jakzal / Phpqa
Projects that are alternatives of or similar to Phpqa
Static Analysis Tools for PHP
Docker image providing static analysis tools for PHP.
The list of available tools and the installer are actually managed in the jakzal/toolbox repository.
Supported platforms and PHP versions
Docker hub repository: https://hub.docker.com/r/jakzal/phpqa/
Nightly builds: https://hub.docker.com/r/jakzal/phpqa-nightly/
Debian
-
latest(8.0/debian/Dockerfile) -
1.52.0,1.52(8.0/debian/Dockerfile) -
1.52.0-php7.3,1.52-php7.3,php7.3(7.3/debian/Dockerfile) -
1.52.0-php7.4,1.52-php7.4,php7.4(7.4/debian/Dockerfile) -
1.52.0-php8.0,1.52-php8.0,php8.0(8.0/debian/Dockerfile)
Alpine
-
alpine(8.0/alpine/Dockerfile) -
1.52.0-alpine,1.52-alpine, (8.0/alpine/Dockerfile) -
1.52.0-php7.3-alpine,1.52-php7.3-alpine,php7.3-alpine(7.3/alpine/Dockerfile) -
1.52.0-php7.4-alpine,1.52-php7.4-alpine,php7.4-alpine(7.4/alpine/Dockerfile) -
1.52.0-php8.0-alpine,1.52-php8.0-alpine,php8.0-alpine(8.0/alpine/Dockerfile)
Legacy
These are the latest tags for PHP versions that are no longer supported:
-
1.44.0-php7.2,1.44-php7.2,php7.2(7.2/debian/Dockerfile) -
1.44.0-php7.2-alpine,1.44-php7.2-alpine,php7.2-alpine(7.2/alpine/Dockerfile) -
1.26.0-php7.1,1.26-php7.1,php7.1(7.1/debian/Dockerfile) -
1.26.0-php7.1-alpine,1.26-php7.1-alpine,php7.1-alpine(7.1/alpine/Dockerfile)
Available tools
More tools
Some tools are not included in the docker image, to use them refer to their documentation:
- exakat - a real time PHP static analyser
Removed tools
| Name | Summary |
|---|---|
| composer-normalize | Composer plugin to normalize composer.json files |
| design-pattern | Detects design patterns |
| phpcf | Finds usage of deprecated features |
| phpstan-localheinz-rules | Additional rules for PHPstan |
| security-checker | Checks composer dependencies for known security vulnerabilities |
| testability | Analyses and reports testability issues of a php codebase |
Running tools
Pull the image:
docker pull jakzal/phpqa
The default command will list available tools:
docker run -it --rm jakzal/phpqa
To run the selected tool inside the container, you'll need to mount
the project directory on the container with -v "$(pwd):/project".
Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful
to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp".
If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the
--init option. Please refer to the docker run documentation for more information.
docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa phpstan analyse src
You might want to tweak this command to your needs and create an alias for convenience:
alias phpqa='docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa:alpine'
Add it to your ~/.bashrc so it's defined every time you start a new terminal session.
Now the command becomes a lot simpler:
phpqa phpstan analyse src
GitHub actions
The image can be used with GitHub actions. Below is an example for several static analysis tools.
# .github/workflows/static-code-analysis.yml
name: Static code analysis
on: [pull_request]
jobs:
static-code-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- name: PHPStan
uses: docker://jakzal/phpqa:php7.4-alpine
with:
args: phpstan analyze src/ -l 1
- name: PHP-CS-Fixer
uses: docker://jakzal/phpqa:php7.4-alpine
with:
args: php-cs-fixer --dry-run --allow-risky=yes --no-interaction --ansi fix
- name: Deptrac
uses: docker://jakzal/phpqa:php7.4-alpine
with:
args: deptrac --no-interaction --ansi --formatter-graphviz-display=0
Bitbucket Pipelines
Here is an example configuration of a bitbucket pipeline using the phpqa image:
# bitbucket-pipelines.yml
image: jakzal/phpqa:php7.4-alpine
pipelines:
default:
- step:
name: Static analysis
caches:
- composer
script:
- composer install --no-scripts --no-progress
- phpstan analyze src/ -l 1
- php-cs-fixer --dry-run --allow-risky=yes --no-interaction --ansi fix
- deptrac --no-interaction --ansi --formatter-graphviz-display=0
Unfortunately, bitbucket overrides the docker entrypoint so composer needs to be explicitly invoked as in the above example.
Starter-kits / Templates
ro0NL/php-package-starter-kit
A template repository for agnostic PHP libraries. It utilizes the PHPQA image into a Makefile and configures some
tools by default.
ro0NL/symfony-docker
A template repository for Docker based Symfony applications. It utilizes the PHPQA image into
a Dockerfile and integrates in the composed landscape.
Building the image
git clone https://github.com/jakzal/phpqa.git
cd phpqa
make build-latest
To build the alpine version:
make build-alpine
Customising the image
It's often needed to customise the image with project specific extensions.
To achieve that simply create a new image based on jakzal/phpqa:
FROM jakzal/phpqa:alpine
RUN apk add --no-cache libxml2-dev \
&& docker-php-ext-install soap
Next, build it:
docker build -t foo/phpqa .
Finally, use your customised image instead of the default one:
docker run --init -it --rm -v "$(pwd):/project" -w /project foo/phpqa phpmetrics .
Adding PHPStan extensions
A number of PHPStan extensions is available on the image in /tools/.composer/vendor-bin/phpstan/vendor out of the box.
You can find them with the command below:
phpqa find /tools/.composer/vendor-bin/phpstan/vendor/ -iname 'rules.neon' -or -iname 'extension.neon'
Use the composer-bin-plugin to install any additional PHPStan extensions in the phpstan namespace:
FROM jakzal/phpqa:alpine
RUN composer global bin phpstan require phpstan/phpstan-phpunit
You'll be able to include them in your PHPStan configuration from the /tools/.composer/vendor-bin/phpstan/vendor path:
includes:
- /tools/.composer/vendor-bin/phpstan/vendor/phpstan/phpstan-phpunit/extension.neon
Debugger & Code Coverage
The pcov code coverage extension, as well as the php-dbg debugger, are provided on the image out of the box.
pcov is disabled by default so it doesn't affect performance when it's not needed,
and doesn't break interoperability with other coverage extensions.
It can be enabled by setting pcov.enabled=1:
phpqa php -d pcov.enabled=1 ./vendor/bin/phpunit --coverage-text
Infection users will need to define initial php options:
phpqa /tools/infection run --initial-tests-php-options='-dpcov.enabled=1'
Contributing
Please read the Contributing guide to learn about contributing to this project. Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.