RBTools 1.0.3: Mercurial Features, Commit Editing, Python 3 Fixes

Today’s release of RBTools 1.0.3 is a big one, featuring enhancements for Mercurial support, a vastly improved commit editing experience when landing changes, and several compatibility fixes for Python 3 and various types of repositories.

Landing Commits on Mercurial

rbt land now supports landing commits on Mercurial repositories.

You can land a local change from a Mercurial branch or bookmark, or a remote change from a review request. This will first verify that the change has been approved on Review Board before allowing it to land. Once approved, a new merge commit containing the information and URL of the review request will be placed on your destination branch.

This can also close the branch/bookmark being merged in on your behalf. See the documentation for details.

Improved Commit Editing

Patching a commit with rbt patch -c, or landing a commit with rbt land -e has always let you edit the message for the commit, but the experience was sub-par.

Now RBTools will mimic Git or Mercurial’s standard editing environment, helping your editor show the syntax highlighting or line length limits it would normally show.

Deleting all text in the editor and saving will cancel the patch/land operation.

You can also set a custom editor when working with RBTools by setting the new $RBTOOLS_EDITOR environment variable.

Compatibility Fixes

We’ve fixed a number of Python 3 compatibility issues. These largely centered around:

  • Changes in Python 3.8
  • Windows environment differences
  • Editing or processing commits containing non-ASCII characters
  • Normalizing URLs and paths for Subversion
  • Loading in Perforce metadata
  • Passing --help as the last argument

There’s also a fix for looking up available Git remotes for a branch when a tracking branch isn’t set. Thanks to Joshua Olson for this fix!

See the release notes for the full list of changes.

Read More

ChangeLog: April 2, 2020 — Catching Up

This is our first ChangeLog in several weeks. As you all know, the current pandemic has resulted in a lot of changes and hardships in the world. We’re doing fine here, and our team has stayed healthy and safe, if a little less productive than we’d like as we adjust and take care of our families.

David building a playground for the kids

Still, work never ceases, and it’s time to start keeping you all up-to-date again. Here’s a breakdown of what we’ll be covering today.

  • Support options for Review Board
  • Upcoming increases to RBCommons and Power Pack trial lengths
  • Upcoming releases of RBTools 1.0.3 and KGB 5.0.
  • Review Board 4.0 progress
  • New student demo videos

Getting Support for Review Board

More companies than ever are in full-on work-from-home mode, and this brings with it a lot of new work challenges that are, right now, often mixed with personal-life stresses.

We can help with at least some of that.

Our company offers support contracts for Review Board, which can be tailored to meet your company’s needs. We help with anything from basic Q&A and troubleshooting to custom builds and assistance with developing in-house integrations.

If you’re managing Review Board at your company, and are feeling a bit overwhelmed right now, please reach out. We can help. And we take support seriously.

Basic Support

Basic Support is pretty well-suited for smaller companies that need general troubleshooting, installation/upgrade assistance, or may have other questions.

We guarantee a response by the following day, but always aim for same-day (just depends on the support load).

Unlike our community support forum, all your support requests are handled privately on a dedicated support tracker, where you can manage tickets, provide confidential attachments, and more.

We don’t farm out our support to some outside party. We, the developers of Review Board, will handle your support. You’ll probably hear from me personally quite a bit.

Premium Support

This is a better option for the larger companies.

Or if you’re working on any in-house integrations or need priority bug fixes or need to use an older version of Review Board but may need some custom builds with fixes on occasion.

Or have some terrible emergency that needs to be resolved quick.

With Premium, there’s a same-day guarantee, 24/7/365. We’ll usually respond within an hour, especially if it’s an emergency. I will personally wake up and take care of your issue at 4AM if you need something.

So again, if things are crazy right now and you need a hand, contact us and we’ll talk options with you.

Increases to Trial Lengths

Since things are slower-moving right now (again, with the work-from-home status of so many companies), we want to make sure that you’re not in as much of a rush to evaluate either RBCommons and Power Pack.

So we’re going to be increasing the trial lengths of both from 30 days to 60.

This isn’t done yet, as we’re still preparing the codebases to change this over. In the meantime, if you’re a trial user of either, we’ll try to make sure to be proactive and increase your trial period manually.

If you’re already trialing either of this, contact us for a trial extension.

Upcoming Releases

RBTools 1.0.3

We’re finishing up this release now. It’s a big feature and bug fix release that we’ve been ironing out for a while.

The highlights are:

  • rbt land support for Mercurial
  • A much better commit editing experience (for rbt land and rbt patch)
  • Several bug fixes for various source code management systems and for Python 3 environments

We should have this release out next week.

