• Martin@feddit.nu
    link
    fedilink
    arrow-up
    96
    arrow-down
    2
    ·
    9 months ago

    We decided that everyone in the team is allowed to approve changes. If no one has reviewed your change within 24 hours you are allowed to approve it yourself. It will usually come up in the daily sync that a self approval is imminent, which usually leads to someone taking a look.

    • PowerCrazy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      16
      ·
      9 months ago

      Self-approval leads to a road of sadness. For example, a theoretical company needs to self-renew an ssl cert. No problem, the cert will be stored with the rest of the secrets and retrieved in a secure way on deployment. Unfortunately if you don’t store the cert key in a secure way, the deployment still works fine and you don’t need to figure out the “onerous” encryption process.

      So you push the private key to the company git repo, and then deploy the cert! Done and Done.

      • Martin@feddit.nu
        link
        fedilink
        arrow-up
        7
        ·
        9 months ago

        We have well established ways to deal with secrets. Also, everyone is responsible enough to not self approve changes where they do things they are uncertain of.

      • rwhitisissle@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        9 months ago

        If you don’t establish an encryption mechanism for secrets that allows for automatic, in memory decryption on deployment from the start of your project, then your project is run by incompetent developers/ops specialists/architects/management/etc. and deserves to fail.

    • Doc Avid Mornington@midwest.social
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      9 months ago

      which usually leads to someone taking a look

      Nevermind the idea that one reviewer is somehow sufficient, this sounds like pure fantasy. Did you forget a “/s”?

      • Martin@feddit.nu
        link
        fedilink
        arrow-up
        9
        ·
        9 months ago

        Who said anything about only requiring 1 reviewer? And no, I did not drop an /s. You should try working for a healthy team where everyone takes collective responsibility and where the teams progress is more important than any one person’s progress.

        • Doc Avid Mornington@midwest.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I get the feeling you feel like I was somehow calling you out. I want to clarify the the intent of my message was more in the spirit of “wow must be nice” than “you’re making that up”. But also I’m just interested in how different your experience is from mine.

          Who said anything about only requiring 1 reviewer?

          I must have misunderstood. You said “If no one has reviewed your change within 24 hours you are allowed to approve it yourself.” To me, that sounds like, after 24 hours of no review, one self-approval is considered sufficient. That, in turn, seems to imply that before 24 hours, one non-self-approval is probably sufficient, no?

          You should try working for a healthy team where everyone takes collective responsibility and where the teams progress is more important than any one person’s progress.

          I’ve had team members in the past who are very self-focused, they tend to close a lot of tickets and look good, then get promoted out, leaving an unmaintainable mess behind. Allowing that is generally a failure of leadership. But right now, that’s not our problem, and what you describe is pretty much how we operate.

          I’d love to work on a team where everybody took code review a lot more seriously, believe me, it’d be nice, but my team does generally get everything approved, with at least two non-self approvals, in under 24 hours. If something is getting ignored because people are busy and it’s a large change because we aren’t perfect, and there is some reason to get it in soon, it just takes a quick request on Slack to get the needed attention.

          What I found surprising about your description was more that the potential of a self-approval coming up would, in itself, get people’s attention, rather than somebody reaching out personally and asking for a review.

          Our big weakness is review quality, not quantity. It’s crazy the number of times I look at something and see the two or three approvals already, start going through it, and find issue after issue. I see that on other teams as well, where there’s usually only one or two devs who ever really make any comments on a review, it seems to be very common.

  • wise_pancake@lemmy.ca
    link
    fedilink
    arrow-up
    59
    arrow-down
    1
    ·
    9 months ago

    Ughh I’m currently waiting on a review and I’ve pinged people multiple times but nothing. It’s blocking all my work for the rest of the week.

      • kryptonianCodeMonkey@lemmy.world
        link
        fedilink
        arrow-up
        90
        ·
        edit-2
        9 months ago

        Me: “So, I completed this time critical task a week ago, had it QA tested, and it’s been awaiting approval since Tuesday. I’ve posted my PR with links in the dev chat, I’ve pinged each of you individually each day as well. It is still awaiting approval before I can merge and pick up a new card from our backlog that is dependent on these changes. If literally anyone has the bandwidth to do this review, please do. I’ll post the link here again as well, to make this super convenient for you all, as well as the Jira card for reference, and the changes and requirements themselves are extremely straight forward. It should only take 5-10 minutes, tops. And I will be sitting here useless until it is done. Somebody, please, for the love of god…”

        My team: crickets

        Scrum Master: “Thanks for the update, kryptonianCodeMonkey… next up is…”

        • wise_pancake@lemmy.ca
          link
          fedilink
          arrow-up
          21
          ·
          9 months ago

          That about sums it up. Even escalated to my boss at this point, still crickets. It’s not even a big or complex PR.

