Skip to content
/ sarb Public
forked from DaveLiddament/sarb

Static Analysis Results Baseliner

License

MIT license
0 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

XonneX/sarb

BranchesTags
 
 

Repository files navigation

Static Analysis Results Baseliner (SARB)

Minimum PHP version: 7.3.0 Latest Stable Version License Total Downloads

Continuous Integration Scrutinizer Code Quality Type coverage Code Coverage Infection MSI

This is still in beta.

Why SARB?

If you've tried to introduce advanced static analysis tools (e.g. Psalm, PHPStan) to legacy projects the tools have probably reported thousands of problems. It's unrealistic to fix all but the most critical ones before continuing development.

SARB is used to create a baseline of these results. As work on the project progresses SARB can takes the latest static analysis results, removes those issues in the baseline and report the issues raised since the baseline. SARB does this, in conjunction with git, by tracking lines of code between commits. Currently SARB only supports git but it is possible to add support for other SCMs.

SARB is written in PHP, however it can be used to baseline results for any language and any static analysis tool.

Why not SARB?

SARB should not be used on greenfield projects. If you're lucky enough to work on a greenfield project make sure you fix all problems raised by static analysis as you go along.

Requirements

Currently SARB only supports projects that use git.

SARB requires PHP >= 7.3 to run. The project being analysed does not need to run PHP 7.3 or even be a PHP project at all.

Installing

You can either add directly to the project you wish to run analysis on:

composer require --dev dave-liddament/sarb

Or you can install SARB globally (e.g. if you want to use it on a non PHP project):

composer global require dave-liddament/sarb

If you install globally make sure the composer bin directory is in your path.

Using SARB

If you're using version 0.x see the old documentation and how to upgrade.

1. Make sure the current git commit is the one to be used in the baseline

When creating the baseline, SARB needs to know the git commit SHA of the baseline. Make sure your code is in the state you want it to be in for the baseline and that the current commit represents that state.

2. Create the baseline

Run the static analyser of choice and pipe the results into SARB:

E.g. using Psalm's JSON output:

vendor/bin/psalm --output-format=json | vendor/bin/sarb create --input-format="psalm-json" psalm.baseline

This creates a baseline file called psalm.baseline. You'll want to check this in to your repository.

3. Update code and then use SARB to remove baseline results

Continue coding. Then rerun static analyser and pipe results into SARB:

vendor/bin/psalm --output-format=json | vendor/bin/sarb remove psalm.baseline

Running SARB from a global installation

If you are running SARB from a global installation you will need to specify the root of the project (where the .git directory lives). The above would become:

psalm --output-format=json | sarb create --project-root=/path/to/project/root --input-format="psalm-json" psalm.baseline

Supported tools

To see a list of supported tools and formats use:

vendor/bin/sarb list-static-analysis-tools

How to create and remove baseline for each supported tool:

PHP CodeSniffer

vendor/bin/phpcs src --report=json | vendor/bin/sarb create --input-format="phpcodesniffer-json" phpcs.baseline
vendor/bin/phpcs src --report=json | vendor/bin/sarb remove phpcs.baseline

Phan

vendor/bin/phan -m json | vendor/bin/sarb create --input-format="phan-json" phan.baseline
vendor/bin/phan -m json | vendor/bin/sarb remove phan.baseline

Exakat

php exakat.phar report -p <project> -format sarb | vendor/bin/sarb create --input-format="exakat-sarb" exakat.baseline
php exakat.phar report -p <project> -format sarb | vendor/bin/sarb remove phan.baseline

PHPMD

vendor/bin/phpmd src json <ruleset> | vendor/bin/sarb create --input-format="phpmd-json" phpmd.baseline
vendor/bin/phpmd src json <ruleset> | vendor/bin/sarb remove phpmd.baseline

Psalm

vendor/bin/psalm --output-format=json | vendor/bin/sarb create --input-format="psalm-json" psalm.baseline
vendor/bin/psalm --output-format=json | vendor/bin/sarb remove psalm.baseline

NOTE: Checkout Psalm's built in baseline feature. Learn how it differs from SARB.

PHPStan

vendor/bin/phpstan analyse --error-format=json | vendor/bin/sarb create --input-format="phpstan-json" phpstan.baseline
vendor/bin/phpstan analyse --error-format=json | vendor/bin/sarb remove phpstan.baseline

NOTE: Checkout PHPStan's built in baseline feature. Learn how it differs from SARB.

My tool isn't supported...

That's no problem there are 3 methods to integrate a static analysis tool with SARB.

Output formats

The format for showing issues after the baseline is removed can be specified using --output-format option. Possible values are: table, text, json or github (for Github actions).

SARB with Github Actions

If you're using actions/checkout@v2 to checkout your code you'll need to add set fetch-depth to 0. By default checkout only gets that latest state of the code and none of the history. SARB uses git, which needs the full git history, to track file changes since the baseline. To get the full history checked out use this:

- uses: actions/checkout@v2
  with:
    fetch-depth: 0

Also don't forget to use the SARB option --output-format=github. It will annotate your PR with any issues that have been added since the baseline.

Further Reading

Authors

About

Static Analysis Results Baseliner

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

14 tags

Packages

No packages published

Languages

  • PHP 100.0%