KGB 5.0

KGB is our Python module for using function spies in unit tests. This lets you track when a function is called, with what arguments and results, and to even override what happens when that function is called.

It’s extremely powerful, and is a big part of how we maintain our large test suites.

We’re preparing a 5.0 release, which adds:

  • Python 3.8 support, with positional-only arguments
  • Workarounds for very corner-casey situations with method decorator that generate a new function every time it’s accessed (what we’re calling “slippery functions,” because they’re hard to hold on to)
  • Probably some new helpers for asserting the results of calls (TBD)

This should be released in the coming weeks. If you’re a Python user, I highly suggest giving KGB a try.

Review Board 4.0 Progress

Almost there.

We were going to get 4.0 in beta form by end of March. That was the goal. We hinted at this last time, and we were feeling good about it, but the impact from the pandemic changed some priorities.

So it’s delayed… I’m not going to give a new date at this point, but nearly everything is ready for beta. We just want to hammer on it some more first, make sure we’re pushing out a solid beta. Pretty much everything, including our extension ecosystem, is ready to go.

Student Demos

As you may know by now, we work with CS students every semester, mentoring them and helping them learn to contribute to real-world code bases through Review Board development.

They recently completed their second demo videos for the semester, showing off what they’ve built. Please take a look. I’m sure they’d love to hear some positive feedback on their videos:

Stay Safe, and Wash Your Hands

(Definitely the catch phrase of 2020, but it’s important!)

Again, if we can help with anything, reach out, or follow us on the community forum, Reddit, Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

Read More

ChangeLog: March 6, 2020 — Nearing Beta

These are exciting times, right? While everyone is preparing for the coronavirus, we’ve been preparing for Review Board 4.0 beta 1.

Review Board 4.0 Beta 1

And the coronavirus.

The shelves are getting pretty empty in my local grocery store, but I’ve kept my sanity.

Preparing for Review Board 4.0 Beta 1

We have an internal target date for 4.0 beta 1, which is coming up very soon, but we’re not prepared to release that just yet. Still a couple factors that might need to delay a week.

This beta will feature:

  • Posting and reviewing multi-commit review requests
  • A brand new, streamlined, mobile-friendly administration UI
  • A full move to Django 1.11, with preliminary Python 3 support (which will affect extensions, so get ready)
  • Read-only mode, letting you prepare for an upgrade without shutting the whole server down
  • A new “Overview” mode in the Dashboard showing all incoming and outgoing review requests
  • A new integration for Jenkins CI
  • Live thumbnails for video file attachments
  • Beginnings of accessibility improvements, improving keyboard input, color contrast, and screen reader integration
  • New JavaScript and CSS components usable by third-party extensions
  • An overhaul of the diff parsers, setting things up for some major future improvements to diffing capabilities (including our in-development new DiffX proposal)
  • Removal of a lot of deprecated internal APIs (again, this may affect extensions)

We’re working on the final bits of the administration UI, and expect to be done by end of next week. Everything is in place, with the exception of the Integrations, Extensions, and Security Center pages. But that’s it!

We’ve also been finishing up the work to make our third-party integrations (Travis-CI, Asana, Jenkins, etc.), Review Bot, and Power Pack all compatible with Review Board 4.0, Django 1.11, and Python 3. These are the last big blockers before release.

After all that is done, beta 1 will be a go!

(Assuming none of us get the coronavirus.)

If you are building custom extensions, please get ready to test this beta. Let us know if you plan to test so we can coordinate with you and give you a heads up on what may change.

RBTools 2.0 Beta

RBTools 2.0 features full support for multi-commit review requests. We’ve had the bulk of this work done for a while, but have been really thoroughly testing it in preparation for a beta, which will go out alongside Review Board 4.0 beta 1.

This week, we’ve finished up the work to apply patches from a multi-commit review request (giving the ability to apply all commits sequentially or squash into a single commit), and to fully land changes.

We’re wrapping this up soon. If you test Review Board 4.0 beta 1, you’ll need RBTools 2.0 beta 1.

What else, what else..

Accessibility Improvements

We’re continuing to work toward improving our accessibility story in Review Board. While we’re nowhere close to where we want to be yet, we’ve amended our policies around new UI components to ensure that keyboard usage and ARIA roles are a first-class citizen in any designs.

If you make use of any assistive technologies, such as screen readers, we’d love to talk to you and get your feedback on a few things!

Video Thumbnails

Review Board 4.0 will be making it easier to glance over file attachments for video files. Just like file attachment thumbnails for images and text files give you a preview of the contents, they’ll soon give you a preview of the video as well.

Hovering the mouse over these thumbnails will cause the video to play (muted) until you move the mouse away. Hovering over them again causes the video to resume from where it left off.

