By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
suggestion
Hyper-practical, zero-fluff guide for engineers who need to review code efficiently, leave actionable feedback, and automate fixes.
You’re a backend engineer on a team of 10. A junior dev opens a PR to refactor an API endpoint. Their code works, but: - They hardcoded a timeout value (30) instead of using the config file.- They duplicated a validation function that already exists in a shared module.- Their error messages are unclear ("Failed" instead of "Failed to fetch user data: {error}").
30
"Failed"
"Failed to fetch user data: {error}"
Without suggestion blocks in GitHub PR reviews:- You write a comment: "Use the config file for timeouts." The dev manually edits the file, pushes a new commit, and you re-review. This back-and-forth wastes 30+ minutes per PR.- The dev might miss your comment entirely, merge the PR, and introduce a bug that surfaces in production.
With suggestion blocks:- You highlight the line, click "Add a suggestion", and GitHub generates a diff that the dev can apply with one click.- The PR is fixed in seconds, and you move on to higher-value work.
Why this matters in production:- Faster merges: Reduce PR cycle time by 50%+ (real data from teams at Microsoft, Google, and startups).- Fewer bugs: Automated fixes mean fewer human errors (e.g., typos, missed changes).- Better onboarding: Junior devs learn faster when they see exactly how to fix issues.- Audit trail: Suggestions are preserved in the PR history, so future maintainers understand why a change was made.
Real-world scenario:You’re the tech lead for a fintech app. A PR introduces a SQL query that’s vulnerable to injection. Instead of writing a long comment explaining parameterized queries, you: 1. Highlight the line.2. Add a suggestion block with the fixed query.3. The dev applies it, and the PR is safe to merge—no risk of the vulnerability slipping through.
markdown ```suggestion // Your proposed code here ```
# After (suggestion) def validate_input(data): if not isinstance(data, dict) or not data: raise ValueError("Invalid input: must be a non-empty dict") return True ```
"This file belongs in
"
markdown This query is vulnerable to SQL injection. Always use parameterized queries:
yaml # .github/workflows/suggestion-tests.yml on: [pull_request_review] jobs: test-suggestions: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: npm test
git checkout -b fix/timeout-bug && git push origin fix/timeout-bug
Scenario: A teammate opened a PR to add a new API endpoint, but they hardcoded a timeout value (30) instead of using the config file.
python timeout = 30 # Hardcoded! Should use config.TIMEOUT
GitHub auto-generates a suggestion block. Replace the code with your fix:
```suggestion timeout = config.TIMEOUT ```
Add a comment explaining why:
Use the config file for timeouts to ensure consistency across environments.
python timeout = config.TIMEOUT
API_KEY = "123"
"@author please rotate this key immediately and use GitHub Secrets."
suggestion timeout = os.getenv("TIMEOUT", 30)
git-secrets
trufflehog
"Use
instead of
markdown This violates our [error handling guidelines](https://wiki.example.com/error-handling). Here's the fix:
markdown @db-team Can you review this query optimization?
API_KEY = "REDACTED"
"Use GitHub Secrets."
"This prevents SQL injection."
GitHub certifications (e.g., GitHub Actions, GitHub Administration) and DevOps interviews often test your ability to: - Use suggestions to enforce coding standards.- Automate fixes with GitHub Actions.- Collaborate efficiently in PRs.
Trap: Suggesting a direct commit (bypasses review).
Scenario: "A teammate keeps making the same style mistake (e.g., camelCase instead of snake_case). How do you enforce consistency?"
camelCase
snake_case
Trap: Manually suggesting the same fix repeatedly (not scalable).
Scenario: "A PR exposes a secret. What’s your next step?"
Challenge:A teammate opened a PR to add a new feature, but their error handling is inconsistent. They use:
if not user: return None
in some places and:
if not user: raise ValueError("User not found")
in others. Suggest a fix to standardize the error handling.
Solution:1. Highlight the first example.2. Add a suggestion: markdown Let's standardize on raising exceptions for consistency: ```suggestion if not user: raise ValueError("User not found") ``` 3. Add a comment: "This matches our [error handling guidelines](https://wiki.example.com/error-handling)."
markdown Let's standardize on raising exceptions for consistency: ```suggestion if not user: raise ValueError("User not found") ```
"This matches our [error handling guidelines](https://wiki.example.com/error-handling)."
Why it works:- Enforces consistency across the codebase.- Links to team standards for future reference.- The author can apply the fix with one click.
pull_request_review
gh
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.