MokoConsulting/MokoCLI
Public Access
1
0
Fork 0
Code Issues 1 Pull Requests Releases 8 Wiki Activity
Files
8abc30835cd310e87fb8da2d6ac09c4443fa15d4
MokoCLI/docs/workflows/static-analysis.md
T
Jonathan Miller 38c2536c7b feat: add PHPStan, Gitleaks, and Renovate — templates, workflows, and docs [skip ci] 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-07 14:56:02 -05:00

73 lines
2.1 KiB
Markdown
Raw Blame History

<!--
Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
SPDX-License-Identifier: GPL-3.0-or-later
# FILE INFORMATION
DEFGROUP: MokoStandards.Documentation
INGROUP: MokoStandards.Workflows
REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards-API
PATH: /docs/workflows/static-analysis.md
VERSION: 01.00.00
BRIEF: Documentation for PHPStan static analysis in CI
-->
[![MokoStandards](https://img.shields.io/badge/MokoStandards-04.06.00-orange)](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)
# PHPStan Static Analysis
**Status**: ✅ Active | **Version**: 01.00.00 | **Last Updated**: 2026-05-07
## Overview
PHPStan static analysis is integrated into the **Joomla Extension CI** workflow as the `static-analysis` job. It runs after lint-and-validate passes and catches type errors, undefined methods, incorrect return types, and other bugs that PHP lint misses.
## Configuration
### Default Behavior (No Config File)
If no `phpstan.neon` exists in the repo, PHPStan runs at **level 3** (type inference) against `src/`, `htdocs/`, or `lib/`.
### Custom Config
Create `phpstan.neon` in the repo root:
```neon
parameters:
level: 5
paths:
- src
excludePaths:
- src/vendor
ignoreErrors:
- '#Call to an undefined method#'
```
### Analysis Levels
| Level | What It Checks |
|-------|---------------|
| 0 | Basic checks (unknown classes, functions, methods) |
| 1 | Possibly undefined variables |
| 2 | Unknown methods on `$this` |
| **3** | **Default — return types, type inference** |
| 4 | Dead code, always true/false |
| 5 | Argument types |
| 6-9 | Increasingly strict |
## Behavior
- **Non-blocking**: Uses `continue-on-error: true` — failures are reported but don't block PRs
- **Incremental adoption**: Start at level 3, increase as codebase improves
- **Auto-install**: PHPStan is installed if not in composer dependencies
## Related Documentation
- [Joomla Extension CI](./ci-joomla.md)
- [Security Audit](./security-audit.md)
## Changelog
| Version | Date | Changes |
|---------|------|---------|
| 01.00.00 | 2026-05-07 | Initial release — level 3 default, non-blocking |
Reference in New Issue View Git Blame Copy Permalink