Require review of contributions

This is a short guide that can be useful if you haven’t thought about reviewing code from external contributors before: 10 universal steps for open source code review, by Red Hat.

Requirements

All contributions that are accepted or committed to release versions of the codebase MUST be reviewed by another contributor.

Use “protected branches” to configure rules on how contributions can be merged.

Resources

• About protectected branches in GitHub
• About protectected branches in GitLab

Reviews MUST include source, policy, tests and documentation.

The pull request template should include what needs to be reviewed.

Resources

• About pull request templates in Gitea
• About pull request templates in GitHub
• About description templates in GitLab

Examples

• Signalen backend

Reviewers MUST provide feedback on all decisions to not accept a contribution.

Examples

The review process SHOULD confirm that a contribution conforms to the standards, architecture and decisions set out in the codebase in order to pass review.

The pull request template should include what needs to be reviewed.

Reviews SHOULD include running both the software and the tests of the codebase.

Contributions SHOULD be reviewed by someone in a different context than the contributor.

Version control systems SHOULD NOT accept non-reviewed contributions in release versions.

Reviews SHOULD happen within two business days.

Note: “happen” does not mean “be completed”.

Performing reviews by multiple reviewers is OPTIONAL.