Leon Weemen

Software Developer @ SIMgroep

Static Code Analysis with Vimeo Psalm and GrumPHP

Recently at my company we played around with static code analysers. What static code analysers basically do is what the name implies: doing code analysis like: Are there any unused methods? Are variables being used? Do closures have a return type?

For PHP there a few different code analysis tools like: PHPmd, Phan, Psalm. There are also SaaS solutions like Scutenizer-CI or SensioLabs Insight.

Although I’m a real fan of Scrutenizer-CI unfortunately I’m not allowed to use any SaaS solution at work so Scrutenizer and SensioLabs Insight were off the list.

We split the team into 3 groups and I started off with Phan but I wasn’t able to compile the ext-ast module so I switched over to Vimeo’s Psalm. Psalm is really easy to get started with.

    composer require --dev vimeo/psalm

Create a config file called psalm.xml like:





    
        
    
    
        
        
        
        
        
        
        
    

and then run:

./vendor/bin/psalm

or if you are using Symfony:

./bin/psalm

My first impression was that Psalm is responding aggressive on everything. My advice would be to take a good look at the configuration of psalm.

When you’re working on a project then you probably want to make sure that every new changed file is without code issues. By default Psalm cannot do this. You have two options:

  • Manually check each new file
  • Run the full scan on every file

Both options are not really doable. Luckily for us PHP developers there is a tool called GrumPHP. GrumPHP is a awesome tool made to do all kind of  checks on new and changed files. GrumPHP does not know yet how to deal Psalm by default. To resolve this issue I wrote a plugin called “grumphp-psalm“. It works very easy:

    composer require --dev weemen/grumphp-psalm

Open your grumphp.yml file and add:

parameters:
  git_dir: .
  bin_dir: bin
  tasks:
    psalm:
       config: psalm.xml
  extensions:
    - Weemen\GrumPHPPsalm\Extension\Loader

That’s all, GrumPHP will now do static analysis on every new or changed file when you try to commit it.

Blog has been born

Oh yeah blog has been born \m/

echo "hello world";

© 2017 Leon Weemen

Theme by Anders NorenUp ↑