Category Direction - Code Review

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

Code Review
Introduction and how you can help

Code Review

Section	Stage	Maturity	Last Reviewed
Dev	Create	Loveable	2022-12-01

Introduction and how you can help

Thanks for visiting this direction page on Code Review in GitLab. This page belongs to the Code Review group of the Create stage and is maintained by Kai Armstrong (E-Mail).

This direction is constantly evolving and everyone can contribute:

Please comment and contribute in the linked issues and epics on this page. Sharing your feedback directly on GitLab.com or submitting a merge request to this page are the best ways to contribute to our strategy.
Please share feedback directly via email, Twitter, or schedule a video call. If you're a GitLab user and have direct knowledge of your need for Code Review, we'd especially love to hear from you.

Overview

Code Review is an essential activity of software development. It ensures that contributions to a project maintain and improve code quality, and is an avenue of mentorship and feedback for engineers. It can also be one of the most time consuming activities in the software development process.

GitLab's guiding principle for Code Review is: Reviewing code is an activity that ultimately improves the resulting product, by improving the quality of the code while optimizing for the speed at which that code is delivered.

The Code Review process begins with authors proposing changes to an existing project via a change proposal. Once they've proposed the changes they need to request feedback from peers (Developers, Designers, Product Managers, etc) and then respond to that feedback. Ultimately, a merge request needs to be approved and then merged for the Code Review process to be completed for a given changeset.

When an author submits their merge request, the first step is to find an appropriate person to review the changes. As an author, it can be hard to determine who might have subject matter expertise in an area, who has available capacity, and, ultimately, who needs to approve your merge request. If the wrong person is selected for a review, the quality of the review and the speed at which that review is completed are impacted.

When an author finds the right reviewer, it's important that the reviewer is able to easily understand the context of the changes, and provide constructive and meaningful feedback to the author. The feedback a reviewer provides should provide clear intention and actionable comments which are devoid of undocumented opinion.

Merge request reviewers also need to transparently communicate status of the review at all points in time. This includes communicating to themselves which changes have been reviewed and where in the process they are. They also need to be able to communicate this to the change author so that they understand when they need to action feedback. Finally, status needs to be communicated to other reviewers and interested parties so that the contribution is delivered efficiently.

After feedback has been provided through the merge request, the author must respond to that feedback and signal to reviewers that it has been actioned either via additional changes or comments. Authors also need to address feedback provided by automated testing, security scanning and quality review tools as part of their contribution.

As a final piece of the review cycle, the merge request needs to be approved. This is an important affirmative signal that the contribution meets the standards of the project and is an improvement to the codebase. In some cases, initial reviewers provide that approval which is why selecting the correct reviewer is so important. In cases where there are second level approvals required, surfacing that information to authors and suggesting appropriate approvers can ensure contributions don't sit stale.

GitLab's vision for code review is a place where:

changes can be discussed,
developers can be mentored,
knowledge can be shared,
defects identified, and
contributions delivered.

In GitLab, Code Review takes place in the merge request. GitLab should make these tasks efficient and easy, so that velocity and code quality both increase even if the merge request isn't perfect.

Metrics of success

The metrics by which we measure the success of the Code Review category are aligned with our goals for code review, specifically ease of use, love-ability, and efficiency.

Primary metric

Our primary metric is: reducing the duration of the Code Review. This is measured as the duration from the first merge request version to merged.

Secondary metrics

Secondary metrics of success act as support for the primary metric, helping build a more complete picture of how successful the category is.

Once in a while, we conduct UX scorecards to track the user experience through various heuristics — see all UX scorecards for Code Review. At the Create stage level, we conduct usability benchmarking studies.

Right now we're focused on measuring and improving perceived performance: “how fast, responsive, and reliable a website feels to its users. The perception of how well a site is performing can have more impact on the user experience that the actual load and response times.” Perceived performance is not only technical performance (i.e. load and response times), but also user performance (i.e. efficiency in completing tasks), and can be formulated as:

perceived performance = f(expected performance, UX, actual performance)
experience = f(perceived performance, task completion)

Aspect	Measured by	Results
`Expected performance` and `UX`	Primarily by user’s feedback, and secondarily by actual performance of competitors.	SaaS user’s feedback (in progress) Competitor performance (Software Forge Performance Index) (maintained by SourceHut) Largest Contentful Paint of SaaS vs GitHub.com for key pages
`Actual performance` (load and response times)	Primarily by the Largest Contentful Paint (LCP) metric, and secondarily by other important metrics.	Test instance (test samples: large MR overview and changes tabs, large MR commits tab) SaaS: `gitlab-foss` large MR overview tab (test sample) SaaS: `gitlab-foss` large MR changes tab (test sample) SaaS: `gitlab-foss` empty MR overview tab (test sample) SaaS: `gitlab` large MR overview tab (test sample) SaaS: `gitlab` small MR overview tab (test sample) SaaS: Other project MR overview tab (test sample)
`Task completion` (task times)	Estimates of user’s execution time of primary tasks through the GOMS approach. We focus on the percentage difference of GitLab and competitors, or of current and proposed designs.	July 2021 estimates

