Documentation VIP Code Review Theme Review

Theme Review

Overview #

Every line of code that is committed to VIP Go is reviewed by the VIP Team. This document covers the theme submission and review process, typically for new clients getting set up on VIP Go.

↑ Top ↑

Preparing for Theme Review #

When you open a ticket to notify us of an upcoming review, please include the following information:

  • Name of Theme:
  • Expected launch date:
  • Short description of theme
  • Brief architectural overview:
  • What plugins does this theme use?
  • Does the code follow WordPress Coding Standards?
  • Has this code been run through the VIP Scanner, and had all blocker-level issues addressed and other errors closely investigated?
  • Have you checked the theme for “Blockers” as listed in our documentation?
  • Is the code GPL compatible, or custom-code written in-house?
  • Who are the main representatives from your team responsible for launch and should be included in communications?

A few helpful tips:

  • It’s very important that you perform your own code review on the theme, checking carefully for any “Blockers” we have listed.
  • VIP does not accept off-the-shelf, commercial themes since they tend to be overloaded with excess functionality and code which are potential security and performance risks. If you have an off-the-shelf theme that is lean, mean, secure, and performs well then let’s talk. If you’re looking for something robust to work from, we recommend selecting from one of the 300+ pre-approved WordPress.com themes. The code for all the free themes are available here.
  • If you’re running a number of sites you’ll want to take the common theme approach – it’s a single theme used across multiple sites. If each site contains some unique functionality you can add that via Child Themes. Learn more about child themes here.
  • We review all plugins you include in your theme. We have reviewed a small, but growing list of plugins, and modified some of them to make them more stable, secure, and performant.

↑ Top ↑

Theme Review Process #

When you get set up on VIP Go, will receive access to a Github repository. You will want to start setting up your theme and plugins in this repository, and when you are ready for review, you can notify our team via support ticket.

Once your Theme Review begins, your theme and plugins will be reviewed line by line, making sure your code is secure, optimized, and well-architected. It typically takes 10-15 business days for a full theme review, but this can vary depending on complexity of code and the size of review queue.

Important: During this code review window, only WordPress.com VIP team members should merge branches or commit to the `master` branch. All fixes and new feature development should occur in new branches, with pull requests for WordPress.com VIP to review, feedback on, and merge. This helps the review go as smoothly and quickly as possible.

Here’s the process:

  1. You will have a VIP Engineer assigned to your review. We’ll open issues on Github for things we see that need addressing and assign them to you. If you have any queries about the issue itself, you can add comments to the issue in GitHub.
  2. To address each issue, you can branch off `master`.
  3. When have a branch that you’re happy addresses the issue, submit that as a Pull Request (or “PR”) for merging into staging.
  4. Reference the issue in that PR so that Github picks up on the association.
  5. Assign the PR back to your VIP Engineer.
  6. We’ll review the PRs and so long as there is no additional feedback, we’ll merge and close the issue.
  7. If there is additional feedback, we’ll add that to the PR and assign it back to you. You can update your branch to refine the code, or you can ask us for clarification in a comment on the PR.

While we’re doing the review, if you have additional code (such as new features), you can continue working in a separate branch, and submit updates as PRs against the `master` branch. That way, we can review those in isolation from fixes to the issues we open.

↑ Top ↑

Review Labels #

When we create an issue, it will come with one of the following labels, which have these meanings:

  • VIP Blocker: Issues that must be addressed before we can launch. E.g. serious security or performance issues.
  • VIP Warning: Issues that should be addressed before we can launch. E.g. Security and performance issues that we strongly suggest are fixed.
  • VIP Notice: Other miscellaneous advice/recommendations that we’d encourage you to look at.

All of these will be assigned to a Github milestone called “Launch” so you can easily track progress. You can read more about VIP Blockers, Warnings, and Notices here.

↑ Top ↑

Post-Review Process #

Once you’ve completed initial code review, we will switch your deployment method to the Review Queue. This workflow is designed to allow fast response times for incremental development. During the initial code review we asked you not to commit to the master branch, but you are now free to commit and push to any branch.

Once this happens, you should no longer create PRs for our attention, instead commit or merge code to the master branch and push to GitHub, we will review your code in our internal systems before deploying.

During day to day operation, we will no longer be monitoring GitHub for Pull Requests from you, instead we will be reviewing the commits you push to the master branch on GitHub. Our internal systems will detect these commits, and we will review and deploy (or send feedback and work with you if there are any issues).

Post-Review, the flow of development and review will be:

  • You develop code using your internal development processes
  • To deploy, you push to the master branch
  • Our team will review on the master branch, then either deploy or give feedback
  • At this point, you might want us to setup deploy notifications for your repository. If that’s the case let us know what channels suits you the best (we usually set up email or Slack notifications for our clients).

Documentation is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.