This is great if someone’s using video files to demonstrate their feature. We’re hoping to make this the start of some useful UI around videos.

New UI Components

This past week saw the development of several new accessible CSS/JavaScript components, which can be used by extensions:

New Button Classes

Buttons

We’ve historically had a few different ways to show buttons. Any <input type="button" />, <input type="submit" />, or anything with the .btn CSS class would have a consistent appearance, and could be modified by a set of additional CSS classes.

This has been revised to include <button> (which we oddly did not have before) and anything using the .rb-c-button CSS class (the successor to .btn, which is now deprecated).

Button Groups

Button groups

A button group (.rb-c-button-group in LessCSS) is a collection of buttons, packed together either horizontally or vertically, providing an almost toolbar appearance.

Pop-up Menus

Pop-up menus

The new RB.MenuView (JavaScript) and .rb-c-menu (LessCSS) component manages a pop-up menu that can be shown or hidden as needed. It supports full keyboard navigation and ARIA attributes for accessibility.

We’re working on moving to this in every place that involves a pop-up menu, including review request actions (like “Update” and “Close”) and the Account, Support, and Follow menus in the upper-right of pages.

Menu Buttons

Menu buttons

RB.MenuButtonView (JavaScript) and .rb-c-menu-button (LessCSS) implements a type of button that displays a pop-up menu when clicked.

There are two main ways this can be used:

  1. As a single button that will show some text and a drop-down indicator, used just to display the menu.
  2. As a group of action buttons, all packed together (but visually separated), containing a final button that displays the drop-down menu.

The later is great when you want to offer a common action, but make alternative actions easily available.

Like the new pop-up menus, these provide full keyboard navigation and ARIA attributes for accessibility, and are a great building block for extensions to use.

We hope to provide full documentation at a later time on the standard library of UI components we’re building.

New KGB Release Coming

KGB is our Python module for unit tests, which provides the ability to spy on any function and track the calls and results, or override the behavior. It’s incredibly powerful, and we make heavy of use of it in Review Board and all our other projects.

We’ve just fixed up KGB to work with Python 3.8, so we’re preparing for a release pretty soon.

If you’re a Python developer, check out KGB. Tell your friends. Give us some feature requests. Honestly, it’s pretty complete these days, but we need more reasons to bump the version number.

Alright, that’s enough for this ChangeLog.

Coming Up

We may skip next week’s ChangeLog to focus on finishing beta 1, unless we have anything really interesting to report.

If you want to know more, have any questions, or are curious about anything else, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

Read More

ChangeLog: February 20, 2020 — Accessibility, Student Demos

Hi everyone, and welcome to this week’s ChangeLog. This week, we want to talk about accessibility improvements for Review Board 4.0, and show you what this semester’s students are working on.

If you want to watch some videos instead of reading a bunch of stuff, jump down to Student Demo Videos!

Accessibility in Review Board

As we revise parts of our UI, introducing new features and designing new CSS Components, we have a goal of improving accessibility. We’re aiming to better support screen readers, improve keyboard navigation, and help people with visual impairments.

This will not be 100% implemented by 4.0, since we do plan to release sometime soon, but we will have laid the groundwork, working toward eventually being fully compliant with the Web Content Accessibility Guidelines (WCAG) 2.1.

There’s a lot that goes into accessibility on the web, but there’s two key areas that are important to get right, and are becoming a core part of our design and CSS component specifications: ARIA attributes and keyboard navigation.

ARIA attributes help screen readers and other assistive technologies understand, navigate, and communicate parts of the UI. They can communicate the intent of a UI component, provide more suitable labels or hints to screen readers, notify as important content updates, and more. They’re important, and we haven’t been good at using them, but they’re now being baked in to the design of any new UI we write.

Keyboard navigation is also very important. Not everyone can or wants to use a pointing device to navigate the UI, and we’ve identified several places where keyboard navigation (and focus presentation) is subpar or flat-out broken. So we’re making this a first-class citizen in new UIs, adding new keyboard shortcuts for important content areas or operations, and fixing cases where navigation is just busted.

To be clear, these aren’t the only focuses — there’s a lot more to the accessibility work than this. Improving accessibility is a long-term goal, and Review Board is a big product. We aren’t holding up 4.0 for this, but rather expect to spend time throughout the 4.0.x release cycle to gradually work on this.

And it’s a current focus of some of our student projects.

Student Demo Videos

In an earlier ChangeLog, we announced our new team of students working on Review Board. The big focuses this semester are on keyboard accessibility and first-time setup improvements.

They’ve been working hard for a month now, and have just completed their first (of three) demo videos. We’d like to show them off.

All videos are uploaded to our YouTube channel. Subscribe to keep up with content as we upload it.

