Your team’s code review process is probably an expensive illusion of quality. Here’s what the evidence says, and what to do instead.

TL;DR

  • Pull requests were designed for open source contributions from untrusted strangers. Applying them to trusted teams is a category error.
  • Peer-reviewed research shows code review’s primary value is knowledge transfer, not bug detection. Less than 15% of review comments relate to actual bugs.
  • Async PR workflows mean your code spends 86-99% of its lead time waiting. One organisation spent 130,000 hours in a single year waiting on PRs that received zero comments.
  • DORA research across 36,000+ professionals shows trunk-based development correlates with dramatically higher software delivery performance, and faster code reviews alone improve performance by 50%.
  • The alternative is T*D: Test-Driven Development (build quality in), Trunk-Based Development (integrate continuously), and Team-focused Development (review during creation, not after).
  • The transition is gradual: optimise PRs first, adopt Ship/Show/Ask, then move to pairing and trunk-based development as trust and automation mature.-
  • belated_frog_pants@beehaw.org
    7·
    1 month ago

    If PRs arent being reviewed for hours or days thats a management problem. No amount of unit tests are a replacement for another set of eyes.

    • Senal@programming.devEnglish
      2·
      1 month ago

      hmm, i have mixed feelings about this.

      If PRs arent being reviewed for hours or days thats a management problem.

      This i agree with totally.

      Whether or not it’s human resource based or policy based, it’s usually a failing of process and that’s generally a fault with management. in my experience anyway.

      No amount of unit tests are a replacement for another set of eyes.

      This though, while i wouldn’t compare PR’s to Unit testing in the first place there is some overlap in quality control.

      If you have robust enough testing suites it can reduce the PR burden in a variety of ways, though most of them come down to automating away the need to catch so many logic and regression bugs.

      That’s not to say reviews aren’t needed, they definitely are, it’s just automated testing does have an overlap.

      Notice that i said testing suites though, that’s not just unit testing, that’s the whole CI testing caboodle.

      • Nate Cox@programming.devEnglish
        1·
        1 month ago

        The problem with automated tests is that they only test for the narrow slice of things you actually think to test for. They don’t cover the gamut of things you didn’t think to test for.

        They also only test how you write them to test for, which means if you make a bad assumption somewhere along the way your tests can’t help you find it.

        Peer reviews cover two very important things:

        1. Knowledge sharing and de-siloing
        2. Logic and assumption checking

        A fresh set of eyes and a different perspective is just so important to writing robust, quality code.