Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What are the best tools for code reviews?
65 points by arjun27 on Nov 17, 2017 | hide | past | favorite | 54 comments



https://gitmate.io - Gitmate is made by a friend of mine and it's pretty good. It uses coala [1] underneath (coala is a unified static code analysis tool that supports 100+ languages; I'm a maintainer, so shoot me any questions you might have about coala).

Gitmate is much more than just static code analysis and review suggestions. It supports automatic issue triaging, rebases, labeling, identifying human reviewers, and so on.

Here's an example code review: https://i.imgur.com/JO0nXL7.png

(Here's an example if there are 10+ reviews: https://i.imgur.com/VlQA9iS.png)

[1] https://coala.io/


Screenshot looks a lot like what danger.systems provides.

How is issue triaging related to code reviews? Trying to imagine how that is useful


FWIW the default thing is actually https://i.imgur.com/JO0nXL7.png

This table is our aggregated view that gets triggered if there's a lot of comments that would spam the PR.

The code review functionality is completely open source at code.gitmate.io FWIW.

We grew from the whole review thing into automation for PRs (setting lots of labels for PRs automatically, managing review queues; it's all in GitMate) and eventually started with issues. Our next step is to split the review and issues because this is becoming very hard to communicate marketing wise ;)


>How is issue triaging related to code reviews? Trying to imagine how that is useful

It's not. I just wanted to mention that that's possible with Gitmate as well.



My favorite tool is a Microsoft internal tool called CodeFlow. If you don't want to work for them just to have a great code review experience, I recommend https://reviewable.io . Very nice!


As a fellow Microsoft employee, my blood boils a bit thinking of CodeFlow. My team has an "interesting" code review process that is 1/2 git diffs (via VSO Pull Requests) and 1/2 CodeFlow through TFS. However, I'd take PRs over CodeFlow for a few reasons:

1) All accessible via a browser instead of Desktop App. 2) PRs are all queued up nicely and easily searchable in said browser instead of littered all over a folder in my email 3) PRs can have rules that don't allow merging without reviewers having accepted the change. CodeFlow seems to ignore this in my experience and 'required' reviewers are more just suggestions and people just check in their code whenever anyways.

It's entirely possible my team, myself included, don't understand how to properly use CodeFlow though so take my opinion with boat load of salt. Similarly, I'm sure my third issue could be fixed by improving our review process as well, rather than switching tooling.


Isn't CodeFlow similar to the code review functionality that's now integrated in Visual Studio?


It's also literally the name of the functionality in VS.


At Sourcegraph we have integrations with GitHub (.com and Enterprise) pull requests and Phabricator diffs so that you get code intelligence on code you’re reviewing in your browser. That means doc and type hovers, jump to definition, and find references on the diff, just like you’d get in an editor. It’s in our enterprise offering; check out https://about.sourcegraph.com.

It runs off a server inside your company, but you can try it out on open-source code on GitHub with the Sourcegraph Chrome extension: https://chrome.google.com/webstore/detail/sourcegraph-for-gi....


I'd really like a code review tool that is code aware. That is, it treats the diff as code instead of plain text. I'd like to be able to figure out where a method is called from, go to definition and so on. Basically the same stuff I can do in my editor, but without having to clone the branch.


In a similar vein, I'd love to try a code review tool that's smart enough to recognize that I've moved a function from location A to location B, and can show me diffs for that function against its last known state in its previous location, and ideally would keep track of changes at the function level, rather than (or in addition to?) the file level.

Not sure how feasible that is to implement transparently though. Seems to me at minimum it'd have to require developers to add some kind of annotation to the function to include a globally unique identifier (though I'd honestly be willing to put up with that in exchange for the benefits).


I believe Upsource ( https://www.jetbrains.com/upsource/ ) and Sourcegraph ( https://about.sourcegraph.com/ ) are both code-aware in that sense.


GitHub has started adding support for this for some languages: https://help.github.com/articles/finding-changed-methods-and...



No plug-in for Xcode, so no thanks.



I’d warn against Gerrit. From the best my team has been able to figure out, Gerrit encourages a development flow that breaks the golden rule of rebase and treats all pushes as force pushes. The result is that in a collaborative environment your changes are occasionally reset by someone else pushing changes.

(To my eye Gerrit seems like it was written by people who wanted git to work like svn.)


They've set it up wrong. I use Gerrit in a large team and have never seen that problem. Force push is explicitly disabled in our config.


You can configure Gerrit to cherry-pick, and I believe the default is to do a merge.


We tried to introduce it at work 2-3 years ago. We never got over a pilot installation. It seems rather challenging to install/configure into an existing automatic build system, because gerrit wants to be its own git server(?), but the implementation/hooks are not compatible with "normal" git. Didn't work with that part, so don't remember the details. The UI did not feel very intuitive, might be quite a learning curve.


What do you like about it?



it sucks :( the UI is awful. There's no way to easily see what are the unresolved discussions in the PR...

The only plus is the integration with linters. beside that, "native" bitbucket/github/gitlab PRs are way better


My personal best tool for a Git branch's code review is `git lfo`, where the alias expands to:

    git log --pretty=full --reverse --show-notes=* -p --abbrev-commit origin/master..
Coupled with a "good diff highlighter", i.e. `diff-highlight | less --tabs=4 -RFX`… I'm set.

I've yet to see a tool that allows me to review all commits as well as code, as easily.

