Code Review Processes

Code Review nima?

Code Review - bu sizning yozgan kodingizni boshqa dasturchilar ko'rib chiqib, taklif va tuzatishlar berishidadir.

Bu xuddi maktabda inshoni tekshirib berish kabi - lekin kod uchun! 📝

Nima uchun Code Review kerak?

1. Xatolarni topish 🐛

# Reviewer topishi mumkin:
if user.age > 18:    # Nima uchun faqat 18? 
    return True
# Taklif: >= 18 bo'lishi kerakmi?

2. Kod sifatini yaxshilash ✨

// Yomon kod:
function calc(a, b) {
    return a + b * 2 - 5;  // Bu nima qiladi?
}

// Reviewer taklifi:
function calculateDiscountedPrice(originalPrice, taxRate) {
    const priceWithTax = originalPrice + (originalPrice * taxRate);
    const discount = 5;
    return priceWithTax - discount;
}

3. Bilim almashish 🤝

• Yangi dasturchilar o'rganadi
• Tajribali dasturchilar bilim ulashadi
• Jamoaning kod yazish uslubi bir xil bo'ladi

4. Xavfsizlik 🔒

# Xavfli:
password = request.form['password']  # Hash qilinmagan!

# Reviewer topadi:
password = hash_password(request.form['password'])

Code Review jarayoni

1. Pull Request yaratish

# Feature branch da ishlash
git checkout -b feature/user-login
# ... kod yozish ...
git add .
git commit -m "User login funksiyasi qo'shildi"
git push origin feature/user-login

2. PR ning yaxshi tavsifi

## O'zgarishlar

### Nima qilindi:
- User login page yaratildi
- Password validation qo'shildi  
- Session management sozlandi

### Test:
- ✅ Unit testlar o'tdi
- ✅ Manual testing bajarildi
- ✅ Edge case lar tekshirildi

### Screenshot:
![Login page](screenshot.png)

### Checklist:
- [x] Kod test qilindi
- [x] Documentation yangilandi
- [x] No breaking changes

3. Reviewer tanlash

# CODEOWNERS fayli
# Global
* @senior-dev @team-lead

# Frontend  
/frontend/ @frontend-team @ui-designer

# Backend API
/api/ @backend-team @api-architect

# DevOps
/docker/ @devops-team
/k8s/ @devops-team @infra-team

4. Review jarayoni

Reviewer ning vazifasi:

a) Kod mantiqini tekshirish:

# Reviewer savolli:
def divide_numbers(a, b):
    return a / b  # b=0 bo'lsa nima bo'ladi?

# Taklif:
def divide_numbers(a, b):
    if b == 0:
        raise ValueError("Bo'luvchi nolga teng bo'lishi mumkin emas")
    return a / b

b) Performance ni tekshirish:

// Savollar:  
users.forEach(user => {
    database.save(user);  // Har bir user uchun alohida DB call?
});

// Taklif:
database.bulkSave(users);  // Batch save

c) Security tekshirish:

-- Xavfli:
query = f"SELECT * FROM users WHERE id = {user_id}"  -- SQL Injection!

-- Xavfsiz:
query = "SELECT * FROM users WHERE id = %s"
cursor.execute(query, (user_id,))

Review Types

1. Formal Review

• Rasmiy jarayon
• Ko'p reviewerlar (2-3 kishi)
• Detailed checklist
• Enterprise loyihalar uchun

2. Lightweight Review

• Tez jarayon
• 1-2 reviewer
• Asosiy narsalarni tekshirish
• Startup/Agile uchun

3. Pair Programming

• Real-time review
• Ikki kishi birga kod yozadi
• Darhol feedback
• Complex vazifalar uchun

Review da nimalarni tekshirish?

1. Functionality ⚙️

• Kod ishlayaptimi?
• Requirements ni qondiraptimi?
• Edge case lar handle qilinganmi?