        • folkrav@lemmy.ca
          link
          fedilink
          arrow-up
          16
          ·
          edit-2
          9 months ago

          Every time I see these comments, I wonder if I was just lucky with my scrum masters and most actually suck, or if it’s confirmation bias. We don’t have a scrum master where I work, but my whole job as lead is keeping things rolling, and this would be just unacceptable.

          • AggressivelyPassive@feddit.de
            link
            fedilink
            arrow-up
            10
            ·
            9 months ago

            Yeah, I also wonder what kind of shitty culture they have in these teams? I mean, who would leave a coworker hanging like that? That’s just a collective dick move.

          • kryptonianCodeMonkey@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            9 months ago

            My Scrum Master is nice, but her role seems to mostly revolve around enforcing documentation standards, coordinating refinements and retrospectives, tracking metrics on task completion, and maintaining our Jira board. She doesn’t have a lot of involvement with the specifics of development, delegation, or how we execute our tasks.

            • uranibaba@lemmy.world
              link
              fedilink
              arrow-up
              4
              ·
              9 months ago

              That sounds like a great boss, someone how is involved with what should be done but not always how, as long as the team deliver what is requested.

        • GBU_28@lemm.ee
          link
          fedilink
          English
          arrow-up
          9
          ·
          9 months ago

          “manager, person_a and person_b are the reviewers on my time sensitive PR. I’m blocked. You are aware of everyone’s priorities, can you indicate prioritization of tasks and delegate how we should act?”

        • Nath@aussie.zone
          link
          fedilink
          arrow-up
          8
          ·
          9 months ago

          We have big red magnets representing blocked to put on the board. We have to speak about every single blocker every stand up and what the team’s path forward is to unblock the thing. If it’s waiting for vendor, then that’s all we can do. If the ball is in our court for any blockers, and its still there tomorrow without a really good reason, there is hell to pay.

        • theneverfox@pawb.social
          link
          fedilink
          English
          arrow-up
          6
          ·
          9 months ago

          Well on the flip side, I somehow ended up doing legacy projects with a dude that has been coding for decades and is still actively developing in VB and asp.net. Weirdly, the guys not dumb - he asked me for an API and I blew his mind with generics and cut the code down by a third. I then introduced him to the concept of (primitive) components, he isn’t quite sold on the importance of code reuse, but every time I delete 1k lines of old code and replace it with a 20 line function my soul grows

          When we do code reviews, it’s basically pair programming sharing screen… Usually we just push everything and wait for bug reports, because this crazy ass company has been using a reference book, a calculator, and hundreds of people were manually re-entering things by memory into QuickBooks until January 1st this year. They were thousands of dollars off in the second week… We thought it was a bug. It was all user errors

          He’s been working on this system for 15 years, I ran into a table with 126 columns the other day. Somehow, this dude manages to swim through a database with hundreds of tables and just as many triggers with rawdog sql.

          It’s fucking wild…I split my time between that and working on my virtual assistant that brainstorms it’s own development with me, and an app that I’m trying to make into a unified fediverse client.

          I know what a tight ship looks like and I push for best practices when I think there’s something to gain worth the fight, but the sheer spectrum of software dev is incredible. My legacy guy told me about what’s been taking all his time lately today - he has to build a system to screen scrape from an emulated IBM mainframe… And I spent my morning working on a unified activity pub interface and my evening testing my weird observation that LLMs speaking UwU seem to perform significantly better

          My point being, there’s a sweet spot between methodology/process, and it’s very rare to hit it. And also, software dev is playing in realms beyond human comprehension, and no matter how orderly if seems it should be, every senior dev who still writes code is superstitious, and often correct to be so

          Notify the people you have to notify for your blockers, then embrace the absurdity

          Thank you for coming to my Ted talk

      • Gork@lemm.ee
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        9 months ago

        And actually stand up. Otherwise it defeats the purpose.

    • Baku@aussie.zone
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      You get paid hourly? If so sounds like you shouldn’t say anything and get paid to do nothing

        • Baku@aussie.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          9 months ago

          I mean you’ve done your job and even reminded them everyday that they need to do theirs for you to do yours. Take screenshots and if they try to sack you, straight to court/your fair work ombudsman

          • wise_pancake@lemmy.ca
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            9 months ago

            I live in a place with at will employment, so they can fire me whenever they want.

            I get paid double my last job, but it’s like Netflix, a lot of people get fired from Netflix.

  • Codex@lemmy.world
    link
    fedilink
    arrow-up
    26
    arrow-down
    2
    ·
    edit-2
    9 months ago

    As a senior at my last big company job, basically all I did was conduct meetings and do PRs. It’s such a grind.

