Integration von PHPStan
Es soll diskutiert werden, ob PHPStan in die CI aufgenommen wird, um die Codebase stabiler zu machen.
Was ist PHPStan?
PHPStan finds bugs in your code without writing tests.
PHPStan scans your whole codebase and looks for both obvious & tricky bugs. Even in those rarely executed if statements that certainly aren't covered by tests.
Thanks to rule levels you don't get overwhelmed with thousands of errors on the first run. You can increase PHPStan's capabilities on your code at your own pace. It makes work feel like a game.
Enjoy new language features before they come to PHP. Do you dream of generics? Array shapes? Checked exceptions? With PHPStan you can use these today by leveraging the power of PHPDocs.
Was sind Level?
- basic checks, unknown classes, unknown functions, unknown methods called on $this, wrong number of arguments passed to those methods and functions, always undefined variables
- possibly undefined variables, unknown magic methods and properties on classes with __call and __get
- unknown methods checked on all expressions (not just $this), validating PHPDocs
- return types, types assigned to properties
- basic dead code checking - always false instanceof and other type checks, dead else branches, unreachable code after return; etc.
- checking types of arguments passed to methods and functions
- report missing typehints
- report partially wrong union types - if you call a method that only exists on some types in a union type, level 7 starts to report that; other possibly incorrect situations
- report calling methods and accessing properties on nullable types
- be strict about the mixed type - the only allowed operation you can do with it is to pass it to another mixed
Laut diversen Meinungen sollte Level 5 von jedem Projekt erreicht werden (können), um eine grundlegende Stabilität zu bieten.
Jedes Level enthält alle vorherigen Level (also enthält Level 5 auch die Level 0-4)
Weitere Informationen: https://phpstan.org/user-guide/rule-levels
Wie wird PHPStan integriert? (Nutzung der Baseline)
tl;dr: Mit der Baseline werden die Fehler der aktuellen Codebase ignoriert und nur neue Fehler gemeldet
The usual workflow when introducing PHPStan to the CI pipeline is to get the number of errors reported on level 0 to zero and merge that into the main branch. When the developers feel like it, they can try raising the level by one, go through the list of errors, fix all of them, and enjoy increased strictness from that point on.
Beim Erhöhen des Level gibt es dann voraussichtlich eine Vielzahl an Fehlern, die nicht auf einmal behoben werden können. Um dieses Problem zu vermeiden, wird die "Baseline" genutzt:
PHPStan allows you to declare the currently reported list of errors as “the baseline” and cause it not being reported in subsequent runs. It allows you to be interested in violations only in new and changed code.
Was ist zu diskutieren?
In den Kommentaren unten zeige ich beispielhaft die Fehler, die von PHPStan in quiqqer/quiqqer:dev-dev
bei den diversen Levels gemeldet werden.
Auf dieser Basis kann geklärt werden, ob die Integration von PHPStan sinnvoll ist.