Static Code Analysis
This document outlines the best practice for static code analysis and tools.
Description
Static code analysis is a method of analysing code without executing it. At CRUK we use a number of static code analysis tools to ensure that our code is of a high quality and to help us identify potential issues before they are introduced into the codebase.
These checks should be performed as part of the PR checks and can also be run locally before pushing code to the remote repository. To see PR checks using GitHub actions see the Deployment Strategy best practice.
This list is not exhaustive and is intended to be a starting point for team discussion. Each team is responsible for the quality of their software and If you have a tool that you think should be included please raise a PR.
Checks Summary
| Check | Description | Example Tool | Requirement |
|---|---|---|---|
| Linting | Analysing code for potential errors. | ESLint | Yes |
| Formatting | Ensuring that code is formatted in a consistent way. | Prettier | Yes |
| Unit Tests | Tests covering low level logic. | Jest | Yes |
| Coverage | Ensuring coverage remains above 80% | Jest | Recommended |
| UI Tests | Test UI components holistically. | Playwright & Applitools Eyes | Yes for UIs |
| Accessibility | Test accessibility in UI applications. | Accessibility | Recommended for UIs |
| Spell Check | Ensuring words are spelt correctly. | cspell | No |
| Commit Message Check | Ensuring the commit message is formatted correctly. | opinionated-commit-message | No |
| PR Message Check | Ensuring the PR description is formatted correctly. | pr-compliance-action | No |
| Broken Link Check | Ensuring all links are still valid. | broken-link-checker | No |
Rationale
The checks listed above are intended to help us ensure that our code is of a high quality and to help us identify potential issues before they are introduced into the codebase.
At a minimum all repos should have linting and formatting. These checks are quick to add and provide significant benefits at catching issues early. Formatting is particularly important as it helps to ensure that code is consistent across the codebase and makes it easier to read.
Unit tests are also a minimum requirement. These tests should cover the low level logic of the application and should be run as part of the PR checks.
UI tests are also a minimum requirement for UI applications. These tests should cover the UI components and should be run as part of the PR checks.
Other checks such as accessibility, spell check, commit message check, PR message check and broken link check are not required but could be useful depending on the application. This repo benefits greatly from the spell check due to the large amount of documentation.
Ways of Working
When doing static code analysis, it is highly recommended to pair often with the developer who wrote the code to understand what the code is doing, why decisions have been made in the logic thinking/code creation process and where the code change can potentially impact the user journey.
The advantages of pairing:
- Helps QAs have a better understanding of what the code is doing and therefore can help catch issues early through asking questions in the development process before testing has commenced.
- Highlight any testing scope changes since refinement.
- Improve working relationships with the development team.
- Build on overall product knowledge.