Quick spin with Amazon CodeGuru Support for Python — Part II
In the first part, Quick spin with Amazon CodeGuru Support for Python, I mentioned I would demonstrate how to reduce time spent by engineers and hiring teams in identifying functional code issues in code challenges with Amazon CodeGuru Reviewer. This post walks through a short demo on how to orchestrate Amazon CodeGuru Reviewer Pull Request reviews with AWS Step Functions and AWS Lambda.
Getting engineers to respond to internal pull requests can sometimes as time consuming, let alone external pull requests from potential new hires. I remember a while back, when I applied to an engineering role and completed a code challenge. I had to send followup emails and reminders before my pull request was reviewed. This is not because engineers don’t want new members on their team, rather it is due to the fact engineers do not appreciate context switching.
Therefore, what if we reduce the time engineers spent on reviewing functional issues in code reviews and let them focus only on assessing the business logic implementation? Enter Amazon CodeGuru Reviewer, although I would refer you to my previous post for a brief introduction. In this, I share with you how to orchestrate a serverless workflow that sends notifications when Amazon CodeGuru Reviewer recommendations become available after it completes pull request reviews. With this approach, I no longer have to log into the Amazon CodeGuru Reviewer web console to view recommendations. The recommendations are delivered right to my email.
How it works
- One a periodic schedule, an AWS Lambda function checks to see if there are pending pull request reviews in Amazon CodeGuru Reviewer.
- Immediately it finds any, it automatically triggers an Amazon Step Function state machine which does the following:
- Polls for the state of the code review
- Once the code review is completed, it immediate sends Amazon CodeGuru recommendations via Amazon SNS Topic to the team email address provided. For faster response times, the notification can be integrated with Slack or any other work instant messaging service.
AWS Step Functions State Machine Diagram
Limitations
As of the time of this writing, Amazon CodeGuru Reviewer does not publish events to Amazon CloudWatch, this is the reason for triggering the AWS Lambda function on schedule. The consequence of this is that, the trigger might miss some Amazon CodeGuru Pull Request reviews that were completed without notifying the team. I would assume this is feature to expect from the Amazon CodeGuru team.
Extensibility
This serverless application can be extended from polling for pull requests only to full repository scans and security scans. As already mentioned, this can reduce the time spent by engineering teams in identifying functional level issues. Hence, helping engineering teams focus on debugging business logic.
I would strongly recommend this approach for security teams so as to detect and mitigate security vulnerabilities as early as possible. This can be achieved with GitHub web hooks or Amazon CloudWatch Events for AWS CodeCommit. The project is available on GitHub and feel free to customize to your needs.