Hannah Lin

Hannah’s been working on implementing keyboard navigation for file attachments, letting users focus on the attachments and control the pop-up menu (for reviewing, updating attachments, deleting, and downloading). That was her first warm-up project.

Her main project for the semester is working on a first-time setup guide, for new Review Board administrators. The goal is to help them get a new server up-and-running fast by walking them through the main setup steps as they progress through the administration UI.

Katherine Patenio

Katherine’s first demo covers some initial bug fixing work for RBTools on Python 3, addressing a problem where --help didn’t always work. She’s fixed this up and added a new layer of unit tests we can build upon.

Her main project for the semester isn’t covered here, but she’s going to be working on the rbt setup-repo command, helping streamline getting a new repository set up with Review Board.

Monica Bui

Monica’s also working on keyboard accessibility. Her focus in this demo is improving the New Review Request page, making sure that all elements can be tabbed to and navigated entirely by keyboard.

Xiaohui Liu

Xiaohui’s first project fixes up tab key navigation in the review request page. Previously, tabbing to fields would prioritize the fields on the right-hand side of review requests (Branch, Bugs, etc.) before the main fields (Description, Testing Done), which wasn’t really intuitive. His fix brings some sanity back to tab orders.

His second project is to implement common support in the UI for keyboard shortcuts, making it much easier for us to bake in better keyboard support on every page with less code to worry about.

Xiaole Zeng

Xiaole’s working on improving help within the product, giving users both a single place to go to when needing to find documentation or other useful information, and finding places within the UI where we can offer better inline guidance. For the latter, she’s working on adding helpful descriptions and documentation links when configuring repositories, based on the selected hosting service or repository type.

Next Week

We’re getting a new RBTools release ready to ship, so you’ll see that soon. We’re also testing 4.0 beta 1, and are getting that beta release on the calendar.

If you want to know more, have any questions, or are curious about anything else, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

Read More

ChangeLog: February 6, 2020 — GitHub API Changes, OAuth

Busy couple of weeks here. I’ve personally been sick, hence the lack of a ChangeLog last week. Sorry about that!

We’ve made a lot of great progress on getting Review Board 4.0 ready for beta, and updating the ecosystem of packages (such as Power Pack and Review Bot), but there is one urgent thing that came up that’s taking a bit of our time.

GitHub’s Authorization Changes

For many, many years, GitHub’s API has offered several options for authenticating with the API. Our initial integration with GitHub was written 10 years ago, and while it’s evolved over time, it’s continued to use the same original authentication methods to communicate with the API and link accounts.

In November, GitHub announced their were deprecating those methods. Frankly, due to its proximity to the holidays and some time-consuming work on our plate, this announcement slipped by us.

There are really two main ways in which this affects us:

  1. HTTP requests to the API need to change how they pass API access tokens
  2. We can no longer automatically exchange user credentials for an API access token when linking an account for a repository

GitHub API Authentication

GitHub’s APIs have historically taken an ?access_token=... parameter in API requests, and the original code we wrote to talk to the API continues to use this method. (If it ain’t broke…)

The modern approach is to make use of the HTTP Authorization header to pass in the access token. This is more standards-compliant and probably simplifies a lot of URL building and logging on their end.

This week, they began e-mailing users whose accounts were accessing the API using ?access_token=. You may have seen these, if you linked your GitHub account to Review Board. It’s annoying, but it’s designed to be, so that people update their software in time.

We’ve fixed this internally, and are testing to make sure it works everywhere. We’ll have a build out soon (see our timeline toward the bottom of this ChangeLog).

Linking GitHub Accounts

In order to talk to a source code repository, we typically need credentials of some kind. This may be a username and password, an API key/authentication token, or an SSH key.

Traditionally, we’ve been able to get by with taking the credentials right on the repository configuration page, combining the steps of linking an account and creating a repository. This is just easier for many reasons, and worked great with GitHub.

The GitHub process went like this:

  1. We’d provide fields for a username and password to a GitHub account to use for repository access (though we’d never store the password).
  2. When saving the repository, we’d use those credentials server-side to immediately make a request to GitHub’s Authorizations API to request a new access token.
  3. We’d store that token and use it for all future API access.

This token was associated with the user’s account, and could be revoked at any point. We never had to store the password, like we unfortunately must do with some services that lack any form of authentication token capability.

This had always worked before, but it will be changing going forward, as the Authorizations APIs we used is now deprecated.

Short-term, we’ll be changing the dialog to provide instructions on how to generate a personal access token, and a field for providing it (instead of a password). This is an annoying extra step for users, but it’s a working solution we can employ short-term (and we already use this approach for some other services).

Long-term, we need to modernize the configuration experience, taking full advantage of OAuth web flows for linking accounts.

