In a recent Salesforce World Tour event, a conversation came up on code review process and tools for Salesforce Apex Code changes. Code reviews ensure that multiple members of your team have at least seen each line of code in your Salesforce application. The reviewers are looking at several perspectives. They can look at logic errors and code quality, missing acceptance criteria and test coverage. The code review in the most simplistic terms means that salesforce teams can be rest assured. The greater quality of code, the greater baseline understanding by teams, increased security and in general greater efficiency, are some of the benefits for these reviews.
But beyond understanding the benefits of code reviews this article aims at equipping admins and developers with the experts’ view on code review processes and tools for Apex code changes. We posed a question to leading Salesforce gurus and here is what they had to say.
Our first response comes from Enrico Murru, Solution & Technical Architect @ WebResults (Engineering group), Creator of ORGanizer for Salesforce. Enrico is a Salesforce MVP with a great blog for all salesforce IT.
In Enrico’s blog, Salesforce/VCS, The team factor or how a business analyst can affect the overall delivery speed, he touches on the topic of code reviews and writes, “having your development reviewed has too many benefits to skip it. It prevents you from introducing a bad design crippling the project in the long run for short term success. Insights are shared within the team so there are no surprises. And you become a better developer through feedback.”
Here is Enrico Murru’s response to our question, What are your favorite well documented code review processes and tools for Salesforce Apex code changes?
When I hear about code reviews I think of my first days as a (Apex) programmer, about 10 years ago. At that time, we were a small company with few highly skilled developers but no time/budget for code quality reviews and the only reviews I got were pair programming with senior developers: projects were absolutely bigger than us but we were not scared and we acquired such a level of professionality and skills, with a certain dose of ingenuousness.
Time went by, we grew up (more than 10x in 10 years!) and we understood that we need code/configuration quality review in our projects. We started building an internal tool for:
- Apex test automatic coverage calculation and notifications
- Daily inspection of new classes / triggers / pages / lightning components / metadata components to see if they followed naming conventions (sometimes junior devs have deep fantasy in naming things)
- Async jobs monitoring
- Apex jobs errors notifications
But this was not enough, manual inspections on commits were expensive and error prone, we needed automatic code analysis to help us on daily and repetitive tasks.
With automatic code analysis programmers’ life became easier, the anxiety levels had decreased at decent levels (although I believe for programmers like me anxiety is like a fuel) and we can concentrate on the best part of coding, that is creativity!
I cannot suggest you the best way to promote code analysis on your company, it depends on coders experience, project size and type, but the only suggestion is do it with whatever mean you want but do it to promote a good coding culture.
Our next response comes from Abhilasha Singh. Abhilasha is a Salesfroce MVP and Salesforce developer at Dazeworks. She has an active twitter feed and shares a lot of good tips on the world of salesforce dev.
Salesforce development is unique because of its “clicks not code”. Code reviews will still benefit features which are created through the Salesforce UI. Git is the one of the best tools for code reviews. Code reviews work best when it’s possible to create branches for your code which are separate from the master branch. Git makes this really easy. It also makes it easy to compare a previous branch with the new branch.
Here are a few tools I recommend using for the Apex code changes:
- Change Sets: It is useful when you need to migrate the metadata between related organizations. In changeset you need Deployment connection between the orgs.
- Developer Console: This is browser based developing environment which is used to create, test and debug application in salesforce org. We can also write and edit SOQL and SOSL queries.
- Workbench: This is one of the web-based suite of tools designed for salesforce admins and developers to interact with https://Salesforce.com org with the https://Force.com APIs. Using this admins and developers can easily view their data into the org. It can also perform SOQL, SOSL, test, deploy, session settings and troubleshoot their own application.
- https://4.Force.com IDE: For this, first we need to install Eclipse (a developer tool used by all types of developers across the world), then only we can install https://Force.com IDE. Based on the Eclipse platform and built on the Tooling API, the https://Force.com IDE provides a comfortable environment for programmers familiar with integrated development environments, letting you code, compile, test, package, and deploy all from within the IDE.
- ANT Migration Tool: This toolkit is similar to Eclipse IDE except that it is intended to be used as a Salesforce deployment tool which can be scripted and automated without requiring UI interactions. This makes ant migration toolkit ideal for things like continuous integration and automatic deployment.
Our third response comes from Paarth Jolly, CEO & Founder at YVExperts. Paarth, has been an active blogger, and We Both Code, and leader in the Salesforce Community since 2013, and has been working with Salesforce.com, for developing Sales and Service cloud applications. This includes both standard and custom functionalities. Here is what Paarth had to add to our blog:
Code review is an important part of Salesforce Implementation. Sometimes we write code which works perfectly fine according to business aspect but has some syntax error which can cause trouble while promoting the package/code to AppExchange. Two key process for code reviews are code optimization and using the secure coding guidelines provided by Salesforce.
Code optimization is the initial step after you are done with coding. While Salesforce is an amazing platform, there are tons of limitations. Developers must always keep in mind the limits in the backend system and try to always to write code in dynamic way so in the future it can be used in various places accordingly.
