Onboarding a large org
Moving away from the strict Codeowners concept is a big cultural change. This requires carefully planning and testing the FlexReview approach. If you do not use CODEOWNERS requirements in your GitHub repository, you can skip this doc.
Why migrate
Migrating away from the strict controls of the Codeowners concept can bring several benefits to your team. By adopting FlexReview, you can automate the assignment of reviewers based on their expertise, rather than defining very fine-grained access control. That means:
No need to maintain a fine-grained file with hundreds of lines declaring ownership
Ensure that the most qualified individuals provide feedback on each pull request
Drastically reduce the number of reviewers required per code change
Improve code review response times significantly
Starting with one team
To ease the transition and familiarize your team with FlexReview, we recommend starting with one specific team in your engineering org. By selecting a single team, you can test and evaluate the functionality of FlexReview in a controlled environment before expanding its usage to other teams. This approach allows you to gradually adapt to the new review process while minimizing any potential disruptions to your existing workflows.
Read-only mode
When you install the Aviator app for FlexReview, it starts in read-only mode, that is, it won’t take any actions or post any comments on the PRs automatically.
At this stage, you can use the slash command on any PR to get a suggestion from FlexReview:
This will suggest reviewers and post a message with a list of suggested reviewers. This will display the list of files and corresponding need for experts based along with suggested reviewers. It will suggest reviewers that also satisfy the Codeowners requirement.
Choosing the right team
You can specify one or more teams that you would like FlexReview to find reviewers for. You would ideally want to choose a team that gets a lot of review requests from outside of that team. That’s because these might be the reviews that hits the most bottlenecks and would benefit the most.
When specified, all PRs that touch the file paths owned by these teams will get a suggested reviewers GitHub comment from FlexReview. Since these directories are managed by Codeowners, FlexReview will only suggest valid reviewers based on the Codeowners file.
This would be a good opportunity to start educating the team about how FlexReview works and how to use it.
Expanding code ownership by one-level
To get the real benefit of FlexReview, you should edit the CODEOWNERS file and expand the ownership of the sub-directory to the wider engineering org. You can start by expanding it by one-level.
Let’s say a sub-directory has a team ownership of ios-auth-eng that manages the authentication framework for iOS, and there is a GitHub team ios-eng and a wider eng team. Here, you can replace that ownership of this sub-directory in the codeowners file to: ios-eng so that anyone on the ios engineering team can approve this change (from a CODEOWNERS perspective).
At this stage, FlexReview will start handling approval requirement, and introducing additional experts in the mix depending on code change complexity. Additionally, FlexReview will automatically start validating the complex reviews with the expert reviewers.
Expanding code ownership beyond
Once you have tested this with a few PRs, you can expand this further, and edit the CODEOWNERS file to all of eng for this sub-directory and continue testing it.
If you have chosen a good team / project to start with, it’s likely that the developers are now familiar with how FlexReview works and comfortable with the idea of flexible reviews and expert reviewers. You can continue expanding the same way for additional sub-directories or onboarding everyone together.
Compliance
Not all code paths are the same. As you are relaxing the requirements for code review, you can still require some security senstive code paths to have strict ownership. As a rule of thumb, this should not represent more than 10% of your code base. As a cultural shift, you can internally define a process for teams to submit a request with clear reasoning that certain code paths should be gated. Based on that information, you can make a judgement call on where strict ownership is still needed.
Final steps
At this point, reviewers were automatically or manually assigned to each PR, replacing the default reviewers / teams assigned by GitHub. To skip the auto-assignment of GitHub reviewers completely, you can rename the CODEOWNERS file and update the path of that file in the FlexReview configurations.
Last updated
