Integrate phpstan into Bitbucket pipeline

by Meike Müller
Tipps & Tricks
With this short article we would like to give you some helpful tips in the area of web development. If you have any questions or need more information about custom & responsive web development, feel free to contact us. We are here to help you with all your challenges and now our tip regarding PHP Code Analyzer:

A static code analyzer helps to detect many issues before they kill your application.

We use phpstan for our PHP projects and manage to integrate it into the pipeline so that a push is only deployed if the analysis is successful.

For this to work you first have to configure phpstan for your PHP application. We assume that you use composer, so you can easily add it as a dev-dependency:

composer require --dev phpstan/phpstan

Then you have to create a config to exclude at least the vendor files. For this you create a phpstan.neon in your root directory and fill it e.g. with this:

- *vendor/*

You can now test if your code is clean by calling the following command from your root directory (assuming your vendor folder is there).

vendor/bin/phpstan analysis -l 0 -c .\phpstan.neon . --memory-limit=1G

Let's have a quick look at the parameters:

-l 0
This sets the strictness level, i.e. how strict the ruleset is that phpstan checks for. 0 is "least strict".
-c .\phpstan.neon
With this flag you tell phpstan where the config is located.
In which folder should phpstan start?

As your codebase gets bigger you may need to allocate more memory to phpstan, you can do that via this flag.

If all this works we can start with the bitbucket pipeline:

Just create a bitbucket-pipelines.yml file in your root folder and fill it with the following content:

image: php:7.2-cli

dev: // On which branch should the pipeline run?
- step: // The first step is to call phpstan
name: Run PHP analyzer        
caches: // This is a standard cache from Bitbucket that will cache your composer modules.
- composer // Then you don't need to reload them on every pipeline run.
- apt-get update -yqq
- apt-get install -y wget git zip unzip // we need git and unzip for the composer installs
- docker-php-ext-install pdo_mysql // If you use MySQL you probably need this php extension too,
// otherwise phpstan won't find the MySQL constants etc.
- curl -sS | php -- --install-dir=/usr/local/bin --filename=composer
                                            // Composer itself has to be installed, too, of course.
- cd ./application/ // Depending on the framework ... in our case ZF3
- composer install // Install dependencies once 
- vendor/bin/phpstan analyze -l 0 -c phpstan.neon . --memory-limit=1G
// Last but not least the crucial call
- step:
... // This is where your deployment would come to the DEV / TEST / whatever environment

So if phpstan has something to complain about it will return a non-zero exit code and Bitbucket will abort the pipeline.

The person who did the bad push even gets a mail and is allowed to fix his errors quickly before anyone notices.

You can test the whole thing by pushing syntactically wrong code on the branch for which you have configured the pipeline and go to the pipelines overview in Bitbucket.

From there you can access the individual pipeline jobs and see the log by clicking on a single job.

Beispiel Pipeline

Need more web development help for your business? Our web developers are happy to assist you and answer your questions - just contact us at!

Was ist dein Projekt? Wenn du uns darüber erzählen möchtest, rufen wir dich zurück!

from 09.12.2019

Hello, my name is Meike. I take care of the EXWE back office and am responsible for our social media channels. All of our articles are meant to make your life easier and help you make decisions. Nevertheless, it can happen that something remains unclear, so: If you have questions about this article you can easily reach me at +49 231 93149827.

Du möchtest immer am Zenit der Technik bleiben? Keine News und Blogbeiträge mehr verpassen.
We also have the following interesting posts from our tech blog for you on this topic
What does Google PageSpeed really say?

Why Google PageSpeed is often misinterpreted, what really helps you optimize your load time and guarantee the optimal user experience.

How can I find the best software service provider for us?

You need support in the area of software development and are looking for the right software service provider? Find the most important criteria here.

Why your business needs a landing page

Everything you need to know for your landing page and how you can use it to target customers and direct them to your website
+49 231 93149827