Add PHPStan and PHP Mess Detector for improved code quality

2025-04-21 04:58:51 +01:00
parent aa62142e4c
commit 78bd0708d3
5 changed files with 83 additions and 14 deletions
--- a/.ai-workflows/code-review.md
+++ b/.ai-workflows/code-review.md
@@ -85,13 +85,21 @@ This project uses several automated code review tools to maintain high code qual
 * **Benefits**: Provides a grade for your codebase, identifies issues, and tracks code quality over time
 * **Usage**: Codacy automatically analyzes your codebase and provides feedback on pull requests

-### 4. SonarCloud
+### 4. PHPStan

-[SonarCloud](https://sonarcloud.io/) is a cloud-based code quality and security service that performs static code analysis to detect bugs, vulnerabilities, and code smells.
+[PHPStan](https://phpstan.org/) is a static analysis tool that finds errors in your code without running it.

-* **Integration**: Add the SonarCloud GitHub App to your repository
-* **Benefits**: Provides detailed analysis of code quality, security vulnerabilities, and technical debt
-* **Usage**: SonarCloud automatically analyzes your codebase and provides feedback on pull requests
+* **Integration**: Included in the project's composer.json and GitHub Actions workflow
+* **Benefits**: Detects undefined variables, methods, and properties; type-related issues; and logical errors
+* **Usage**: Run `composer phpstan` or `npm run lint:phpstan` locally, or let GitHub Actions run it automatically
+
+### 5. PHP Mess Detector
+
+[PHP Mess Detector](https://phpmd.org/) is a tool that looks for potential problems in your code such as possible bugs, suboptimal code, overcomplicated expressions, and unused parameters, variables, and methods.
+
+* **Integration**: Included in the project's composer.json and GitHub Actions workflow
+* **Benefits**: Identifies code smells, complexity issues, unused code, naming problems, and more
+* **Usage**: Run `composer phpmd` or `npm run lint:phpmd` locally, or let GitHub Actions run it automatically

 ### Using AI Assistants with Code Review Tools

--- a/.github/workflows/code-quality.yml
+++ b/.github/workflows/code-quality.yml
@@ -1,4 +1,4 @@
-name: Code Quality - Run automated code quality checks
+name: Code Quality

 on:
  push:
@@ -36,8 +36,44 @@ jobs:
          composer run phpcbf -- --dry-run
        continue-on-error: true

-  # SonarCloud job temporarily removed due to Java version compatibility issues
-  # Will be re-added in a future PR with proper configuration
+  phpstan:
+    name: PHPStan Static Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4

-  # Codacy job temporarily removed due to GitHub Actions compatibility issues
-  # Will be re-added in a future PR with proper configuration
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '7.4'
+          extensions: mbstring, intl, zip
+          tools: composer:v2, phpstan
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress
+
+      - name: Run PHPStan
+        run: phpstan analyse --level=5 .
+        continue-on-error: true
+
+  phpmd:
+    name: PHP Mess Detector
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '7.4'
+          extensions: mbstring, intl, zip
+          tools: composer:v2, phpmd
+
+      - name: Install dependencies
+        run: composer install --prefer-dist --no-progress
+
+      - name: Run PHPMD
+        run: phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist
+        continue-on-error: true
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,9 @@
        "10up/wp_mock": "^1.0",
        "dealerdirect/phpcodesniffer-composer-installer": "^1.0",
        "wp-coding-standards/wpcs": "^3.0",
-        "phpcompatibility/phpcompatibility-wp": "^2.1"
+        "phpcompatibility/phpcompatibility-wp": "^2.1",
+        "phpstan/phpstan": "^1.10",
+        "phpmd/phpmd": "^2.13"
    },
    "autoload": {
        "psr-4": {
@@ -41,8 +43,10 @@
        "phpcs:simple": "phpcs --standard=phpcs-simple.xml",
        "phpcbf": "phpcbf --standard=phpcs.xml",
        "phpcbf:simple": "phpcbf --standard=phpcs-simple.xml",
+        "phpstan": "phpstan analyse --level=5 .",
+        "phpmd": "phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist",
        "test": "phpunit",
-        "lint": ["@phpcs"],
+        "lint": ["@phpcs", "@phpstan", "@phpmd"],
        "fix": ["@phpcbf"]
    }
 }
--- a/package.json
+++ b/package.json
@@ -13,11 +13,13 @@
    "build": "./build.sh",
    "lint:php": "composer run-script phpcs",
    "lint:php:simple": "composer run-script phpcs:simple",
+    "lint:phpstan": "composer run-script phpstan",
+    "lint:phpmd": "composer run-script phpmd",
    "fix:php": "composer run-script phpcbf",
    "fix:php:simple": "composer run-script phpcbf:simple",
    "test:php": "composer run-script test",
-    "lint": "npm run lint:php",
-    "fix": "npm run fix:php",
+    "lint": "composer run-script lint",
+    "fix": "composer run-script fix",
    "quality": "npm run lint && npm run test:php"
  },
  "repository": {
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -0,0 +1,19 @@
+parameters:
+    level: 5
+    paths:
+        - includes
+        - admin
+        - wp-plugin-starter-template.php
+    excludePaths:
+        - vendor
+        - node_modules
+        - tests
+        - bin
+        - build
+        - dist
+    ignoreErrors:
+        - '#Function apply_filters invoked with [0-9]+ parameters, 2 required.#'
+        - '#Function do_action invoked with [0-9]+ parameters, 1 required.#'
+        - '#Function add_action invoked with [0-9]+ parameters, 2 required.#'
+        - '#Function add_filter invoked with [0-9]+ parameters, 2 required.#'
+    reportUnmatchedIgnoredErrors: false