Updates to reflect best practices for PR review

docs/contributing/pull-requests/branching.md

@@ -1,4 +1,5 @@
 ---
+sidebar_position: 1
 sidebar_custom_props:
   access: bitwarden
 ---

docs/contributing/pull-requests/chromatic.md

@@ -1,4 +1,5 @@
 ---
+sidebar_position: 3
 sidebar_custom_props:
   access: bitwarden
 ---

docs/contributing/pull-requests/code-review.md

@@ -1,24 +1,28 @@
+---
+sidebar_position: 2
+---
+
 # Code Review Guidelines
 
 At Bitwarden, we encourage everyone to participate in code reviews. A team will focus primarily on
 their own code reviews, but if you see something interesting, feel free to jump in and discuss.
 
-To have efficient code reviews there are a few things to keep in mind (from
-[Best Practices for Code Review | SmartBear](https://smartbear.com/learn/code-review/best-practices-for-peer-code-review/)):
+A few general guidelines:
 
 - Pull requests should be manageable. If the PR is too large -- significantly above a few hundred
   lines -- ask the contributor if it can be split it up into multiple PRs before reviewing.
-  - This can be tricky in our code base since many things are tightly coupled.
+  - This can be tricky in our codebase since many things are tightly coupled.
 - Take your time when reviewing - expect a rate of less than 500 lines of code per hour.
 - Take breaks - don’t review for longer than 60 minutes.
 
 Don’t feel bad for taking your time when doing code reviews! They often take longer than you think,
-and we should be spending as much time as needed.
+and we should be spending as much time as needed. When you find a bug or defect during PR review,
+the cost of fixing it is much smaller than if it escapes further into the development lifecycle.
 
-:::tip
+:::tip Want to read more?
 
-Bugs or defects found early in the development cycle have a much smaller cost associated with fixing
-them.
+You can find more tips for PR review here:
+[Best Practices for Code Review | SmartBear](https://smartbear.com/learn/code-review/best-practices-for-peer-code-review/)
 
 :::
 
@@ -33,7 +37,16 @@ always welcome! For example, it’s okay to leave some general comments or feedb
 that you don’t have enough knowledge to approve the changes. The author can ask for another review
 from someone else, and there’s nothing wrong in having two reviewers on a PR.
 
-:::info Note
+When undertaking a review, keep in mind that you are taking an ownership stake in the changes. You
+should always strive to provide actionable feedback to the author and to make yourself available for
+any clarifying questions or to pair on fixes suggested.
+
+While we mostly use an asynchronous review process, please don't hesitate to schedule a meeting with
+the author to discuss the changes. While asynchronous communication can be useful, it incurs a time
+penalty which can drag out the review process. Sometimes setting up a short call to discuss the
+changes can save a lot of time.
+
+:::info Assumptions
 
 <a id="assumptions-note"></a> When reviewing code, remember that all software is built to conform to
 a set of assumptions. Features, bug fixes, and other requirement changes represent a change in those
@@ -44,22 +57,36 @@ requirements, which may not necessarily be in line with the previous solution.
 
 ### Review statuses
 
-Please use the review statuses appropriately.
+When completing a review, you can either add comments, request changes, or approve the PR. It is
+important that both the reviewer and the author understand the expectations around each type of
+review, so we use the guidelines below.
+
+:::tip Tip for effective feedback
+
+When providing comments or requesting changes, keep in mind the experience level of the author.
+
+If the engineer is new to the company and the codebase or less experienced overall, they would
+probably welcome more explicit background on your concerns and more concrete suggestions, whereas a
+more experienced engineer would prefer general guidance so that they can solve the problem
+themselves.
+
+:::
 
 #### Comment
 
-Comment is a great way to discuss things without explicitly approving or requesting changes.
+Using comments is a great way to discuss things without explicitly approving or requesting changes.
 
 #### Request changes
 
 Request changes should be used when you believe something **needs** to change prior to the PR
 getting merged, as it will prevent someone else from approving the PR before your concerns have been
 tackled.
 
-We shouldn’t hesitate to use this status, however we should give clear feedback on what needs to
-change for the PR to get approved. Likewise a PR author should not be discouraged by a _request for
-changes_, it's simply an indication that changes should be made prior to the PR being merged. This
-is common.
+We shouldn’t hesitate to use this status. However, it does come with obligations for the reviewer.
+By blocking the PR from progressing, you are taking on additional responsibility and should give
+clear feedback on what needs to change for the PR to get approved. Likewise, a PR author should not
+be discouraged by a request for changes, it's simply an indication that changes should be made prior
+to the PR being merged. This is common.
 
 :::warning Discarding reviews
 
@@ -76,12 +103,14 @@ scenarios where discarding the reviews are generally seen as accepted.
 
 #### Approve
 
-Approving a PR means that you have confidence in that the code works, and that it does what the PR
+Approving a PR means that you have confidence in that the code works and that it does what the PR
 claims. This can be based on testing the change or on previous domain knowledge.
 
