Integrate phpstan into Bitbucket Pipeline

by Meike Müller
Tipps & Tricks
With this short article we would like to give you helpful tips in the field of web development. If you have any further questions or need more information about individual & responsive web development, please feel free to contact us. We are at your side for all challenges and now our tip regarding the PHP code analyzer:

A static code analyzer helps to detect many issues before they take down your application.

We use phpstan for our PHP projects and manage to integrate it into the pipeline so that a push is only deployed if the analysis is successful.

For this to work, you must first configure phpstan itself for your PHP application. We assume that you are using composer, so you can simply add it as a dev-dependency:

composer require --dev phpstan/phpstan

Then you have to create a config to at least exclude the vendor files. To do this, create a phpstan.neon in your root directory and fill it with e.g. this:

- *vendor/*

You can now test whether your code is clean by calling the following command from your root directory (assuming your vendor folder is also located there).

vendor/bin/phpstan analyze -l 0 -c .\phpstan.neon . --memory-limit=1G

Briefly about the individual parameters:

-l 0
This sets the strictness level, i.e. how strict the rule set is after phpstan checks. 0 is "least strict".
-c .\phpstan.neon
This flag tells phpstan where the config is located.
In which folder should phpstan start?

If your codebase gets bigger you may need to give phpstan more memory, you can do this with this flag.

If all this works, we can start with the bitbucket pipeline:

Simply create a bitbucket-pipelines.yml file in your root folder and fill it with the following content:

image: php:7.2-cli

dev: // On which branch should the pipeline run?
- step: // The first step is to call phpstan
name: Run PHP analyzer        
caches: // This is a standard Bitbucket cache that caches your composer modules
- composer // You don't have to reload them every time you run the pipeline
- apt-get update -yqq
- apt-get install -y wget git zip unzip // We need git and unzip for the composer installs
- docker-php-ext-install pdo_mysql // If you use MySQL you probably also need this php extension,
// otherwise phpstan will not find the MySQL constants etc.
- curl -sS | php -- --install-dir=/usr/local/bin --filename=composer
                                            // Composer itself must of course also be installed.
- cd ./application/ // Depending on the framework ... in our case ZF3
- composer install // Install dependencies once 
- vendor/bin/phpstan analyze -l 0 -c phpstan.neon . --memory-limit=1G
// Last but not least, the decisive call
- step:
... // This is where your deployment to the DEV / TEST / whatever environment would come in

So if phpstan has something to complain about, it will return a non-zero exit code and Bitbucket will abort the pipeline.

The person who made the bad push even gets an email and can quickly fix his mistakes before anyone notices.

You can test the whole thing by simply pushing syntactically incorrect code to the branch for which you have configured the pipeline and going to the pipelines overview in Bitbucket.

From there you can access the individual pipeline jobs and see the log by clicking on an individual job.

Beispiel Pipeline

Do you need further help with web development for your company? Our web developers will be happy to assist you and answer your questions - feel free to contact us!

Was ist dein Projekt? Wenn du uns darüber erzählen möchtest, rufen wir dich zurück!

from 09.12.2019

Hello, my name is Meike. I take care of the EXWE back office and am responsible for our social media channels. All of our articles are meant to make your life easier and help you make decisions. Nevertheless, it can happen that something remains unclear, so: If you have questions about this article you can easily reach me at +49 231 93149827.

Du möchtest immer am Zenit der Technik bleiben? Keine News und Blogbeiträge mehr verpassen.
We also have the following interesting posts from our tech blog for you on this topic
Online store hosting - the ten most frequently asked questions

Everything you need to know about online store hosting - provider, costs, own server? We have the answer!

What does Google PageSpeed really say?

Why Google PageSpeed is often misinterpreted, what really helps you to optimize your loading time and guarantee the best user experience.

Optimize conversion rate: Targeted increase with design

Boost the performance of your online store with a higher conversion rate! Use our tips and tricks on UX and usability design to do this