2. Code Quality 💎

# Yaxshi kod:
def calculate_user_age(birth_date: datetime) -> int:
    """
    User yoshini hisoblash
    
    Args:
        birth_date: User tug'ilgan sana
        
    Returns:
        int: Yosh (yillarda)
    """
    today = datetime.now()
    return today.year - birth_date.year

3. Performance 🚀

# Yomon:
for user in users:
    for role in user.roles:  # O(n²)
        # ...

# Yaxshi:  
user_roles = {user.id: user.roles for user in users}  # O(n)

4. Security 🔐

# Tekshirish kerak:
- Input validation
- Authentication/Authorization  
- Sensitive data handling
- SQL injection prevention
- XSS protection

5. Maintainability 🔧

• Kod o'qish osonmi?
• Comments yetarlimi?
• Function lar kichikmi?
• Naming conventions to'g'rimi?

Review Comments

Yaxshi comment yozish:

❌ Yomon:

Bu yomon
Fix this
Wrong approach

✅ Yaxshi:

Bu yerda potential memory leak bo'lishi mumkin. 
`close()` methodini `finally` block da chaqirishni taklif qilaman.

Misol:
try:
    file = open('data.txt')
    # ...
finally:
    file.close()

Comment turlari:

1. Must Fix (Majburiy) 🔴

❗ BLOCKER: SQL injection vulnerability bu yerda.
Parameter binding ishlatishingiz kerak.

2. Should Fix (Tavsiya) 🟡

💡 SUGGESTION: Bu function juda uzun. Kichik functionlarga 
bo'lishni taklif qilaman readability uchun.

3. Nice to Have (Ixtiyoriy) 🟢

✨ NICE: Bu yerda caching qo'shsangiz performance yaxshilanadi.
Keyingi iteration da qo'shishingiz mumkin.

4. Question (Savol) ❓

❓ QUESTION: Bu magic number (42) nimani anglatadi? 
Constant sifatida e'lon qilsak yaxshi bo'ladi.

5. Praise (Maqtash) 👏

👍 GREAT: Bu error handling juda yaxshi qilingan! 
Edge case larni ham handle qibsiz.

Review Tools va Platforms

1. GitHub Pull Requests

# Review features:
- Line-by-line comments
- Suggestions (kod o'zgartirish takliflari)
- Approve/Request changes
- Draft PRs
- Review assignments

2. GitLab Merge Requests

# Advanced features:
merge_request:
  approvals_required: 2
  reset_approvals_on_push: true
  disable_overriding_approvers: true

3. Azure DevOps

{
  "reviewerPolicy": {
    "minimumApproverCount": 2,
    "resetOnSourcePush": true,
    "blockLastPusherVote": true
  }
}

4. Bitbucket

• Built-in code insights
• Jira integration
• Smart suggestions

Automated Code Review

1. Linting Tools

# .github/workflows/lint.yml
name: Code Quality

on: [pull_request]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Run ESLint
      run: |
        npm install
        npm run lint
    - name: Run Pylint  
      run: |
        pip install pylint
        pylint *.py

2. Code Coverage

# Coverage requirement
coverage:
  range: 80..100
  round: down
  precision: 2
  
  status:
    project:
      default:
        target: 80%
        threshold: 5%

3. Security Scanning

# Automated security review
security:
  - name: Run Snyk
    uses: snyk/actions/node@master
    with:
      args: --severity-threshold=high

4. Code Quality Tools

# SonarQube integration
sonar-scanner \
  -Dsonar.projectKey=myproject \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=$SONAR_TOKEN

Review Metrics va KPIs

1. Speed Metrics

- PR ochilgandan approve gacha vaqt
- First response time
- Time to merge

2. Quality Metrics

- Defect discovery rate
- Post-release bugs
- Code coverage improvement

3. Team Metrics

- Review participation rate
- Review thoroughness
- Knowledge sharing index

DevOps uchun Code Review

1. Infrastructure as Code Review

# Terraform review checklist:
- ✅ Resource naming conventions
- ✅ Security groups properly configured  
- ✅ No hardcoded secrets
- ✅ Proper tagging
- ✅ Cost optimization