 - The PR targets the [correct branch](branching/#which-branching-model-to-choose).
 - You have verified that the linked Jira issue description matches the changes made in the PR.
 - You have read and understood the full impact of the changes suggested by the PR.
+- You have verified that all possible changes have been
+  [unit tested](./../testing/unit/naming-conventions.mdx).
 - You attest that the changes
   - Solve the intended problem,
   - [solve the requirements in the best way](#assumptions-note),
@@ -113,6 +142,7 @@ a time.
   - Does the PR change the areas you expect to be changed?
     - Are any missing?
     - Are any present you didn't expect?
+  - Are unit tests present?
 - Micro View - Focus on individual files.
   - Is the code style adhered?
   - Is the code readable?

docs/contributing/pull-requests/index.md

@@ -97,33 +97,106 @@ changes” to a PR forcing the reviewer to start over again.
 
 :::
 
-## Creating a Pull Request
+## Creating a pull request
 
 The Bitwarden repositories have a _Pull Request template_ which should be followed. This will ensure
-the PR review goes smoothly since it will provide context to the reviewer. <community> Once a
-community PRs has been created, they will be automatically be linked to an internal Jira ticket. The
-internal ticket is used for prioritization and tracking purposes.</community><bitwarden>Include a
-Jira ticket reference so the reviewer can gain all context on the work.</bitwarden> Tag
-`@dept-design` as a reviewer for any UI changes.
+the PR review goes smoothly since it will provide context to the reviewer.<community> Once a
+community PR has been created, it will be automatically be linked to an internal Jira ticket. The
+internal ticket is used for prioritization and tracking purposes.</community><bitwarden> When
+creating the PR include a Jira ticket reference so the reviewer can gain all context on the work as
+well as links to any associated PRs in other repositories.</bitwarden>
 
-## Review process
+<bitwarden>
 
-<community>
+### Tagging reviewers
 
-Once a Community PR has been created a Bitwarden developer will perform a code review, while we try
-to this in a reasonable time-frame, please understand that we have internal roadmaps and priorities
-that may delay this process.
+We use `CODEOWNERS` in each repository to assign the reviewing teams based on the files in the PR.
+These reviews are required for the changes to be merged to `master`.
 
-</community>
+You can tag additional teams or individuals for review as you see fit, including `@dept-design` for
+any design changes.
+
+### Opening the PR for review
+
+As its name implies, marking a PR as "Ready for Review" indicates that you are ready for all
+assigned teams to review it. If the changes are still in progress, leave the PR in `Draft` status.
+Doing this ensures that reviewers can act on the "Ready for Review" as their signal to begin the
+review process without further notification.
+
+### Addressing feedback
+
+It is likely that you will receive some feedback on your PR. You should see this as a positive thing
+-- it signifies a healthy and thorough review process and an organizational commitment to code
+quality. You may receive [comments](./code-review.md#comment) or a
+[request for changes](./code-review.md#request-changes). You are encouraged to engage in
+conversation on the PR to discuss a solution, but if any strong conflicting opinions arise it is
+often best to move the conversation to a synchronous format to avoid any misunderstanding.
+
+When any necessary changes have been made, you should address the comments or request for changes by
+responding in the PR conversation thread. You are not responsible for resolving the conversation --
+that is the prerogative of the reviewer, to ensure that they agree that the question or concern has
+been addressed.
+
+**When you are ready for a reviewer to revisit your changes, you should request a re-review.** This
+will notify the reviewer and ensure a prompt response.
+
+</bitwarden>
+
+## Reviewing the pull request
 
 <bitwarden>
 
-While we mostly use an async review process, please don't hesitate to schedule a meeting with the
-reviewer/contributor to discuss the changes. While async communication can be useful it incurs a
-time penalty which can drag out the review process. And sometimes setting up a short call to discuss
-the changes can potentially save a lot of time.
+At Bitwarden, we believe that the act of reviewing PRs is a critically important part of each
+engineer's job. It is as important, if not more important, than the act of writing code.
+
+To ensure that teams within the organization operate on same set of assumptions for performing
+reviews, we have agreed to a baseline set of expectations.
+
+When a PR author opens a PR for review, they should have the expectation that:
+
+- The act of opening the PR for review is the **only** notification required. Teams are responsible
+  for properly configuring notifications so that team members are aware of their obligations.
+- The reviewing team(s) will respond within **24 hours** to:
+  - Provide a review,
+  - Inform the author when a review will be provided, or
+  - Ask the author to split the work into a smaller PR for review
+
+:::tip Notifications
+
+Our teams use GitHub notifications as the primary method of communication for PR review requests and
+scheduled reminders are highly encouraged to facilitate prompt responses to requests.
+
+- Individual engineers are encouraged to set up [scheduled reminders][user reminders] for
+  themselves.
+- Each team has [scheduled reminders][team reminders] on a dedicated Slack channel (e.g.
+  #team-eng-platform-notifications).
+
+:::
+
+### Follow-up notification
+
+If there is no response to a request for review in 24 hours, the author should reach out to the
+team(s) -- or to individual engineers if assigned -- via Slack to follow up.
+
+This should wait for 24 hours to allow the default process to take place and not overwhelm the team
+with notifications on multiple platforms.
 
 </bitwarden>
 
+<community>
+
+Once a Community PR has been created a Bitwarden developer will perform a code review. While we try
+to this in a reasonable time frame, please understand that we have internal roadmaps and priorities
+that may delay this process.
+
+</community>
+
+### How to perform a review
+
 We've written up some [guidelines](./code-review.md) for reviewing code, which we recommend reading
 before performing your first code review.
+
+[user reminders]:
+  https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/managing-your-scheduled-reminders
+[team reminders]:
+  https://docs.github.com/en/organizations/organizing-members-into-teams/managing-scheduled-reminders-for-your-team