Challenges of OAuth in Review Board

First, let’s quickly go over OAuth (or, more specifically, OAuth2, the modern version of the standard).

OAuth is a standard way for a service (Service A) to request access to another service (Service B), on behalf of a user. You’ve probably seen basically this before when you’ve initiated a “Log In With Facebook” or when you’ve connected some service to Slack. You click a button, a browser window pops up and presents a page on Service B telling you that Service A wants access via your account, telling you what permissions it requests.

While complicated, it’s a pretty great thing to have in the modern world, but it’s not automatic.

Before Service A can even begin this process, someone must register it on Service B (through whatever mechanism is required by that service — this usually requires filling out a form). The result is a Client ID and a Client Secret, which must be stored somewhere and then used when initiating the OAuth process.

The Burden on Administrators

It’s very important that the Client ID and Secret are kept secure and not shared, and this is where things get more difficult for tools like Review Board.

Review Board is open source and self-installed, so we can’t supply a Client ID or Secret as part of the installation. That means an administrator must perform this task, and this can be a real annoyance when just getting started. It’s worse for some services than others.

Fortunately, it only has to be done once per required service, but we try to avoid this extra step when there are alternatives. We do take care of it on RBCommons so users don’t have to, at least.

In the case of GitHub, they’ve thought through this and have some mechanisms (such as App Manifests) we’re looking into that should aid in OAuth registration, but we haven’t yet figured out how this is going to work in the end.

Timeline: When Is This All Happening?

There’s no public information yet on when GitHub will be removing the old APIs, though we’ve been in communication with them and have a timeline we’re comfortable with. They’re still fairly early in the deprecation process, and have a history of handling deprecations very well.

We have three phases:

  1. Update the API authentication method

    Our plan is to release Review Board 3.0.17 early next week (targeting February 11th, 2020) with this fix.

    We are not planning (at this time) to backport this to older generations of Review Board.

  2. Request Personal Access Tokens when linking accounts

    This is the manual version of what we’ve been doing behind the scenes. Users will need to generate their own token and supply it when linking an account.

    We are planning to provide this a couple months before the API removal date. This is to keep the process nice and simple as long as possible, but to allow time for people to upgrade.

  3. Implement an OAuth web-based account linking workflow

    This will likely come sometime after the API removal, and will be in Review Board 4.0. We’ve been planning this anyway, and it’s not (at this time) needed to remain compatible with GitHub. Though it is the better method.

These plans may change as we go. We might decide to fast-track the OAuth web-based flow, for instance, based on other factors.

We still really want to get Review Board 4.0 wrapped up soon, and a lot of “urgent” things like this have come up, causing further delays, so we’re punting what we can for now.

More on that soon.

Whew.

That was a lot to talk about.

If you want to know more, have any questions, or are curious about anything else, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up with Review Board and Beanbag.

Read More

ChangeLog: January 23, 2020 — Student Sprint and Django Upgrade

What a week it’s been. We have two topics to go over: Last weekend’s student mentorship sprint, and a status update on the big Django upgrade.

The student sprint was great!

Last weekend was our student sprint for CANOSP, kindly hosted by the Startup Edmonton in Edmonton, Canada. There, we met up with our new students from the University of Alberta and University of British Columbia, and spent the weekend getting to know them, teaching them about Review Board and how we do things here, and letting them loose on projects.

Students working hard on projects

David giving an architectural overview

David giving an architectural overview (close up)

We may have been sleepy most of the time (these start early!), and VERY cold (had to sit by a stack of ice cubes to keep warm), but everyone had a lot of fun, and have since been hard at work on their projects.

The main focuses for this semester are accessibility and usability. We’re working to make the product easier to use, improving keyboard navigation, and experimenting with ways to offer useful inline help. Much of this work is slated for Review Board 4.0.

Django upgrade time!

This week also marks the end of Django 1.6 in Review Board. We’ve been working for a long time on getting onto a newer version of Django, which has been a much more complex project for us than for most, and we’re finally ready to bump our Django requirement to 1.11.

Diff showing the change to upgrade to Django 1.11

For those paying attention, Django itself is at 3.0.2, but 1.11 is the last version to support Python 2.7. While Python 2.x is now end-of-life’d, that doesn’t mean it’s not in active use in enterprise, and frankly, many of our users are just not ready to upgrade. So Review Board 4.0 will continue to be providing compatibility for 2.7.

By the weekend, we should be on 1.11, and then we’ll be getting ready to test this in production. If all goes well, a beta will follow soon.

If you build extensions for Review Board, you’re going to need to make some changes to support Django 1.11. We have a bunch of useful information on Django updates on our wiki, which we’ll also include in the release notes. Make sure you give the beta a try and begin porting early.

