5 Minute Tutorial
Welcome to Reviewpad!
⚡ Reviewpad is an application to speed up, secure, and automate your code review process on GitHub.
Pull requests often involve various tasks such as assigning reviewers, adding labels, updating a field or requesting a formal approval. While these tasks typically occur manually, they often reflect implicit team policies that can be effectively automated, streamlining your process.
Not sure about your implicit policy? No problem! Reviewpad Check helps identify potential areas of focus by flagging open Pull Requests that may require extra attention. Take a glance at our list of checks. Reviewpad Check is activated by default when enabling Reviewpad and automatically flag problematic open pull requests with some dedicated labels.
Install Reviewpad
If you've navigated to this '5 Minutes Tutorial', you've likely already enabled Reviewpad for one of your GitHub repositories. If not, begin by following the installation instructions.
Policy-as-Code
Reviewpad is a GitHub App that responds to all events on pull requests and issues based on instructions contained in a reviewpad.yml
configuration file. This reviewpad.yml
configuration file should be located at the root of each repository on which Reviewpad is enabled. Without a reviewpad.yml
file, Reviewpad will not take any action.
First Workflow: Hello World!
Your reviewpad.yml
configuration file primarily consists of a series of workflows. By using basic if ... then ... else
and forEach ... do
logic statements, you can devise a workflow that enforces a complete process.
Let's start by creating a workflow that adds the label hello world
to every pull request, regardless of the actions taken with this pull request.
- Begin by creating the
reviewpad.yml
configuration file at the root of your repository - Populate the file with the following content:
workflows:
- name: My First Reviewpad Workflow
run:
- $addLabel("hello world")
- Commit your changes and merge them into the main branch
- Create a new Pull Request
- Wait a few seconds, Reviewpad will decorate this Pull Request with the
hello world
label.
Congratulations! You have successfully completed and executed your first Reviewpad workflow.
$addLabel()
is what we call a built-in. Each call to a built-in should start with a $
sign. Visit the Built-ins page for a complete list of available built-ins.
Second Workflow: Raise Security Awarness
Suppose you want to implement a workflow that accomplishes the following:
- If a source file located in the `authentication`` directory is modified:
- The
security
label gets added. - The
Security
team is assigned to review the changes. - A comment is posted to draw attention to the modification.
- The
You can implement this second workflow with Reviewpad as follows:
workflows:
- name: Raise Security Awarness
run:
- if: $containsFilePattern("**/authentication/**")
then:
- $addLabel("security")
# Uncomment the following line only if you've a "Security" team defined in your organization.
# - $addTeamsForReview(["Security"])
- $addComment("The Security team has been involved because the authentication layer is touched")
This second workflow ensures that critical changes in security-related areas are immediately highlighted and assigned to the right team for review.
We recommend you review the documentation for the following built-ins used in this second workflow:
Third Workflow: Merge Protection if Critical-Annoted Code is Touched
Imagine you want to ensure that any PR modifying code annotated as critical receives your approval first before it can be merged.
To set up this workflow, you initially need to enable Reviewpad Protect. This feature disables the Merge button as long as the Reviewpad GitHub check status is in failure. To use Reviewpad Protect you must be able to activate a GitHub Branch Protection Rule. This is only possible on public repositories or on private repositories with the GitHub Team plan.
For testing this workflow, you also need to annotate a function or class with the critical
annotation. To annotate a function or class using Reviewpad, simply insert the following comment before the function or class definition:
// reviewpad-an: critical
func dummyFunction(x int, y int) int {
return x + y
}
You can then implement this third workflow with Reviewpad as follows.
Please start by replacing the two occurences of the my_github_id
placeholders with your own GitHub user ID.
workflows:
- name: Merge Protection if Critical-Annoted Code is Touched
run:
- if: $containsCodeAnnotation("critical") && $getReviewerStatus("my_github_id") != "APPROVED"
then:
- $addLabel("critical")
- $failCheckStatus("An approval from 'my_github_id' is required as a critical piece of code has been touched")
Next steps
You are now well on your way to mastering Reviewpad! As you continue to tailor its use to your unique needs, there are several resources that can further illuminate the full range of possibilities:
- Browse our list of available automations
- Play with Reviewpad AI to quickly get a summary of a description or of a code change
- Explore Reviewpad Protect, a feature that enables you to enforce dynamic, advanced merge policies. Here are a couple of illustrative examples:
- Safeguard Merges with Review and Approval Policy: With this policy, you can block the merge action until the right people approve the pull request. You can customize the policy to require multiple sequential approvals, so that when someone reviews the code and approves it, the next person in the chain is notified and asked to review the code. This prevents bad merges and ensures that all code is reviewed by the right people at the right time.
- Git Integrity Policy: With this policy, you can block the merge action to ensure that pull requests strictly adhere to the specified requirements that maintain a well-organized and consistent codebase. This allows for good traceability of issues and improves the developer experience on larger codebases.
- Delve into our index of all availabel built-ins
Enjoy exploring and innovating with Reviewpad!
By running Reviewpad, you are agreeing with Reviewpad's Terms and Conditions.