diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
index 1f35006..302ad02 100644
--- a/.github/workflows/code-quality.yml
+++ b/.github/workflows/code-quality.yml
@@ -21,19 +21,24 @@ jobs:
with:
php-version: '8.1'
extensions: mbstring, intl, zip
- tools: composer:v2, phpcs
+ tools: composer:v2
- name: Install dependencies
run: composer install --prefer-dist --no-progress
+ - name: Install WordPress Coding Standards
+ run: |
+ composer require --dev wp-coding-standards/wpcs dealerdirect/phpcodesniffer-composer-installer
+ vendor/bin/phpcs --config-set installed_paths vendor/wp-coding-standards/wpcs
+
- name: Run PHPCS
- run: phpcs --standard=./phpcs.xml .
+ run: composer phpcs
continue-on-error: true
- name: Run PHPCBF (report only)
run: |
echo "Running PHPCBF in dry-run mode to show what would be fixed"
- phpcbf --standard=./phpcs.xml -n
+ composer phpcbf -- --dry-run
continue-on-error: true
phpstan:
@@ -53,8 +58,11 @@ jobs:
- name: Install dependencies
run: composer install --prefer-dist --no-progress
+ - name: Install PHPStan WordPress stubs
+ run: composer require --dev szepeviktor/phpstan-wordpress
+
- name: Run PHPStan
- run: phpstan analyse --level=5 .
+ run: composer phpstan
continue-on-error: true
phpmd:
@@ -75,7 +83,7 @@ jobs:
run: composer install --prefer-dist --no-progress
- name: Run PHPMD
- run: phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist
+ run: composer phpmd
continue-on-error: true
sonarcloud:
@@ -101,7 +109,7 @@ jobs:
restore-keys: ${{ runner.os }}-sonar
- name: SonarCloud Scan
- uses: SonarSource/sonarcloud-github-action@v2.0.2
+ uses: SonarSource/sonarqube-scan-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -133,7 +141,6 @@ jobs:
# Limit the number of issues to prevent GitHub Code Scanning rejection
gh-code-scanning-compat: true
max-allowed-issues: 20
- max-allowed-security-issues: 20
# Limit tools to prevent timeouts and stay under GitHub's 20 runs limit
tool: phpcs,phpmd,markdownlint
continue-on-error: true
diff --git a/README.md b/README.md
index 195bf28..3d1adf6 100644
--- a/README.md
+++ b/README.md
@@ -272,6 +272,24 @@ This project uses several automated code quality tools to ensure high standards.
4. Generate a token in SonarCloud (Account > Security > Tokens)
5. Add the token as a secret named `SONAR_TOKEN` in your GitHub repository or organization settings (see "GitHub Secrets Management" section below)
+5. **PHP_CodeSniffer (PHPCS)**: PHP code style checker
+ * Enforces WordPress Coding Standards
+ * Automatically runs in GitHub Actions workflow
+ * Run locally with `composer phpcs`
+
+6. **PHP Code Beautifier and Fixer (PHPCBF)**: Automatically fixes coding standard violations
+ * Run locally with `composer phpcbf`
+
+7. **PHPStan**: PHP static analysis tool
+ * Detects bugs and errors without running the code
+ * Run locally with `composer phpstan`
+
+8. **PHP Mess Detector (PHPMD)**: Analyzes code for potential problems
+ * Identifies complex code, unused parameters, etc.
+ * Run locally with `composer phpmd`
+
+For detailed setup instructions, see the [Code Quality Setup Guide](docs/code-quality-setup.md).
