Pull request reviews are required before merging code into Vector. This document will outline Vector's pull request review requirements. The following checklist should be used for all pull requests:
- Are you the code owner for the files that have changed? If not, please involve the appropriate code owner(s). (see Code Owners)
- Is the code addressing a single purpose? If not, the pull request should be broken up. (see Single Purpose)
- Is the code readable and maintainable? If not, suggest ways to improve this. (see Readability)
- Is the code reasonably tested? If not, tests should be improved. (see Testing)
- Is code marked as unsafe? If so, verify that this is necessary. (see Safe Code)
- Is backward compatibility broken? If so, can it be avoided or deprecated? (see Backwards compatibility)
- Have dependencies changed? (see Dependencies)
- Has the code been explicitly reviewed for security issues? Dependencies included. (see Security)
- Is there a risk of performance regressions? If so, have run the Vector test harness? (see Performance Testing)
- Should documentation be adjusted to reflect any of these changes? (see Documentation)
All changes should strive to retain backward compatibility. If a change breaks backward compatibility, it is much less likely to be approved. It is highly recommended you discuss this change with a Vector team member before investing development time.
If you have not, please review Vector's Code of Conduct to ensure reviews are welcoming, open, and respectful.
Code owners should be involved in reviews that touch their code. This is
defined in the .github/CODEOWNERS
file. Involving code
owners ensures all context is applied to reviews since they have intimate
knowledge of the code.
Dependencies should be carefully selected. Before adding a dependency, we should ask the following questions:
- Is the dependency worth the cost?
- Is the dependency actively and professionally maintained?
- Is the dependency experimental or in the development phase?
- How large is the community?
- Does this dependency have a history of security vulnerabilities?
- Will this affect the portability of Vector?
- Does the dependency have a compatible license?
Documentation is incredibly important to Vector; it is a feature and differentiator for Vector. Pull requests should not be merged without adequate documentation, nor should they be merged with "TODOs" opened for documentation.
Vector currently offers 2 methods for performance testing:
- Internal benchmarks located in the
/benches
folder. - A full end-to-end test harness for complex integration and performance testing.
Changes in a pull request should address a single concern. This promotes quality reviews through focus. If a pull request addresses multiple concerns, it should be closed and followed up with multiple pull requests addresses each concern separately. If you are unsure about your change, please open an issue and the Vector maintainers will help guide you through the scope of the change.
Code is read more than it is written. Code must be documented and readable.
Unsafe code should be reviewed carefully and avoided if possible. If code is
marked as unsafe
, a detailed comment should be added explaining why.
Security is incredibly important to Vector. Users rely on Vector ship
mission-critical and sensitive data. Please review the code explicitly for
security issues. See Vector's Security guide for more info.
Code should be reasonably tested. Vector does not require 100% test coverage. We believe this level of coverage is unnecessary. As a general rule of thumb, we strive for 80% coverage, beyond this returns are diminishing. Please use your best judgment, some code requires more testing than others depending on its importance.