Code Review & Merge Request Standards

Code Review Checklist

A thorough code review process ensures code quality, maintainability, and security. Use this checklist for every pull request:

• Ensure code follows all Nugsoft standards and best practices (naming, formatting, structure).
• Check for clear, descriptive naming of variables, functions, classes, and files.
• Validate that all new or changed code is covered by tests (unit, feature, integration).
• Review for security vulnerabilities (input validation, output escaping, authentication, authorization).
• Check for performance issues (inefficient queries, unnecessary loops, excessive memory usage).
• Ensure documentation is updated (PHPDoc, inline comments, API docs).
• Confirm that code is DRY (Don't Repeat Yourself) and modular.
• Verify that error handling and logging are implemented where needed.
• Ensure code is compatible with existing features and does not introduce regressions.

Merge Requests

• Require at least one approval before merging; two for critical changes.
• Ensure all CI/CD checks pass before merging (tests, linting, build).
• Use descriptive titles and summaries for merge requests (e.g., "Add user authentication module").
• Link merge requests to related issues or tasks.
• Address all review comments before merging.
• Delete feature/bugfix branches after merging to keep the repository clean.

Best Practices

• Use GitHub pull requests for all merges into main or develop.
• Assign reviewers with relevant expertise.
• Use labels and milestones to organize and prioritize merge requests.
• Communicate clearly in review comments and resolve discussions before merging.
• Use squash and merge for combining many small commits.

Example: Merge Request Description

Title: Add invoice PDF generation

Summary:
- Implements PDF generation for invoices using dompdf
- Adds unit and feature tests for PDF output
- Updates documentation for new endpoint

Related Issues: #123, #124