Developers checking in non-conforming code

Question

Consider a situation where a group of developers work independently(more or less) on projects. The dept. has a published standard to ensure code quality on issues like:

• no inline/embedded/dynamic SQL statements (hand coded by the developer)
• naming conventions
• more

Question

How would you set about enforcing the code quality rules? Are there any code quality analyzers that might catch inline SQL statements? Are there any build-time or check-in tools that can help? (please note: mostly Microsoft environment).

This may be a case for code reviews. Any suggestions on how to review a project's architecture and implementation before publish to Production (or even Staging!). I realize code reviews is a whole set of questions in itself, but any higher level thoughts are appreciated!

Answer 1

I think checking for naming conventions by the time you move to production is a wee bit too late :-)

I'd also guess that for the really important things, automated tools are not good enough. I would not dictate where the curly braces go, but I would enforce clear variable and method names and only other developers can enforce this practice.

If there is a small set of developers that doesn't consider the standards at all, talk to them individually. Otherwise establish a culture in which your developers take responsibility for each other:

• Review every checkin or let your developers check each others checkins. Not every developer is qualified enough to review another developers architectural decisions, but every developer is qualified enough to say "huh, I don't understand that"

• Prevent developers from building their private fiefs that only they know how to maintain.

• Teach your developers "continuous improvement". If you work on a piece of code anyway, clean it up (without introducing new bugs preferably.)

Answer 2

In general, yes such tools exist. Examples for the .NET platform are FXCop and StyleCop.

Answer 3

There's only one way to really enforce standards:

Answer 4

Speaking for Java experience (and you are not specifying which language you are using) I would incorporate tools such as FindBug and Checkstyle into your continuous build process. Some of these tools can add custom rules to run regex based checks so you can set it up to detect inline SQL. Then you just set you build to fail if the serious violations are detected which will force the developers to run code-compliance tools before checking-in the code

Answer 5

If nothing does exactly what you want as far as simple checks of the code goes, you could also use custom build steps that shell out to small checker apps or plugins that you wrote.

It depends on your environment, but I have done so with both Ant and nAnt, as well as build events in Visual Studio.

Answer 6

For Java there is CheckStyle.

Answer 7

It's not enough to keep the bad code out of the repository. You must kill the people who are producing it.