Each PR on vets-website will run through an automated process which looks for code additions/modifications which could be considered bad for the platform. If a potential issue is found, a bot will leave an automated comment and request a review from the frontend-review-group.

Triggers

Any of the following items if found in a PR diff will prompt a manual review

  • A call to Sentry

  • ESLint being disabled

  • An icon being added with <i ...

Adding a new trigger

The automation right now only supports triggers in the form of regular expressions. If you can represent your trigger in the form of a regular expression then all you should need to do is add a bit of YAML config.

In the Github Actions workflow file there is a jobs section that has an list of steps that contain each check:

jobs:
  eslint-disable-check:
  ...
  icon-check:
  ...
  sentry-check:
  ...
CODE

Each of these jobs has its own specification up in the section of the YAML config. There is some boiler-plate config that must be included, but to add a new trigger you will only need to change three environment variables:

  • CODE_PATTERN

  • OVERALL_REVIEW_COMMENT

  • LINE_COMMENT

Sentry calls

We review logs to Sentry to ensure that any new logs will be useful and will not contain PII.

Examples:

  • Don't log an entire request response if all that's important is an error code

  • Don't log user-identifying information such as names, emails, or user IDs

Disabling ESLint

We have various ESLint rules in place to help improve code quality. Disabling ESLint rules will be evaluated on a case-by-case basis.

Adding icons

We use Font Awesome as a dependency, which uses the <i> tag for adding icons. Sometimes an icon is used purely as decoration, but other times it is used to convey meaning to the user.

We review to ensure that whenever an icon is being used semantically, those semantics are also conveyed to a screen reader.

Required environment variables

The script relies on some environment variables.

Configured in the github action

  • BOT_NAME

  • PR_NUMBER

YAML config

  • CODE_PATTERN

    • Regex pattern which will trigger a review comment if found

  • LINE_COMMENT

    • Review comment for an individual line comment

  • OVERALL_REVIEW_COMMENT

    • Review comment for the whole review