a pull request, create a pull request in a repository that belongs to the wpcomvip GitHub organization. A build status appears when the Bot’s analysis has begun. The build status will update when the analysis is complete, which usually requires several minutes.
The pull request must remain open during the analysis process. If a pull request is merged or closed before the process is complete, the VIP Code Analysis Bot will fail to provide feedback.
As more commits are added to the pull request, the Bot will analyze the code again, flagging any new issues it sees. The Bot will avoid re-posting any previously made feedback.
If no issues are found in the code of a pull request, the Bot will not post any reviews or comments. Instead, the build state will be “success”, and the build description displayed will be “No significant issues found”.
Required status checks can be enabled in branch protection rules to enforce a successful check from the Bot before pull requests can be merged.
Code or objects committed directly to deploy branches, such as
develop, will not be analyzed by the Bot. VIP discourages committing directly to deploy branches to prevent potential impacts on stability and security on sites. Instead, VIP recommends submitting code via pull requests for analysis by the Bot for any branches which lead to deployment on sites, whether production, testing, or development. Only after evaluation (and possible improvement) should pull requests be merged into the relevant branch.
Last updated: January 20, 2024