Connection between Source Code Management and Code Review

The Source Code category of GitLab offers the features where the creative process begins. Here authors will not only consume existing project contents but will also author new content that will eventually move through the DevOps lifecycle. Additionally, many of the features in Source Code are consumed in the Code Review stage of the software developement lifecycle. Consider the following examples:

Merge request approvals allow project maintainers to define who is the most relevant user/group to review a particular portion of the codebase. While this feature is consumed in the Code Review process, it is created and managed in the Source Code Management process.
Code owners enable teams to present clear signals around codebase ownership as well as enables project maintainers to ensure subject matter experts are reviewing incoming changes. This feature is created and managed in Source Code, but part of its outputs are consumed in Code Review.

Because of this close relationship, the Source Code Management group must work closely with the Code Review group in order to ensure the developer experience is cohesive and efficient. This experience is core to providing a great first impression for users.

Target Audience and Experience

Code review is used by software engineers and individual contributors of all kinds. Depending on their context, however, the workflow and experience of code review can vary significantly.

full time contributor to a commercial product where reducing cycle time is important. The review cycle is tight and focussed as a consequence of best practices where keeping merge requests small and iterating at a high velocity are objectives. Code review workflows for these users are Complete
occasional contributor to an open source product where cycle time is typically longer as a consequence that they are not working on the project full time. This results in longer review times. When long review times occur, the participants in the merge request will need to spend more time reacquainting themselves with the change. When there are non-trivial amounts of feedback this can be difficult to understand. Code review workflows for these users are Complete
scientific projects frequently have a different flow to typical projects, where the development is sporadic, and changes are often reviewed after they have been merged to master. This is a consequence of the high code churn associated with high exploratory work, and having infrequent access to potential reviewers. Post-merge code review workflows are not yet viable in GitLab.

Challenges to address

There are many code review tools in the market as well as multiple workflows. Deciding which features/workflows to build-in to GitLab is important so that users can migrate seamlessly. However, it is not realistic for us to support every feature/workflow out there, as such we must suss out the most popular, forward-looking features/workflows, and support them in GitLab.

Some of the features/workflows we are planning to build into GitLab:
- Merge request reviewer handoff and workflow
  - Merge requests that require my attention

Where we are headed

The code review process involves at least two roles (author, and reviewer) but may involve many people, who work together to achieve code quality standards and mentor the author. Furthermore, many reviewers are often not Developers. Reviewers may be Developers, Product Designers, Product Managers, Technical Writers, Security Engineers and more.

In support of GitLab's vision for code review, areas of interest and improvement can be organized by the following goals:

Ease of use influences whether users choose to use the GitLab tool to merge branches instead of simply interacting with the Git server via command line. Merge requests should be easy to use and provide enough visible value such that users will default to use merge requests. This is a key objective of our effort to restructure merge requests.
Love-ability captures the essence that GitLab is enjoyable to use, which may mean that it is fast, invisible and allows you to get your work done. Particularly, GitLab should encourage the best of communication between colleagues and contributors, helping teams celebrate great contributions of all kinds, and express their ideas without misunderstandings. How GitLab communicates with people, will influence how people communicate with each other inside GitLab. Utilizing expressive merge request comments allows this communication to happen in a clear and structured way for all participants.
Efficiency directly influences velocity within the time span of a single merge request
- Author efficiency considers how a merge request author can create and address code review feedback, find a relevant reviewer for their merge request, and incorporate incoming feedback.
- Reviewer efficiency considers how an individual reviewer can review a code change, leave feedback, and also verify their own feedback has been addressed. Provide enhanced context when reviewing new information (for example, through code intelligence) for efficiency. We're currently working on review efficiency through improvements to the review comments experience.
- Team efficiency considers a team can coordinate and communicate responsibilities, progress and status of a merge request, and quickly the entire process can be completed. Support workflows that enable new and better ways of working (for example, suggest changes, commit by commit review).
Best practices Influence efficiency of teams and projects over a longer time scale, and can include fostering norms and behaviours that aren't explicitly enforced through the application. Amplifying best practices, great defaults and documentation play a significant role in this.
Policy controls that allows code review requirements to be set and enforced, going above and beyond amplifying and encouraging best practice. We're partnering with the Compliance team to help bring existing controls up to higher levels to make compliance easier across your organization.