We offer support contracts that cover development assistance, if you need it.

Back to work!

If you have any questions, or anything you’re curious about and want us to cover, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube (featuring student project videos!) if you want other ways to keep up with what we’re up to.

Read More

ChangeLog: January 16, 2020 — Review Board Status and New Students

Hi everyone. Welcome to the first ChangeLog of 2020! We skipped last week due to the new Review Board 3.0.16 release, so let’s dive in and get caught up.

Review Board 3.0.16

Last Tuesday, we released Review Board 3.0.16. It’s been a long time since 3.0.15, and there are two reasons for this:

  1. Most of our attention of late has been on completing the remaining architectural work on Review Board 4.0 (Python 3 and Django 1.11 porting) and RBCommons user roles and billing updates.
  2. We’ve been trying to carefully design and implement some large backend improvements for repositories and repository configuration, in collaboration with another vendor, and wanted to get it right before we released.

We’ve discussed the repository improvements before, so read that if you want to learn a bit more, but the gist is that we’re giving SCMTools (repository backends) a lot more flexibility in how they present repository configuration, how they’re registered for use in Review Board, and how extra data for repositories get stored. This will lead to some significant improvements in the coming months for a couple of our supported repository types.

Now unless we find some major bug fixes in 3.0.16, it’ll probably be a little while until 3.0.17. We have a backlog of RBTools work we plan to release, and we’re still trying to get 4.0’s architectural rework done.

Review Board 4.0 Status

Most of the rewritten administration UI is in a usable state, and we’re just getting it all ready to be reviewed and landed. After this, we’ll be bumping our Django dependency and performing a bunch of real-world usage tests, just to make sure there isn’t some big breakage some place.

(If you want to learn more about the administration UI work and how it relates to Django and the release, read the ChangeLogs from October 24, 2019, October 31, 2019, and November 7, 2019.)

Once we’re happy, we’ll ship 4.0 Beta 1. Almost there!

New Semester, New Students

Every semester, we take on a batch of CS students eager to work on some real-world project, currently as part of the CANOSP program run by the University of Alberta, Canada.

It all starts this weekend at a get-together in Edmonton, Canada, where we’ll be helping five new students get set up, go over architecture and standards, and start them on their projects.

We’ll talk more about what they’ll be working on next week, but they mostly center around quality-of-life improvements to Review Board.

Wrapping Up The Week

If you have any questions, or anything you’re curious about and want us to cover, please reach out on our community forum.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube (featuring student project videos!) if you want other ways to keep up with what we’re up to.

Read More

RBCommons: User Roles and Billing Updates

We’ve just gone live on a major update to the billing capabilities in RBCommons.

Try RBCommons without a credit card

With all the fraud and stolen credit card numbers out there, it’s no surprise that a lot of people wanted to try RBCommons to see if it was the right fit but weren’t comfortable providing their credit card information right away.

We’ve changed our trial so that you can sign up with only your name and e-mail address, and if you decide to keep using RBCommons, you can add your billing information later.

Separate administration and billing user roles

Many companies have a dedicated person for dealing with billing administration for services. Until now RBCommons has only had a single team administrator role, which provided access to both the billing information as well as everything else for the team. We’ve split up these responsibilities into new user roles:

  • A Technical Administrator can make changes to users, repositories, and other settings, but cannot change or see billing information.
  • A Billing Contact can see invoices and make changes to the billing information, as well as change which plan the team is on. They’ll also receive e-mails whenever we charge the attached card.
  • The Team Owner has access to all administration and billing capabilities. This is equivalent to the old team administrator role.

All team administrators have been updated to become Team Owners. To change a user’s roles, visit your Team Administration → Users page and click the pencil icon beside a user.

Improved invoices

Many countries require invoices to contain certain information, such as an official business name and address, or a tax ID. RBCommons now allows you to add this information in Team Admin → Account and Billing, and it will show up on your invoices.

If you’re a business located in the EU, you can put in your VAT ID and we’ll make sure that the generated invoices contain everything you need for your VAT filings.

If your country has invoice requirements that we haven’t met, please contact us.

Add billing e-mail recipients

You can now add additional e-mail addresses where you’d like any and all billing e-mails sent to. This is really useful if you have a purchasing department or some users who need to track receipts but don’t need access to RBCommons.

You can set these over in Team Admin → Account and Billing → Billing E-mails.

Update to the Privacy Policy

As part of this, we’ve made a small update to our Privacy Policy to list Quaderno as a third-party service used in our billing process. This is a good time to review your privacy choices under My Account → My Privacy Rights.

Feedback?