    My opinion now is that most PR is worthless anyway. Most people give, at best, a superficial skim for typos, lack of comments, or other low-hanging replies (that usually, really, a static checker or linter should be dealing with).

    Reading the code base in little chunks like that doesn’t give you proper context for the changes you’re reading. Automated unit and integration tests would be better for catching issues like that, but of course then who is reviewing and verifying the tests? Who’s writing them for that matter?

    Ideally, pair-programming or having extra people on projects to create knowledge redundancy would help. But companies want to replace juniors with AI now, so that’s not looking good. Senior devs and architects might know the major pieces of much of the code, but can they “load it into working memory” sufficiently to do a quality PR that will catch something the tests didn’t and QA wouldn’t? Not in my experience.

    I think the best actually-implementable solution for most teams is to get rid of PR expectations and take a multi-pronged approach to replacing that process.

    1. use tooling to check for and fix basic stuff. Use a linter, adopt a code standard, get a code formatting tool that forced adherence to the standard and run it on every PR.
    2. Unit tests if you got them, start if you don’t. You don’t need 90% code coverage, just make sure critical paths are covered.
    3. Turn one of your useless meetings into a code review session. Each week/sprint, one Very Important Code section is presented by the developer that works on it most or that last changed it. This helps the whole team learn the code base, gets more eyes on the important stuff regularly, and enforces not just a consistent style but a consistent approach to solving and documenting problems.
    4. PR (and the github PR approval stuff or its equivalent for you) should be streamlined but preserved. Do have a second person approve changes before merging, just to double check that tests have finished and passed and all that. If your team is so busy that no one ever approves PRs then allow self-approval and be done with it. This will make regular code review very important for security and stability, since any dev could be misbehaving unseen, but these are the trade-offs you make when burning out your team is more important than quality.
    • AnarchoSnowPlow@midwest.social
      link
      fedilink
      arrow-up
      13
      ·
      9 months ago

      I caught a junior trying to reimplement an existing feature, poorly, in a way that would have affected every other consumer of the software I’m a code owner on a week or two ago. There’s good reason to keep them around.

      PRs suck to do, but having a rotating team of owners helps, and linting + auto formatting helps with a lot of the ticky tacky stuff.

      Honestly, the worst part is “newGuy has requested your review on a PR you requested changes on but he hasn’t addressed” that’ll get you in the ignored pile real quick.

    • gaterush@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      9 months ago

      I generally agree and like this strategy, but to add to the other comment about catching reimplemented code, there’s just some code quality reviewing that cannot be done by automating tooling right now.

      Some scenarios come to mind:

      • code is written in a brittle fashion, especially with external data, where it’s difficult to unit test every type of input; generally you might catch improper assumptions about the data in the code
      • code reimplements a more battle tested functionality, or uses a library no longer maintained or is possibly unreliable
      • code that the test coverage unintentionally misses due to code being located outside of the test path
      • poor abstractions, shallow interfaces

      It’s hard to catch these without understanding context, so I agree a code review meets are helpful and establishing domain owners. But I think you still need PR reviews to document these potential problems

    • MajorHavoc@programming.dev
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      9 months ago

      these are the trade-offs you make when burning out your team is more important than quality.

      Yep.

      Many directors and CIOs know exactly where they stand regardin the classic value proposition: deliver something trivial before next quarterly earnings statements - at the low easy cost of losing all organizational understanding of the code base.

  • XTornado@lemmy.ml
    link
    fedilink
    arrow-up
    16
    ·
    edit-2
    9 months ago

    I would be fine with it if my job was just that review stuff.

    But man when you are in the middle of something and you have to review something because they need it soon… It’s annoying as fuck.

    • jol@discuss.tchncs.de
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      9 months ago

      Reviewing code is part of your job. But you also deserve uninterrupted focus time. Just block focus time blocks in your calendar and check if your peers need reviees 2-3 times a day.

  • trebuchet@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    9 months ago

    I haven’t done any serious programming in a long time. Is this mostly about corporate process and hierarchies for programming or does this apply to open source projects as well?

    Seems really demoralizing putting in the work to add something to an open source project and having it waste away unreviewed and unappreciated.

  • FriendBesto@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    9 months ago

    Certain this works 100% in the wild. Main issue will be trying to SSH into the server, unless you can borrow their hotspot.

  • edric@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    9 months ago

    To be fair, we sometimes have to look through multiple related documentation and tickets to make sure the change was actually reviewed and approved by the necessary teams (network, security, etc.). We also have an SLA for PR reviews/approvals and some people have a habit of sending it out for approval at the last minute of the change window.