What's Next & Why

Feature Enhancements

In Progress: Improve code review (batch comments) experience

Understanding the state of a merge request and what needs to be done and who needs to take action is an important part of moving the merge request forward. We're currently focused on designs for review rounds to further explore the merge request state and how we can communicate review cycles more easily to merge request participants.
Later: Expressive merge request comments

Communicating the intent behind each comment left during a review is important for making it clear what needs to be addressed to make the improvement, and what can be addressed in future iterations. One way to solve this is with conventional comments to correctly classifiy the feedback.

Performance and Reliability Improvements

In Progress: Restructure merge requests

The merge request interface is overwhelming and can be challenging to find the information you need to complete the tasks you're working on. We're exploring several areas to restructure information on the page, remove items where appropriate, and increase the focus on completing the important tasks for merge requests.

In Progress: Merge request performance roundtables

The performance of the merge request is critical in moving our product forward and improving developer satisfaction with the product. In an effort to take a "what would we do today" approach, we're beginning a series of performance roundtables focused on improving the experience from a core level.

What is Not Planned Right Now

Cross-project code review (group merge requests): Is not something the group is currently focused on solving. While we recognize that this is a workflow some teams require we're currently focused on improving support for existing review workflows within GitLab.
Commit by commit code review: Is not the primary code review flow within GitLab that we're currently optimizing for. We understand that some users prefer to review code this way, and there is basic tooling to support this workflow, but we're focused on our primary review process within GitLab.
Block merge request with a negative approval signal: Having a single way to block merge requests is not inline with how we view the review process. We'd like to continue to explore expressive merge request comments as a way to further classify types of threads and potentially extend it with restricting roles that can resolve threads to achieve similar controls.

Maturity Plan

This category is currently at the Loveable maturity level (see our definitions of maturity levels).

Competitive Landscape

GitLab competes with both dedicated and integrated code review tools. Because merge requests (which is the code review interface), and more specifically the merge widget, is the single source of truth about a code change and a critical control point in the GitLab workflow, it is important that merge requests and code review in GitLab is excellent. Our primary source of competition and comparison is to dedicated code review tools.

Prospects and new customers, who previously used dedicated code review tools typically have high expectations and accustomed to a high degree of product depth. Given that developers spend a significant portion (majority?) of their in application time in merge requests, limitations are quickly noticed and become a source of frustration.

GitLab's current code review experience is largely modeled after GitHub's, with most of its pros and cons. Dedicated code review tools like Gerrit and Phabricator are frequently mentioned as the best alternatives to the GitHub code review model. According to Jet Brain's 5th annual Developer Ecosystem survey, GitLab is only second to GitHub in Code Review solutions. See the competitive analysis for a closer look at the user experience and feature set of competitor tools.

Dedicated code review tools

Crocodile • Free, closed source • Example
Crucible by Atlassian • Paid, closed source • (Bitbucket vs Crucible)
Gerrit • Free, open source • Examples
Graphite • Closed source
Review Board • Free, open source • Examples
Reviewable • Free, closed source • Example
Reviewpad Code Review Interface

Integrated code review packaged with source code management

Azure DevOps by Microsoft • Free, closed source
Bitbucket by Atlassian • Free, closed source
GitHub • Free, closed source
JetBrains Space • Free, closed source
OneDev • Free, open source • Examples
Phabricator by Phacility • Not actively maintained • Free, open source • Example
RhodeCode • Free, open source • Example

IDEs with native code review or integrations

CodeStream • Free, closed source
JetBrains Space Plugin for IntelliJ-based IDEs • Free, closed source
Visual Studio Live Share by Microsoft • Free, open source

Top Customer Success/Sales and user issue(s)

The highest priority customer requests are for improved application performance, accuracy and efficiency for reviewing merge request diffs of all sizes, small and extremely large.

Merge request dependency improvements - some teams have complicated merge dependency requirements to ensure the appropriate code is merged when all dependent components are also merged.
Support for large merge requests - the work in this area is broadly focused on both large changesets as well as general performance of the merge request. It's important that users have a performant experience when using merge requests in GitLab.

Top dogfooding issues

Suggested reviewers will be initially propelled by ML and our acquisition of UnReview. We'll continue to look for ways to expand how we suggest reviewers and internally we're ultimately aiming to replace Reviewer Roulette implemented with Danger.

Top Vision Item(s)

In Progress: Restructure merge requests

The merge request interface is overwhelming and can be challenging to find the information you need to complete the tasks you're working on. We're exploring several areas to restructure information on the page, remove items where appropriate, and increase the focus on completing the important tasks for merge requests.

In Progress: Merge request performance roundtables

The performance of the merge request is critical in moving our product forward and improving developer satisfaction with the product. In an effort to take a "what would we do today" approach, we're beginning a series of performance roundtables focused on improving the experience from a core level.