There are more than 1,000 people working at Zalando Tech and a substantial amount of them are focused on writing code every day. Due to Radical Agility, developers work autonomously, with full end-to-end responsibility. For compliance reasons — and as good engineering practice — we want to make sure that every change to production systems is reviewed by at least two Zalando Tech employees.
In other words, you are not allowed to write specifications or code and commit to the master branch without anybody else being involved. This way, a successful code review becomes the seal of approval for deployments into production. It gives us the confidence that is necessary to rely on a completely automated delivery pipeline, without the need for any further manual intervention.
How do you guarantee effective code reviews on GitHub, using only GitHub? We looked at many different solutions that try to improve workflows and provide tooling for code reviews like pullapprove.com, review.ninja or git-reflow. However, none of them were really satisfying:
- Many require us to use a separate website that fragments the regular workflow of a developer
- Others are proprietary and closed source, which is a deal-breaker because we may want to implement custom features and logic
- Certain tools are locally installed, making it hard to verify if someone is actually using it
- Some may not play well with GitHub Enterprise
This is why we decided to come up with a solution ourselves: Zappr. It’s open source and you can use it for your own projects on GitHub.com out of the box ( here’s how). Now, what does it actually do?
Pull Request Approvals
If you have used GitHub before, you’re probably familiar with its many different integrations. For example, Travis CI will test your code and Coveralls can calculate test coverage. GitHub also has two really great features: Protected branches and required status checks for pull requests. This means that developers cannot commit directly to a protected branch, and integrations can send status updates that may prevent a pull request from getting merged. Zappr leverages this feature to require developers to give a comment of approval before merging a pull request.
Automatic Branch Creation
If you’re collaborating with other developers on a project, chances are that you’re using feature branches or an even more complicated branching model. Especially in professional enterprises, but often in open source projects as well, developers create separate feature branches for each issue or ticket they are working on. Zappr can automatically create a branch for each new issue, saving you from doing this manually.
Commit Message Patterns
Let’s face it: Writing code together with many different people can get messy sometimes. Successful teams typically follow a handful of conventions, like coding styles or rules for documentation. Commit messages are really important too, as they are the true record of a project’s history. Properly formatted, you can even use commit messages to generate changelogs automatically.
At Zalando, we also need to link the code we write to the original tickets in our issue tracker by adding ticket numbers to our messages. With Zappr, you can add a status check to your pull request that ensures every commit message matches a given pattern. This plays really well with our automatic branch creation feature or other tools, like Commitizen.
Zappr provides what we consider sane defaults, but you can configure basically everything with a YAML file in your repository, similar to other GitHub integrations like Travis. Zappr works with both GitHub.com and your own GitHub Enterprise installation (you’ll need to set that up yourself, obviously). It offers a minimal UI to enable features with the flick of a button, while the rest is done via interactions on GitHub.
We’ve been using Zappr at Zalando for a couple of months now and like it very much so far. However there is still work to do: Some new features that we’re thinking of including are verifying that all commits in a pull request were signed, and automated reminders about open pull requests.