When failure isn’t an option: our path to quality assurance
The web space is fast-moving and constantly evolving. New technologies, frameworks and development strategies are always emerging and radically reshaping the landscape. With so many options at your fingertips, it can be difficult to strike a balance between flexibility and dependability when it comes to quality assurance.
Quality assurance is an important yet easily overlooked aspect of operating in the web space. When something goes wrong, it often does so silently—only to be discovered by a frustrated end user at the 11th hour.
Thankfully, keeping your site accessible and performant can be managed through the application of clearly defined standards and practices. And you don’t need a complete set of standards to get started as this process is one of constant evolution.
From the initial raising of a ticket to the release of a finished feature, The Code Company has put together a set of standards and practices to tackle the issue of QA. These guidelines deliver a smooth and reliable development process for our clients, covering:
- Code quality
- User acceptance testing
- Internal review
- Release process
- Reactive monitoring
1. Issue Tracking and Ticketing
Communication is key, and it is vital that you’re easily accessible to clients. Whether it relates to a new project, a project feature request or an issue to be resolved, your clients need a straightforward way of getting in contact.
If you want to manage complex work such as ongoing retainer development or a new feature or project, tools like Asana, Jira and Trello are helpful. These allow for effective requirements gathering, prioritisation and sign off.
When managing incoming emails, HelpScout can be used for internal tracking and task assignment. This ensures incoming emails are noted and actioned.
If you need to arrange regular communication, consider setting up a Slack group or channel. Alternatively a tool like Zoom is ideal for scheduling meetings.
Getting a thorough understanding of the issue or work required is necessary in order to deliver the appropriate solution.
2. Code development and code refinement
Communication may be key, but it must be backed by expertise when it comes to code development. This is an ongoing process, so adopting a mentality of continual review and refinement may not be helpful. Look for recognised standards in your field and then incrementally extend and improve them moving forward.
WordPress provides its own set of coding and development standards and practices, which we have adopted and extended. We adhere o these standards through the use of automated code-quality tools, such as WPCS, PHPCS and PHPCBF. These integrate directly into the software we use across the team. In simple circumstances, ensuring compliance at the touch of a button. It also provides real-time feedback for developers, without front-loading them with standards’ documents and required reading.
Over time, we have put together our own basic development framework that standardises and simplifies common development tasks. This is another ongoing effort that improves and increases in value with every project we work on. It promotes consistency in development across projects, which reduces onboarding time when moving between them.
3. Tracking code changes and source control software
Development takes place on “local” environments. These are servers that run on the developer’s local computer and are set up to emulate production-like conditions. This allows development and testing to take place with zero risk of impact on production.
Code changes are tracked using source control software, specifically Git. Source control is a must-have. It is is vital for keeping detailed records on what, when, who, how and why when it comes to changes in the codebase.
Pushing your code to an online repository management framework provides redundancy and back ups. We work predominantly with BitBucket but also recommend GitHub.
Developers are required to push their changes to BitBucket regularly. This means there is a low risk of loss of progress in the event that a developer’s computer is damaged unexpectedly. At The Code Company we have clear guidelines on what information developers should provide in their change history, which is reviewed by a senior developer later down the line.
4. User Acceptance Testing (UAT)
For most clients, we provide a separate UAT environment for them to review and approve changes before going to production. Once local development is complete, changes can be deployed to this environment. When reporting to our clients, we believe it is important to provide them with the following:
- An overview of the changes that have been made.
- Where these changes can be viewed and tested in the UAT environment (with direct links where possible).
- Instructions on how to test these changes.
- Any additional issues, limitations or concerns raised during development they should be keep in mind when testing (e.g performance).
- Invite them to provide feedback or raise any concerns they may have on their end.
It’s important for developers to test their work in UAT as well because conditions on their local environment may be different.
If the client has any feedback or desired changes, these can be developed and tested locally before being pushed back up to UAT and seeking client sign-off, if required.
5. Internal review of code quality and structure
When development is complete and has been reviewed by the client, we again review everything internally before moving to release.
The developer sets up a “pull request” using BitBucket, which provides an overview of all the changes. These changes are then “peer reviewed” by a senior developer alongside the original developer either in person or via a voice chat service like Zoom. During peer review, the original developer lays out the requirements and the work that was done. The reviewer checks the code quality and structure, ensures it meets our standards and suggests improvements or raises considerations.
As part of our “continuous integration/continuous deployment” process we also run automated code quality checks in our pull requests to provide another layer of standards assurance. This allows the senior developer more space to focus on other aspects of the review.
6. Release Process
When code changes have been approved by our team internally and by the client they can be released to the production environment. Changes will be deployed based on the client’s needs and the associated risk of deployment. It is unwise to release large changes late on a Friday afternoon in the event things go wrong and you have a skeleton team – or no one at all – on hand to quickly fix things.
Code changes are deployed using a service like DeployBot that provides an overview of the status of deployment and allows for easy rollback of changes in case of emergency.
Once deployment is complete, the developer is required to test their work in production to ensure everything functions as intended. The client is then notified and invited to test in production as a final verification.
After release, we proactively review the site for a period of time using site monitoring tools. With New Relic, we can keep up to date on site performance, errors and other KPIs to ensure any issues are detected and resolved as soon as possible.
7. Reactive monitoring
Reactive monitoring provides another layer of protection against cataclysm. Most of our sites are hosted on managed platforms, including AWS, WP Engine and Pantheon. These services provide 24-hour support and SLAs in addition to taking care of common tasks including server updates. In the event of a 3am bot attack, you can rest assured knowing someone will be there to fix these issues without the need to engage us directly.
Another important part of quality assurance is staying up to date with the latest news, changes and vulnerabilities in the technology we work with.
Subscribing to WP Updates and the WP Vulnerability Updates services keeps us abreast of new updates and vulnerabilities in the WordPress space. This allows us to apply security patches or shutdown known vulnerabilities in a timely manner. Check out the following links for more information:
- WordPress news – https://wordpress.org/news/
- WordPress updates and releases – https://wordpress.org/news/category/releases/
- WordPress vulnerabilities – https://wpvulndb.com/
Monthly WordPress and plugin updates are also scheduled for the sites we manage to ensure everything stays up to date, and your site and its content are more secure.
For all updates, we follow a clearly defined checklist and review process with logging and visibility. This allows us to keep track of what was updated, when and why.
Having a robust quality assurance framework is important to us at The Code Company. Having standards and procedures in place means we can take pride in the projects we deliver.