Recently at my company we played around with static code analysers. What static code analysers basically do is what the name implies: doing code analysis like: Are there any unused methods? Are variables being used? Do closures have a return type?
Although I’m a real fan of Scrutenizer-CI unfortunately I’m not allowed to use any SaaS solution at work so Scrutenizer and SensioLabs Insight were off the list.
We split the team into 3 groups and I started off with Phan but I wasn’t able to compile the ext-ast module so I switched over to Vimeo’s Psalm. Psalm is really easy to get started with.
composer require --dev vimeo/psalm
Create a config file called psalm.xml like:
and then run:
or if you are using Symfony:
My first impression was that Psalm is responding aggressive on everything. My advice would be to take a good look at the configuration of psalm.
When you’re working on a project then you probably want to make sure that every new changed file is without code issues. By default Psalm cannot do this. You have two options:
- Manually check each new file
- Run the full scan on every file
Both options are not really doable. Luckily for us PHP developers there is a tool called GrumPHP. GrumPHP is a awesome tool made to do all kind of checks on new and changed files. GrumPHP does not know yet how to deal Psalm by default. To resolve this issue I wrote a plugin called “grumphp-psalm“. It works very easy:
composer require --dev weemen/grumphp-psalm
Open your grumphp.yml file and add:
parameters: git_dir: . bin_dir: bin tasks: psalm: config: psalm.xml extensions: - Weemen\GrumPHPPsalm\Extension\Loader
That’s all, GrumPHP will now do static analysis on every new or changed file when you try to commit it.