Hosted, Private Code Reviews with Rietveld

We conduct code reviews prior to check-in. However, we're a new startup operating almost exclusively in the cloud. We use Assembla for managing our code and tracking our issues, but they don't (yet) offer code review tools. We Googled for things like "hosted code review tools", and the main candidate that came up was Google's Rietveld, which can theoretically be hosted on App Engine. We like this because of the cost (free).

We note that Rietveld (the code base) is hosted by Google at codereview.appspot.com for public use on source that people are willing to make "open". We required (a) private reviews, and (b) connection with a private code repository. Thus, we need to host our own.

It turns out that there was actually some configuration cost to setting up Rietveld for private use. Here's what we did:

0. Requirements

• Google Apps domain


• App Engine account


• SVN repository that can be accessed via http

1. Enable Password Protection

Once you've checked out the source code, edit app.yaml to require user authentication, and to enforce SSL. We added the last two lines:

- url: .*
  script: main.py
  login: required
  secure: always

2. Enable Access to Password Protected Source Control

This is a hack, I haven't invested much time in making this a general purpose solution. However, it works.

First, you may freely use the following code to generate an authentication string:

'''
Change username and password below, then run to print a string that can 
be inserted into request headers, like this:

result = urlfetch.fetch(url, headers={"Authorization": "Basic %s" % 'RESULT_OF_THIS_FILE'})

thanks to: http://www.voidspace.org.uk/python/articles/authentication.shtml
'''
import base64

username = 'my assembla username'
password = 'my assembla password'
base64string = base64.encodestring('%s:%s' % (username, password))[:-1]
  
print base64string

Then, modify the following line in /codereview/engine.py to incorporate the authentication string you used above:

    #result = urlfetch.fetch(url)
    result = urlfetch.fetch(url, headers={"Authorization": "Basic %s" % 'YOUR AUTH STRING HERE'})

3. Upload to the Cloud + Configure Permissions

Once you've made these modifications, create a new App Engine application that's secured to your Google Apps domain. When you're creating the new app, check "Restricted to the following Google Apps domain", and tell it about your Google Apps domain.

Upload your code. Conduct code reviews.


Limitations and and Annoyances

Our experiences haven't been bug free. For starters, you cannot use the "upload.py" script, but must create reviews using the online forms. Also, we see the occasional "Old Chunk Mismatch" error that impedes side-by-side viewing (documented here).

Also, please note that the hack we've documented here isn't horribly secure. Please don't do this if security is a top priority to you.

Good luck!