+
### Using AI Assistants with Code Quality Tools
When you receive feedback from these code quality tools, you can use AI assistants to help address the issues:
@@ -314,7 +332,37 @@ For code quality tools like SonarCloud, organization secrets are recommended if
To run code quality tools locally before committing to GitHub:
-1. **Set up environment variables**:
+1. **Install dependencies**:
+ ```bash
+ composer install
+ ```
+
+2. **Run PHP CodeSniffer**:
+ ```bash
+ composer phpcs
+ ```
+
+3. **Fix coding standards automatically**:
+ ```bash
+ composer phpcbf
+ ```
+
+4. **Run PHPStan static analysis**:
+ ```bash
+ composer phpstan
+ ```
+
+5. **Run PHP Mess Detector**:
+ ```bash
+ composer phpmd
+ ```
+
+6. **Run all linters at once**:
+ ```bash
+ composer lint
+ ```
+
+7. **Set up environment variables for SonarCloud and Codacy**:
* **For macOS/Linux**:
```bash
@@ -334,7 +382,7 @@ To run code quality tools locally before committing to GitHub:
$env:CODACY_PROJECT_TOKEN="your_codacy_token"
```
-2. **Create a .env file** (alternative approach):
+8. **Create a .env file** (alternative approach):
```
# .env (already included in .gitignore to prevent committing secrets)
SONAR_TOKEN=your_sonar_token
@@ -347,7 +395,7 @@ To run code quality tools locally before committing to GitHub:
source .env
```
-3. **Run SonarCloud locally**:
+9. **Run SonarCloud locally**:
```bash
# Install SonarScanner
npm install -g sonarqube-scanner
@@ -361,14 +409,16 @@ To run code quality tools locally before committing to GitHub:
-Dsonar.login=$SONAR_TOKEN
```
-4. **Run Codacy locally**:
- ```bash
- # Install Codacy CLI
- npm install -g codacy-coverage
+10. **Run Codacy locally**:
+ ```bash
+ # Install Codacy CLI
+ npm install -g codacy-coverage
- # Run analysis
- codacy-analysis-cli analyze --directory . --project-token $CODACY_PROJECT_TOKEN
- ```
+ # Run analysis
+ codacy-analysis-cli analyze --directory . --project-token $CODACY_PROJECT_TOKEN
+ ```
+
+For more detailed instructions, see the [Code Quality Setup Guide](docs/code-quality-setup.md).
By running these tools locally, you can identify and fix issues before pushing your code to GitHub, ensuring smoother CI/CD workflows.
diff --git a/composer.json b/composer.json
index 6d10e01..1da64ad 100644
--- a/composer.json
+++ b/composer.json
@@ -21,6 +21,7 @@
"wp-coding-standards/wpcs": "^3.0",
"phpcompatibility/phpcompatibility-wp": "^2.1",
"phpstan/phpstan": "^1.10.0",
+ "szepeviktor/phpstan-wordpress": "^1.3",
"phpmd/phpmd": "^2.13.0",
"symfony/dependency-injection": "^5.4",
"symfony/config": "^5.4",
@@ -45,13 +46,13 @@
}
},
"scripts": {
- "phpcs": "phpcs --standard=phpcs.xml",
- "phpcs:simple": "phpcs --standard=phpcs-simple.xml",
- "phpcbf": "phpcbf --standard=phpcs.xml",
- "phpcbf:simple": "phpcbf --standard=phpcs-simple.xml",
- "phpstan": "phpstan analyse --level=5 .",
- "phpmd": "phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist",
- "test": "phpunit",
+ "phpcs": "vendor/bin/phpcs --standard=phpcs.xml",
+ "phpcs:simple": "vendor/bin/phpcs --standard=phpcs-simple.xml",
+ "phpcbf": "vendor/bin/phpcbf --standard=phpcs.xml",
+ "phpcbf:simple": "vendor/bin/phpcbf --standard=phpcs-simple.xml",
+ "phpstan": "vendor/bin/phpstan analyse --level=5 .",
+ "phpmd": "vendor/bin/phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist",
+ "test": "vendor/bin/phpunit",
"lint": ["@phpcs", "@phpstan", "@phpmd"],
"fix": ["@phpcbf"]
}
diff --git a/docs/code-quality-setup.md b/docs/code-quality-setup.md
new file mode 100644
index 0000000..443ed51
--- /dev/null
+++ b/docs/code-quality-setup.md
@@ -0,0 +1,105 @@
+# Code Quality Tools Setup
+
+This document explains how to set up and use the code quality tools for this project.