When developing and writing the code I always focus on the following things:
- Avoid SOQL Queries or DML statements inside FOR Loops
- Bulky/triggers your Code
- Bulky your Helper Methods
- Using Collections, Streamlining Queries, and Efficient for Loops (Use maps and avoid nested for/do-while loops)
- Comments, lots of comments to easy understandable to any another developer
- Use of the Limits Apex Methods to Avoid Hitting Governor Limits
Secure Coding Guidelines
Secure coding guidelines is essential for any developer. You can find a complete guide provided by Salesforce which explains how to ensure your code/package pass a security review process, so you can have your app available on AppExchange.
Next we have Meighan Brodkey, Senior Consultant Community Specialist at GearsCRM and the Seattle Women in Tech User Group Leader. Since 2008, Meighan has been sharing Salesforce experiences, tips, tricks, and best practices with Admins everywhere on her blog. Here is what Meighan had to say.
Making sure you have checks and balances in a project is essential. One thing that I do on every project is keep a backup of your metadata as we continue to build, having some form of source control. This lets you have that reference to go back to if need be and make sure everyone is being tracked for changes and reviewed before your deployment.
As you troubleshoot or enhance your code, bugs can happen, this will let you go back to that previous version to see what was working so you can find out where problems started. Not only your code like lightning components, classes, etc. should be included, but also all metadata, objects, your flows, etc, so you can always go back vs re-doing everything from scratch. It is important to have a single location (GithUb, BitBucket, etc) that everyone branches from for a feature branch or a single branch everyone works with. As each component is approved, merging into the master lets you ensure that you have the approved work vs in progress work separated.
A great way to do this is with pull request, having each developer complete their work and submit when complete. This can’t be the only check in place. Having a developer that didn’t write the code, or the TA on a project complete a code review on each item ensures you have that second set of eyes and don’t miss best practices or a requirement. Even as the architect on projects, I have a developer review my code vs myself to make sure I didn’t miss something.
Our fifth response comes from Abhi Tripathi, Salesforce Developer at Homestar Financial Corporation and Salesforce Evangelist. Abhi’s blog, Cloudyabhi covers topics Salesforce best practices offering top tips to dev and admins to get their jobs done. Read Abhi’s suggestions for code review processes and tools for Salesforce Apex code changes.
Salesforce is an awesome platform, and has an incredible community that helps their developer and admins to grow in their careers. With Salesforce’s communities we get a lot of great tools which make developer and admin life easy. One of the important practices in project implementation is code review, as it insures your team has visibility into your applications code. Here is the list of few tools which I have found to help review apex codes:
1 Checkmarx : Checkmarx provides a great tool to secure your apex and visualforce code. It’s easy to integrate with your salesforce org and provides you with a whole report. This report has the points of changes and what to change. I personally recommend this tool for your application and code security.
- Codescan: Code Analysis Tools for Salesforce. This AppExchange tool is really easy to use and install in your salesforce org. It helps developers to identify bugs and increase the quality of your code. This tool provides incredible UI to analyze your orgs apex code.
- Clayton : Clayton is a next gen tool that does everything you need for your Salesforce application to be the best. It’s very easy to setup and use. Clayton integrates into your code repositories and enforces quality and security standards across your organization, at all times, while your apps are built. It provides you analyses on not only apex but lightning component code as well.
- Code Climate : This tool automates code review for test coverage, maintainability and more so that you can save time. It provides you real time feedback of your code to help maintain good code as you go. It also provides test coverage line by line, integrated with your github repo, run analysis locally and team management with permission visibility.
See more by Abhi
Our last response comes from Alex Sutherland. Alex is a Salesforce Solution lead architect with long-time experience designing & delivering unique enterprise solutions on the Salesforce platform for the public sector. Follow Alex on Twitter to gain more insights from a leading technologist, strategist, and Salesforce advocate. Here is what Alex had to say about his code review process.
In addition to Git, in a collaborative development team it is absolutely essential to have a development environment that make it easy for your team members to commit to their changes to the repo. My current favorite is Illuminated Cloud which is a plugin for JetBrains IntelliJ and WebStorm IDEs. Having tight integration with the Git repo will dramatically increase the consistency and quality of commits to the repo by the development team.
Lastly, I would also suggest using a static code analysis tool like Checkmarx, PMD or Panaya. Static code analysis helps to identify problematic design patterns and security flaws in the code. Catching these gaps in the code base early in the development cycle will increase the likelihood that they are resolved while it is still cost effective to do so.
One final thing I believe is crucially important for the Salesforce dev community to embrace is the importance of unit test coverage and the benefits of robust test cases and test suites. Some members of the Salesforce community are unhappy with the mandate that they need to write unit tests for their code in order to deploy it to production. However, they underestimate the value of proper unit testing and how much effort and expense these tests can save them down the road if implemented properly. Unit tests should be the final insurance that changes to the environment are producing the expected results, and are an essential part of a robust release management process.
We also posed this same question to our in-house salesforce expert Ira Dizengof. Ira added one last element to a successful salesforce code review processes, and that was the importance of adding impact analysis to any change you want to make to your code. With impact analysis, business analysts, dev and admins can understand the impact of all code developed before they begin to develop anything. By viewing a list of all impacted components as well as their usage statistics, teams can better prioritize any change.
In Ira’s case she relies on Panaya ForeSight for Salesforce to not only ensure quality code, but also quality releases. With Panaya ForeSight, teams gain real time visibility and control of all SFDC projects and releases. With a detailed Risk Cockpit teams have a holistic view of the entire project or release and its risk covering areas such as requirements completion, development, test plan coverage as well as tests and defects execution progress.