1
0

pull_requests.rst 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. .. _pull_requests:
  2. Pull Requests
  3. =============
  4. Salt is a large software project with many developers working together. We
  5. encourage all Salt users to contribute new features, bug fixes and
  6. documentation fixes. For those who haven't contributed to a large software
  7. project before we encourage you to consider the following questions when
  8. preparing a pull request.
  9. This isn't an exhaustive list and these aren't necessarily hard and fast rules,
  10. but these are things we consider when reviewing a pull request.
  11. * Does this change work on all platforms? In cases where it does not, is an
  12. appropriate and easy-to-understand reason presented to the user? Is it
  13. documented as-such? Have we thought about all the possible ways this code
  14. might be used and accounted as best we can for them?
  15. * Will this code work on versions of all Python we support? Will it work on
  16. future versions?
  17. * Are Python reserved keywords used? Are variables named in a way that will
  18. make it easy for the next person to understand what's going on?
  19. * Does this code present a security risk in any way? What is the worst possible
  20. thing that an attacker could do with this code? If dangerous cases are
  21. possible, is it appropriate to document them? If so, has this been done?
  22. Would this change pass muster with a professional security audit? Is it
  23. obvious to a person using this code what the risks are?
  24. * Is it readable? Does it conform to our `style guide`_? Is the code documented
  25. such that the next person who comes along will be able to read and understand
  26. it? Most especially, are edge-cases documented to avoid regressions? Will it
  27. be immediately evident to the next person who comes along why this change was
  28. made?
  29. .. _`style guide`: https://docs.saltstack.com/en/latest/topics/development/conventions/style.html
  30. * If appropriate, has the person who wrote the code which is being modified
  31. been notified and included in the process?
  32. * What are the performance implications of this change? Is there a more
  33. efficient way to structure the logic and if so, does making the change
  34. balance itself against readability in a sensible way? Do the performance
  35. characteristics of the code change based on the way it is being invoked
  36. (i.e., through an API or various command-line tools.) Will it be easy to
  37. profile this change if it might be a problem?
  38. * Are caveats considered and documented in the change?
  39. * Will the code scale? More critically, will it scale in *both* directions?
  40. Salt runs in data-centers and on Raspberry Pi installations in the Sahara. It
  41. needs to work on big servers and tiny devices.
  42. * Is appropriate documentation written both in public-facing docs and in-line?
  43. How will the user know how to use this? What will they do if it doesn't work
  44. as expected? Is this something a new user will understand? Can a user know
  45. all they need to about this functionality by reading the public docs?
  46. * Is this a change in behavior? If so, is it in the appropriate branch? Are
  47. deprecation warnings necessary? Have those changes been fully documented?
  48. Have we fully thought through what implications a change in behavior might
  49. have?
  50. * How has the code been tested? If appropriate are there automated tests which
  51. cover this? Is it likely to regress? If so, how has the potential of that
  52. regression been mitigated? What is the plan for ensuring that this code works
  53. going forward?
  54. * If it's asynchronous code, what is the potential for a race condition?
  55. * Is this code an original work? If it's borrowed from another project or found
  56. online are the appropriate licensing/attribution considerations handled?
  57. * Is the reason for the change fully explained in the PR? If not for review,
  58. this is necessary so that somebody in the future can go back and figure out
  59. why it was necessary.
  60. * Is the intended behavior of the change clear? How will that behavior be known
  61. to future contributors and to users?
  62. * Does this code handle errors in a reasonable way? Have we gone back through
  63. the stack as much as possible to make sure that an error cannot be raised
  64. that we do not account for? Are errors tested for as well as proper
  65. functionality?
  66. * If the code relies on external libraries, do we properly handle old versions
  67. of them? Do we require a specific version and if so is this version check
  68. implemented? Is the library available on the same platforms that module in
  69. question claims to support? If the code was written and tested against a
  70. particular library, have we documented that fact?
  71. * Can this code freeze/hang/crash a running daemon? Can it stall a state run?
  72. Are there infinite loops? Are appropriate timeouts implemented?
  73. * Is the function interface well documented? If argument types can not be
  74. inferred by introspection, are they documented?
  75. * Are resources such as file-handles cleaned-up after they are used?
  76. * Is it possible that a reference-cycle exists between objects that will leak
  77. memory?
  78. * Has the code been linted and does it pass all tests?
  79. * Does the change fully address the problem or is it limited to a small surface
  80. area? By this, I mean that it should be clear that the submitter has looked
  81. for other cases in the function or module where the given case might also be
  82. addressed. If additional changes are necessary are they documented in the
  83. code as a FIXME or the PR and in Github as an issue to be tracked?
  84. * Will the code throw errors/warnings/stacktraces to the console during normal
  85. operation?
  86. * Has all the debugging been removed?
  87. * Does the code log any sensitive data? Does it show sensitive data in process
  88. lists? Does it store sensitive data to disk and if so, does it do so in a
  89. secure manner? Are there potential race conditions in between writing the
  90. data to disk and setting the appropriate permissions?
  91. * Is it clear from the solution that the problem is well-understood? How can
  92. somebody who has never seen the problem feel confident that this proposed
  93. change is the best one?
  94. * What's hard-coded that might not need to be? Are we making sensible decisions
  95. for the user and allowing them to tune and change things where appropriate?
  96. * Are utility functions used where appropriate? Does this change re-implement
  97. something we already have code for?
  98. * Is the right thing being fixed? There are cases where it's appropriate to fix
  99. a test and cases where it's appropriate to fix the code that's under test.
  100. Which is best for the user? Is this change a shortcut or a solution that will
  101. be solid in the months and years to come?
  102. * How will this code react to changes elsewhere in the code base? What is it
  103. coupled to and have we fully thought through how best to present a coherent
  104. interface to consumers of a given function or method?
  105. * Does this PR try to fix too many bugs/problems at once?
  106. * Should this be split into multiple PRs to make them easier to test and reason
  107. about?