+
+## Prerequisites
+
+* PHP 7.4 or higher
+* Composer
+
+## Installation
+
+1. Clone the repository:
+ ```bash
+ git clone https://github.com/wpallstars/wp-plugin-starter-template-for-ai-coding.git
+ cd wp-plugin-starter-template-for-ai-coding
+ ```
+
+2. Install dependencies:
+ ```bash
+ composer install
+ ```
+
+## Available Tools
+
+### PHP CodeSniffer (PHPCS)
+
+PHPCS checks your code against the WordPress Coding Standards.
+
+```bash
+# Run PHPCS
+composer phpcs
+
+# Run PHPCS with a simplified ruleset
+composer phpcs:simple
+```
+
+### PHP Code Beautifier and Fixer (PHPCBF)
+
+PHPCBF automatically fixes coding standard violations.
+
+```bash
+# Run PHPCBF to fix coding standard violations
+composer phpcbf
+
+# Run PHPCBF with a simplified ruleset
+composer phpcbf:simple
+```
+
+### PHPStan
+
+PHPStan performs static analysis to find bugs in your code.
+
+```bash
+# Run PHPStan
+composer phpstan
+```
+
+### PHP Mess Detector (PHPMD)
+
+PHPMD detects potential problems in your code.
+
+```bash
+# Run PHPMD
+composer phpmd
+```
+
+### Running All Linters
+
+```bash
+# Run all linters (PHPCS, PHPStan, PHPMD)
+composer lint
+```
+
+### Running All Fixers
+
+```bash
+# Run all fixers (PHPCBF)
+composer fix
+```
+
+## Environment Variables
+
+For SonarCloud and Codacy integration, you need to set up the following environment variables:
+
+### SonarCloud
+
+```bash
+export SONAR_TOKEN=your_sonar_token
+```
+
+### Codacy
+
+```bash
+export CODACY_PROJECT_TOKEN=your_codacy_token
+```
+
+## CI/CD Integration
+
+The project includes GitHub Actions workflows for running these tools automatically on each push and pull request. See the `.github/workflows/code-quality.yml` file for details.
+
+## Customization
+
+* PHPCS rules can be customized in `phpcs.xml`
+* PHPStan configuration is in `phpstan.neon`
+* SonarCloud configuration is in `sonar-project.properties`
diff --git a/phpcs.xml b/phpcs.xml
index a1e6040..de6b598 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -5,61 +5,62 @@
.
- */vendor/*
- */bin/*
- */.github/*
- */tests/*
- libs/
+ */vendor/*
+ */node_modules/*
+ */bin/*
+ */.github/*
+ */tests/*
+ libs/
-
-
-
+
+
+
-
-
+
+
-
-
-
-
+
+
+
+
-
-
+
+
-
+
-
-
+
+
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
+
+
+
+
+
+
-
+
-
-
-
-
-
-
+
+
+
+
+
+
diff --git a/phpstan.neon b/phpstan.neon
index c409828..6e16e2b 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -14,6 +14,11 @@ parameters:
- dist (?)
ignoreErrors:
- '#Function apply_filters invoked with [0-9]+ parameters, 2 required.#'
+ - '#Function [a-zA-Z0-9_]+ not found.#'
+ - '#Call to static method [a-zA-Z0-9_:()]+ on an unknown class [a-zA-Z0-9_]+.#'
+
+includes:
+ - vendor/szepeviktor/phpstan-wordpress/extension.neon
- '#Function do_action invoked with [0-9]+ parameters, 1 required.#'
- '#Function add_action invoked with [0-9]+ parameters, 2 required.#'
- '#Function add_filter invoked with [0-9]+ parameters, 2 required.#'