I don't only review a branch as a whole, i.e. `git diff master`, or "here's the diff" from a pull request… but I also review each commit individually (and rebase/amend them when required), as commits need to be in tip-top shape to end up going into master.


Looks interesting. Could you share what do use git notes for? Comments about the review? (seems like a lightweight alternative to git appraise [0]).

[0]: https://github.com/google/git-appraise


You should also take a look at https://diff2html.xyz/ and it's integration with https://diffy.org/ to share diffs with co-workers, also both Open Source. (Disclaimer: I created diff2html)


I like Crucible+fisheye it is paid product but it worth the price, at my team we are still using it even after migrating to github enterprise. This comparison https://gist.github.com/skingsland/888ff14633610a80f2d4 is still valid.


https://www.jetbrains.com/upsource/ Anything that jetbrains makes I love, IDEs, YouTrack (issue tracking, so simple yet so powerful with a very powerful workflow editor), upsoruce (code reviews), Teamcity (continuous integration) and of course Kotlin.



My company uses reviewboard and i have never had any complaints with it.


Moved from gitlab to Gerrit . It was awkward in the starts but I like this more now. Functionality over pretty .


Can you elaborate? Which functionality?


1. In Gitlab, after you get +2, you can still commit changes and merge. Gerrit will make sure that you seek +2 again on the new set of commits. 2. Gerrit allows you to create draft comments on review and submit all comments in one shot after u reveiew them. 3. Require +2 rather then two +1 is a very interesting idea in Gerrit


There is a setting in GitLab to have people approve again after you change the merge request.


Suprised that nobody mentioned bitbucket. First a word of warning. There are 2 Bitbuckets: The online tools hosted by Atlassian and the traditional license where install on your own server. The functionality is similar but not identical, they are 2 different implementations. Using the same name is just a marketing thing.

I have only used the installed version, not the hosted online version.

The basic PR structure is simple. Very much the same as in github.

In detail the implementation has several nasty defincies. They do not distinguish author and committer at all, which can lead to very misleading info on the screen if they are different

There are PR comments and line comments. Sometimes a file comment might be appropriate, but that does not exist.

The code viewer has limitations so I find myself using git difftool with meld or something like that in more difficult cases. Of course the difficult cases is where review and tool support would be needed most.

IMHO the biggest problem is that line comments are a one time thing lost in space afterwards. You need to know in which PR to look, actually even in which file version of the PR if the file has been updated during the review. There is no direct way to access previous review comments relating to certain code. Not sure if anybody else handles that better.


Bitbucket Server PM here. I wanted to address some of these points as there's good news on many of them...

Regarding PR comments and line comments, file level comments have also been available from the beginning. There's a comment button above the diff view for this.

Regarding line comments being "lost", it's true that when they become outdated they can be harder to get to, but they're available. If you go to the activity tab all past comment threads are available to help make sure you've not missed anything. We're working on ways to show outdated comments in the diff view, and beyond that we're looking at adding more to our search capability for finding comments across pull requests.

For author and committer treatment, we do respect the two concepts in Git, but you're right that we don't display them clearly in the UI. We added coverage for returning both roles in the API back in 5.0, and at some point we'll probably update the UI to display it.

I'd love to hear more about what you feel is lacking in the diff view. We're doing some work there now so perhaps we can cover off your use case (or plan to already).


If you have the need to review VBA, but detest the VBE, then the open-source Rubberduck VBA add-in is essential for code parsing and review - and many more features beyond. Disclaimer - I'm a contributor.

Rubberduck VBA - http://rubberduckvba.com/ GitHub - https://github.com/rubberduck-vba/Rubberduck

The parser is one of the most robust parsers for VBA available, and the code fixes and refactoring tools allow you to quickly apply suggested improvements. The parser is COM aware, so it will even analyze the in-house/3rd-party add-ins and libraries/controls that you use within your projects.

There's full support across all VBA hosts (Eg. Excel, Word, Access, PowerPoint, AutoCAD, SolidWorks, CorelDRAW, Publisher, etc) and soon, there'll be support for VB6.

The integrated add-in is feature rich, but there's also an online review tool at http://rubberduckvba.com/Inspections/List


The StackExchange network has a vibrant and active Code Review site at https://codereview.stackexchange.com/

The languages are wide and varied, the questions and answers are actively curated and moderated, the solutions range from the simple to the overtly complex. The support for code markdown is more than adequate, and of course, the StackExchange voting system helps bring the best questions and answers to the fore.

There's even an integrated chat system as part of the network, where mods, reviewers and questioners can collaborate and discuss issues.


GitHub?


We use GitLab at work and are generally happy with it. It makes it super easy to cross-reference issues, merge requests, files, prior comments, etc.


Codacy https://www.codacy.com can help teams reduce review time and improve the reviews quality. It also has insights for security and is free for Open Source. (Disclaimer: I work in Codacy)


Vimdiff does the job for me. Needless to say, to use it effectively you should have some proficiency in vim.



The problems I have with code reviews are people problems, not tool problems. Tools cannot solve those.


I totally understand :)

The history of software has quite a few examples where software solves people problems


Anyone got some comments on Upsource?


we use gerrit at work. it sucks!


Anyone who has tried out pullrequest.com (YC S17)?


A well highlighted Git Diff works wonders.


For viewing the code, whatever is your favorite editor. To comment on it, go talk to the person.


Is this parody?


mutt and a mailing list


A projector in a conference room.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: