Static Analysis: Elevate Your Code Quality with PHPStan and Psalm
Introduction
Static analysis is a powerful technique for analyzing your code without actually executing it. It helps identify potential errors, inconsistencies, and code smells early in the development process, leading to more robust and maintainable PHP applications.
In this Blueprint, we leverage two leading static analysis tools: PHPStan and Psalm. Let's explore how they work and how to integrate them into your DDEV-powered PHP projects.
PHPStan: Your Code's Guardian Angel
PHPStan focuses on finding errors in your code, such as:
- Undefined variables and methods
- Type mismatches
- Incorrect function calls
- Dead code
Integrating PHPStan
- Require PHPStan:
- If PHPStan is not already a dependency in your project, add it using Composer:
ddev composer require --dev phpstan/phpstan
- If PHPStan is not already a dependency in your project, add it using Composer:
- Configuration:
- The
phpstan.neon.dist
file in your project root provides the base configuration for PHPStan. You can customize it further by creating aphpstan.neon
file to override or extend the default settings. - Key configuration options:
parameters.level
: Sets the analysis level (0-9, higher levels are stricter).paths
: Specifies which directories or files to analyze.includes
: Includes additional configuration files.rules
: Defines custom rules or excludes specific checks.
- The
- Running PHPStan:
- Within DDEV: Use the following command, which is also defined as a Composer script:
ddev composer phpstan
- In your IDE: Install the PHPStan plugin for your IDE to get real-time feedback and inline error highlighting.
- For SonarQube Integration: If you're using SonarQube, you can generate a report compatible with SonarQube using:
ddev composer phpstan:sonar
- Within DDEV: Use the following command, which is also defined as a Composer script:
Psalm: Type Safety at its Finest
Psalm takes static analysis a step further by focusing on type safety. It helps you:
- Enforce strict typing in your code
- Identify potential type-related errors
- Improve code readability and maintainability
Integrating Psalm
- Require Psalm:
- If Psalm is not already a dependency in your project, add it using Composer:
ddev composer require --dev vimeo/psalm
- If Psalm is not already a dependency in your project, add it using Composer:
- Configuration:
- The
psalm.xml
file in your project root configures Psalm. Customize it to match your project's specific needs and coding style. - Key configuration options:
issueHandler
: Configure which issue types to report and their severity levelsstubs
: Include external type definitions for third-party librariesplugins
: Extend Psalm's functionality with plugins
- The
- Running Psalm:
- Within DDEV: Use the following command:
ddev composer psalm
- In your IDE: Install the Psalm plugin for your IDE to get instant type checking and suggestions as you code
- For SonarQube Integration: Generate a SonarQube-compatible report with
ddev composer psalm:sonar
- Within DDEV: Use the following command:
Conclusion
Static analysis tools like PHPStan and Psalm are invaluable assets for PHP developers. By integrating them into your DDEV-powered projects, you can catch errors early, enforce best practices, and ensure your codebase is robust and maintainable.