Ask HN: Do you use anything for automated code review?
I have been looking into a couple of options in this space and it's really hard to tell what would be a low-value, high-pain tool and what would add value. Does anyone have any great experiences with tools in this vein?
At my employer we started using Codacy a few months ago, providing things like that are what you're asking.
Things were real touch and go for a while with the analysis taking forever or other problems but they released an update a few months ago and that's not much of an issue at all now. We had one other issue with the integration with GH where the person who signed up for it left the company and our integration went to hell but we've fixed that and it was our fault. Just be sure the account that is the repo owner is the one registering, not a contributor.
We haven't tweaked the settings as much as we need to but it's been nice. It catches things and links to education so the reviewer can focus on more important pieces like the architecture or other things. The settings are very granular so you can turn some on or off depending on preference. Another nice thing about Codacy at least(haven't used others) is that many of the things it complains about has explanations or links to good explanations and the why, so that the person can learn as well as fix, hopefully preventing further mistakes of the nature in the future.
Overall I think that Codacy and things like it are great tools. But for sure linting and static analysis can be at least slightly done with git hooks or CI tools as others said if you want a poor man's kind of trial run. I hope that helps!
You can always start with linters and make them part of your CI acceptance. You can go quite far with this eg in C# enforce code contracts to ensure no rouge nulls. Or keep it light and just check for basic things.
This doesn’t automate the review but saves discussing minor things in the reviews.
I agree with using linters that are very strict. They save a lot of time by making sure things are uniform. Most of the time I need to fix stuff in a codebase is because the style was all over the place and if the style was consistent then refactoring or making the code simpler wouldn't have been much of a problem.
We have implemented SonarQube and found it useful. There was initial pushback from our developers but once we had a couple of review sessions we got some serious value out of it.
That’s useful feedback. Did you implement the free (Community) or a paid version? If free, do you think it would be worth upgrading?
We implemented the community version. One thing that we almost upgraded for was to implement a custom rule which seemed to be more complicated than it should be. It looked like there were some other options if we had the paid version but we figured it out.
Isn't the whole point of code review that another human looks at your code?
Definitely. I’m asking more about tools that are meant to augment that process... SonarQube, Code Climate, et al.
One bit of advice if you are using CI checkers is to start with few rules and add them as you need them.