Hey all,
this weekend (since I’m stuck at home anyway) I’d like to give a go to setting up static analysis on a project, but given that this project is quite big (about 10k classes), I’d like to be able to have the analysis run either on pre-commit or pre-push, but only checking the modified files (even better would be the modified functions only). The project contains a ton of what I would consider legacy code, so I’m sure analyzing all of it would result in literally thousands of errors. For this reason (and of course to limit the time it takes to analyze) I really can’t just let the tool run on the whole project.
In the past I’ve worked with both PHPStan and Psalm, and I’d like to go with Psalm because to be honest I quite dislike PHPStan’s NEON config format, as it caused me a lot of headaches when I used it (I wish it just supported XML or plain PHP for configuration). With that said, if PHPStan supports working with updated files only and Psalm doesn’t, I’ll gladly give it a shot once again.
Does anyone have experience setting up something like this? Is it worth it? Thanks!
Baseline is best tool to capture legacy issues but have them on mute.
https://psalm.dev/docs/running_psalm/dealing_with_code_issues/
That solves quantity aspect of your dilema. It does not solve performance dilema.
I haven’t used Psalm enough to know how it performs on large codebasae.
Is there a tooling that can turn psalm baseline into inline baseline?
(Separate file does serve its purpose, but it also hides suppression statements from developers, and thus opportunities for easy and quick fixes are missed)
Tool that transform that XML into php comments that turn off rules in specific lines of files would be best.
Does anyone know of such a tool?
PHPStan also supports baselining: https://phpstan.org/user-guide/baseline
There’s also SARB, which lets you make a baseline for issues reported by multiple tools, whether or not the tools themselves have baselining features.
Recent versions of psalm work that way, you actually have to explicitly use --no-diff parameter.
would result in literally thousands of errors
Reduce the level till there is hundreds. Fix, increase the level, rinse&repeat 🙂
I had a project with 400-500 errors, took me 2 days for level1. Reason is when you fix one place, more places are affected.
Members
Online