diff --git a/.ai-workflows/code-review.md b/.ai-workflows/code-review.md index fcd2944..7aa0567 100644 --- a/.ai-workflows/code-review.md +++ b/.ai-workflows/code-review.md @@ -85,13 +85,21 @@ This project uses several automated code review tools to maintain high code qual * **Benefits**: Provides a grade for your codebase, identifies issues, and tracks code quality over time * **Usage**: Codacy automatically analyzes your codebase and provides feedback on pull requests -### 4. SonarCloud +### 4. PHPStan -[SonarCloud](https://sonarcloud.io/) is a cloud-based code quality and security service that performs static code analysis to detect bugs, vulnerabilities, and code smells. +[PHPStan](https://phpstan.org/) is a static analysis tool that finds errors in your code without running it. -* **Integration**: Add the SonarCloud GitHub App to your repository -* **Benefits**: Provides detailed analysis of code quality, security vulnerabilities, and technical debt -* **Usage**: SonarCloud automatically analyzes your codebase and provides feedback on pull requests +* **Integration**: Included in the project's composer.json and GitHub Actions workflow +* **Benefits**: Detects undefined variables, methods, and properties; type-related issues; and logical errors +* **Usage**: Run `composer phpstan` or `npm run lint:phpstan` locally, or let GitHub Actions run it automatically + +### 5. PHP Mess Detector + +[PHP Mess Detector](https://phpmd.org/) is a tool that looks for potential problems in your code such as possible bugs, suboptimal code, overcomplicated expressions, and unused parameters, variables, and methods. + +* **Integration**: Included in the project's composer.json and GitHub Actions workflow +* **Benefits**: Identifies code smells, complexity issues, unused code, naming problems, and more +* **Usage**: Run `composer phpmd` or `npm run lint:phpmd` locally, or let GitHub Actions run it automatically ### Using AI Assistants with Code Review Tools diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index dca0404..fe939b9 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -1,4 +1,4 @@ -name: Code Quality - Run automated code quality checks +name: Code Quality on: push: @@ -36,8 +36,44 @@ jobs: composer run phpcbf -- --dry-run continue-on-error: true - # SonarCloud job temporarily removed due to Java version compatibility issues - # Will be re-added in a future PR with proper configuration + phpstan: + name: PHPStan Static Analysis + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 - # Codacy job temporarily removed due to GitHub Actions compatibility issues - # Will be re-added in a future PR with proper configuration + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '7.4' + extensions: mbstring, intl, zip + tools: composer:v2, phpstan + + - name: Install dependencies + run: composer install --prefer-dist --no-progress + + - name: Run PHPStan + run: phpstan analyse --level=5 . + continue-on-error: true + + phpmd: + name: PHP Mess Detector + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '7.4' + extensions: mbstring, intl, zip + tools: composer:v2, phpmd + + - name: Install dependencies + run: composer install --prefer-dist --no-progress + + - name: Run PHPMD + run: phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist + continue-on-error: true diff --git a/composer.json b/composer.json index 8abd88a..ff632de 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,9 @@ "10up/wp_mock": "^1.0", "dealerdirect/phpcodesniffer-composer-installer": "^1.0", "wp-coding-standards/wpcs": "^3.0", - "phpcompatibility/phpcompatibility-wp": "^2.1" + "phpcompatibility/phpcompatibility-wp": "^2.1", + "phpstan/phpstan": "^1.10", + "phpmd/phpmd": "^2.13" }, "autoload": { "psr-4": { @@ -41,8 +43,10 @@ "phpcs:simple": "phpcs --standard=phpcs-simple.xml", "phpcbf": "phpcbf --standard=phpcs.xml", "phpcbf:simple": "phpcbf --standard=phpcs-simple.xml", + "phpstan": "phpstan analyse --level=5 .", + "phpmd": "phpmd . text cleancode,codesize,controversial,design,naming,unusedcode --exclude vendor,node_modules,tests,bin,build,dist", "test": "phpunit", - "lint": ["@phpcs"], + "lint": ["@phpcs", "@phpstan", "@phpmd"], "fix": ["@phpcbf"] } } diff --git a/package.json b/package.json index c02bd37..b82dc0e 100644 --- a/package.json +++ b/package.json @@ -13,11 +13,13 @@ "build": "./build.sh", "lint:php": "composer run-script phpcs", "lint:php:simple": "composer run-script phpcs:simple", + "lint:phpstan": "composer run-script phpstan", + "lint:phpmd": "composer run-script phpmd", "fix:php": "composer run-script phpcbf", "fix:php:simple": "composer run-script phpcbf:simple", "test:php": "composer run-script test", - "lint": "npm run lint:php", - "fix": "npm run fix:php", + "lint": "composer run-script lint", + "fix": "composer run-script fix", "quality": "npm run lint && npm run test:php" }, "repository": { diff --git a/phpstan.neon b/phpstan.neon new file mode 100644 index 0000000..d230cbf --- /dev/null +++ b/phpstan.neon @@ -0,0 +1,19 @@ +parameters: + level: 5 + paths: + - includes + - admin + - wp-plugin-starter-template.php + excludePaths: + - vendor + - node_modules + - tests + - bin + - build + - dist + ignoreErrors: + - '#Function apply_filters invoked with [0-9]+ parameters, 2 required.#' + - '#Function do_action invoked with [0-9]+ parameters, 1 required.#' + - '#Function add_action invoked with [0-9]+ parameters, 2 required.#' + - '#Function add_filter invoked with [0-9]+ parameters, 2 required.#' + reportUnmatchedIgnoredErrors: false