This has been in the works for a long time, and we’ll be iterating on it based on your feedback. So how’s it working for you? Let us know through the Need Help? button in the bottom-right of any page (opt in to Intercom in My Account → My Privacy Rights) or send us an e-mail at support@beanbaginc.com.

Read More

ChangeLog: December 19, 2019 — Wrapping Up for the Holidays

Hi everyone! Welcome to our final ChangeLog of the year.

We skipped last week, preparing for the big upcoming billing feature launch for RBCommons, which we discussed in November. That’s coming very soon, and once it’s done we’ll be getting back to our regular work on Review Board.

Since that’s the big project we’ve been working on, let’s talk about it some more. Buckle up. This is going to be a long one.

Software Companies, Credit Cards, and Tax Requirements

We have four main goals for our RBCommons billing update:

  1. Give teams better invoices and more control over who can manage billing
  2. Better support credit card safety measures like Strong Customer Authentication and 3D Secure
  3. Be able to better meet invoicing and tax standards in more countries
  4. Making RBCommons team sign-up easier for everyone

We talked about the first one before. So let’s focus on 2 and 3. We’ll be discussing these in simplistic terms — the reality is more complex.

Strong Customer Authentication

Strong Customer Authentication, or SCA for short, is a regulation in the EU designed to reduce credit card fraud. It went into effect in September 14, 2019, and effectively adds a step to credit card charges where the purchaser must authenticate/verify the charge, typically using a verification method called 3D Secure.

This impacts you if you do any business with the EU.

Now, there are exemptions to this. Recurring charges may be exempt. Charges from the US or other countries may be exempt (likely temporarily — the world just isn’t ready to fully comply yet). Other transactions considered low-risk are also likely to be exempt. This all depends, though, on the credit card company and the reputation of the seller.

Enter Stripe, Our Billing Provider

We use Stripe, which takes care of most of this. It’s pretty great. However, we weren’t quite in shape to really leverage their support, for a couple reasons:

  1. We were sending our own receipt and failed charge e-mails to customers, and they weren’t accounting for any SCA-related requirements
  2. While our e-mails went out to all team administrators, Stripe will only send their own e-mails to a single e-mail address, which may not even be current (if the team has been around a while and people have moved on), meaning they may not ever get a chance to verify charges

We knew we wanted to rip out all our e-mails, but Stripe’s one-address limitation was causing us headaches.

Now technically Stripe can send to multiple e-mail addresses, but this can only be configured manually through their Stripe Dashboard UI. The API doesn’t support this yet. So we were stuck.

Enter MailGun Routes

We use MailGun as our e-mail provider, and it has a handful of really nice features. One of them, Routes, allows for setting up rules to match incoming e-mails and do something with them, such as forwarding them on to other addresses or to a WebHook.

We found that we can dynamically create routes that match an incoming e-mail address unique to the team and forward it along to all team users responsible for billing. We can then assign that unique e-mail address to Stripe. They look something like this:

match_recipient('.*@mydomain')
forward('user1@example.com, user2@example.com, user3@example.com')

We can create these when new teams are created, update them whenever the list of billing contacts change, and delete them when the team is deleted. Problem solved!

(But seriously, Stripe, add multiple e-mail address support to your API.)

Invoices and Taxes

So this is the big challenge. Complying with international taxes is hard. There just isn’t really a lot of infrastructure out there to help deal with this, and every country has different requirements. I’m not going to give any advice here, but I’m going to point you all to some useful things we’ve found.

Enter Quaderno, The Tax Guide

First, Quaderno. This service provides a number of tools for helping with tax compliance:

  • You can use it for all invoices and charges if you like, or pair it with something like Stripe
  • It can let you know if you’re missing any customer information necessary to validate them for tax purposes
  • It will show you a breakdown of what countries you currently owe taxes to, and give you the necessary information needed to file those taxes
  • It can even provide a sort of store front, if your needs aren’t too complex

We found Quaderno helpful not just for the tools it provides, but the information. They have an extensive knowledge base on how to comply with tax laws in multiple countries, including tax requirements, invoicing requirements, tax rates and categories, and how to apply for a tax ID in the country.

Just search for “Quaderno <region>” and you’ll find a wealth of information. For instance, here’s their Guide to EU VAT.

Collect Billing and Tax Details

A lot of services aim to collect as few details as possible from customers. This seems like a good approach, especially when you think of the privacy enhancement bills like the GDPR and the California Consumer Privacy Act, but you’ll need to collect a bit more to be tax-compliant:

  1. A full and proper billing address for the company, including country
  2. A tax ID for the business that matches that country

You’ll need to validate these to make sure you’re not accidentally enabling fraud. Most countries make this your problem. Quaderno and other services can help with this.