# Kubernetes review:
- ✅ Resource limits set
- ✅ Security contexts defined
- ✅ Proper labels and selectors
- ✅ ConfigMaps instead of hardcoded values

2. Pipeline Review

# CI/CD pipeline review:
- ✅ Proper error handling
- ✅ Secure credential usage
- ✅ Rollback strategy defined
- ✅ Test coverage adequate
- ✅ Deployment strategy safe

3. Docker Review

# Dockerfile best practices:
- ✅ Multi-stage builds
- ✅ Non-root user
- ✅ Minimal base image
- ✅ .dockerignore file
- ✅ Health checks defined

Common Review Problems va Solutions

1. Review Bottlenecks 🚫

Problem: PRlar uzoq kutadi

Solution:

# Automated assignment
code_review:
  auto_assign:
    - team: backend
      files: ["*.py", "*.go"]  
    - team: frontend
      files: ["*.js", "*.vue"]
  
  round_robin: true
  max_reviewers: 2

2. Review Quality 📉

Problem: Sust review

Solution:

• Review checklist yarating
• Training o'tkazing
• Review metrics tracking
• Good/bad example lar ko'rsating

3. Large PRs 📦

Problem: Katta PR larni review qilish qiyin

Solution:

# PR size limits
if [[ $(git diff --name-only | wc -l) -gt 20 ]]; then
  echo "❌ PR juda katta! 20 ta fayldan ko'p"
  exit 1
fi

Best Practices

1. Author uchun:

• ✅ Kichik, focused PR lar yarating
• ✅ Self-review qiling yuborishdan oldin
• ✅ Yaxshi tavsif yozing
• ✅ Test qo'shing
• ✅ Documentation yangilang

2. Reviewer uchun:

• ✅ Tez javob bering (24 soat ichida)
• ✅ Constructive feedback bering
• ✅ Code o'rniga problem ga focus qiling
• ✅ Positive feedback ham bering
• ✅ Questions so'rang, tushunmagan joylarni

3. Team uchun:

• ✅ Review culture yarating
• ✅ Guidelines belgilang
• ✅ Tools va automation ishlatang
• ✅ Metrics track qiling
• ✅ Continuous improvement

Review Checklist Template

## Code Review Checklist

### Functionality ⚙️
- [ ] Kod ishlayaptimi?
- [ ] Requirements qondirilganmi?
- [ ] Edge cases handle qilinganmi?
- [ ] Error handling to'g'rimi?

### Code Quality 💎
- [ ] Naming conventions to'g'rimi?
- [ ] Functions kichik va focused mi?
- [ ] DRY principle qo'llanganmi?
- [ ] Comments yetarlimi?

### Performance 🚀  
- [ ] Efficient algorithms ishlatilganmi?
- [ ] Database queries optimized mi?
- [ ] Memory leaks yo'qmi?
- [ ] Caching qo'llanganmi?

### Security 🔐
- [ ] Input validation qilinganmi?
- [ ] Authentication/authorization to'g'rimi?
- [ ] Sensitive data secure mi?
- [ ] SQL injection himoyasi bormi?

### Testing 🧪
- [ ] Unit tests yozilganmi?
- [ ] Test coverage yetarlimi?
- [ ] Integration tests bormi?
- [ ] Manual testing qilinganmi?

### DevOps 🔧
- [ ] Docker configuration to'g'rimi?
- [ ] Environment variables ishlatilganmi?
- [ ] CI/CD pipeline ishlayaptimi?
- [ ] Monitoring/logging qo'shilganmi?

Xulosa

Code Review - bu zamonaviy dasturlashning ajralmas qismi:

✅ Quality Assurance - kod sifatini ta'minlash ✅ Knowledge Sharing - bilim almashish
✅ Bug Prevention - xatolarni oldindan topish ✅ Team Growth - jamoaning rivojlanishi ✅ Standards Compliance - standartlarga rioya qilish

DevOps engineer sifatida review processni yaxshilash orqali butun development lifecycle ni optimize qilishingiz mumkin!