Quality of code plays an important role in application’s security, stability, and maintainability. There are different tools available to test the code quality and ensure that it is set to a high standard. Static analysis is one of the methods to check code quality without running the actual application and before it goes into production. Static code analysis helps us educate developers to produce high-quality code.
Benefits of static code analysis tools:
- Identify issues during the development phase
- Find weaknesses in the code
- Detect code that needs to be refactored
- Check code syntax
- Achieve quality goals
- Identifying vulnerabilities
- Suggest how to improve performance
I used below tools to analyze the code written with Magento 2 and used ‘Phing’ build tool to automate this process.
Phing is a PHP project build system or build tool based on Apache Ant. It uses simple XML to define targets to execute.
Ref Link: https://www.phing.info/
PHPLoc is a tool for quickly measuring the size and analyzing the structure of a PHP project.
Ref Link: https://github.com/sebastianbergmann/phploc
PHPLint is a tool that can speed up the lint process of PHP files by running several lint processes at once.
PHPCS (Magento Coding standards)
Magento 2 EQP Coding Standard is a set of rules and sniffs for PHP_CodeSniffer tool.
Ref Link: https://github.com/magento/marketplace-eqp
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well-known Java tool PMD.
Ref Link: https://phpmd.org/
PHPCPD is a Copy/Paste Detector (CPD) for PHP code.
Ref Link: https://github.com/sebastianbergmann/phpcpd
PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks.
Ref Link: https://phpunit.de/
phpDox is a documentation generator for PHP projects. This includes, but is not limited to, an API documentation. The main focus is on enriching the generated documentation with additional details like code coverage, complexity information and more.
Ref Link: http://phpdox.de/
I used Ubuntu 16.04 to execute static code analysis. Please make sure that all the above tools are installed. You can download the PHAR file and keep under /usr/local/bin directory.
Follow below steps to install PHP tools:
$ wget https://phar.phpunit.de/phpcpd.phar
$ chmod +x phpcpd.phar
$ mv phpcpd.phar /usr/local/bin/phpcpd
For PHPCS you can download complete package from https://github.com/magento/marketplace-eqp and extract into /opt folder.
Now write the build.xml with targets run using phing command and generate different code analysis reports. You can download the sample <<build.xml>> file using and <<phpdox.xml>> and copy into your Magento root folder.
PHP DocBlock (API Documentation):