This information also needs to be on the invoices, and in fact you may need additional details including your own tax ID in that country. Both Stripe and Quaderno can help with this (Quaderno is better geared toward flexible, compliant invoices, but Stripe is better integrated with the rest of the billing process).

So a big part of what we’ve been putting together includes:

  • New settings for collecting company addresses and tax IDs, and validating them
  • Switching to Stripe e-mails and invoices for better compliance
  • Connecting our stuff up with Quaderno to better track tax requirements
  • Augmenting Stripe invoices with information required to meet the requirements in some countries, based on the customer’s billing location
  • In-house processes for managing all this complexity

One More Thing: Credit Card-Free RBCommons Trials

RBCommons currently requires a credit card to sign up for the trial. We’ve had it this way for a long time, since it’s easier to seamlessly turn a trial into a paid plan without interruption, and a lot of our early customers were already familiar with us and had trust in our service. As we’ve grown, though, our customer base has widened, and we’ve wanted to remove this step to help make it as easy as possible to get started.

As part of our big billing update, we’re removing the credit card requirement during setup, and instead guiding people to provide it before their trial expires. We hope this will make more people feel comfortable giving RBCommons a try, and experiencing the type of code and document review we offer.

This will all be launching Very Soon Now (TM).

That’s It for 2019!

This is our last ChangeLog for the year, but we’ll be back early 2020. Keep following us on our blog, Reddit, Twitter, Facebook, and YouTube.

We hope everyone has a wonderful and relaxing holiday season! We’ll be taking some time off to spend with our loved ones (but don’t worry support contract customers — David and I are still on call if you need us).

Read More

ChangeLog: December 5, 2019 — Student Projects, Repository Config

Welcome back, everyone! We’re here with another ChangeLog, this time focusing on a couple things that just wrapped up: This semester’s student projects, and a series of behind-the-scenes repository configuration improvements.

End of a Semester

Last month, we talked a bit about the CANOSP student program run out of the University of Alberta, and showed off some of the work our CANOSP students have done on Review Board.

They’ve all been hard at work improving our Review UI support (custom review UIs for different types of file attachments), building up both the underlying capabilities of a Review UI and creating prototypes of new UIs for new types of files.

They’ve just wrapped up their semester and completed their final demo videos. We’d like to show off their hard work.

Nicole Hagerman

Nicole’s focus has been the underlying Review UI support, allowing Review UIs to be more dynamic and to not be limited to a single URL. This work has been a backbone of other student projects this semester, so we’re covering it first.

On top of this, she’s built a new Review UI for more easily viewing JSON files, both in their source form and in a structured tree-based form.

Adil Malik

Adil built a series of new Review UIs designed for reviewing:

  • XML files, with options similar to the JSON file Review UI built by Nicole
  • Jupyter Notebooks, a popular tool in the Python world
  • Audio files, complete with waveforms and histograms, offering both diffing and commenting

These have come along really nicely, and show the power of our Review UI support (and the work done by Nicole Hagerman).

Ceegan Hale

Ceegan split his time between some improvements to our diff viewer and to our Review UIs as well:

  • Improved the diff viewer’s display of minified files (e.g., .min.js files)
  • Iterated on our in-progress support for showing Review UIs in the diff viewer
  • Built a prototype Review UI for viewing archive file attachments (e.g., .zip, .rar, etc.).

Repository Configuration Improvements

A good chunk of my own time these past few weeks has been to rework the code behind the repository configuration page. Along with an assortment of bug fixes, we’re working to make it easier to configure plain (non-GitHub/Bitbucket/etc.) repositories.

Historically, plain repositories all shared the same set of configuration fields. You had your “Path” field, “Mirror Path,” “Username,” “Password”. A few had special fields like Perforce’s “Use ticket-based authentication,” but they were baked into the repository form and dealt with specially. Third-party repository support couldn’t add their own fields, and administrators had to translate concepts like a Git Clone URL into our concept of a “Path.”

As of the upcoming Review Board 3.0.16, each type of repository will be able to provide its own configuration form. For instance, down the road, Git repositories will have a dropdown for selecting CGit, GitWeb, etc. as the repository content access method, instead of forcing people to type in a cryptic URL.

Here’s a mockup:

Bottom line: It’s going to be easier to configure repositories in upcoming releases.

There’s a lot of under-the-hood work that’s been done to enable this, and that work is also going to lead to some future improvements we’re looking forward to building in the Review Board 5.0 timeframe. Can’t wait to write about it.

Wrapping Up

That’s another week done. We’ll be back next week!

So what do you think so far? Are the ChangeLogs interesting? Boring? Is there something else you want to hear about? Please let us know on the community forum so we can improve these going forward.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up-to-date.

Read More