Docker image providing static analysis tools for PHP.
The list of available tools and the installer are actually managed in the jakzal/toolbox
repository.
Docker hub repository: https://hub.docker.com/r/jakzal/phpqa/
Nightly builds: https://hub.docker.com/r/jakzal/phpqa-nightly/
latest
,debian
(debian/Dockerfile)1.60.7
,1.60
,1.60.7-debian
,1.60-debian
(debian/Dockerfile)1.60.7-php7.3
,1.60-php7.3
,php7.3-debian
,php7.3
(debian/Dockerfile)1.60.7-php7.4
,1.60-php7.4
,php7.4-debian
,php7.4
(debian/Dockerfile)1.60.7-php8.0
,1.60-php8.0
,php8.0-debian
,php8.0
(debian/Dockerfile)
alpine
(alpine/Dockerfile)1.60.7-alpine
,1.60-alpine
, (alpine/Dockerfile)1.60.7-php7.3-alpine
,1.60-php7.3-alpine
,php7.3-alpine
(alpine/Dockerfile)1.60.7-php7.4-alpine
,1.60-php7.4-alpine
,php7.4-alpine
(alpine/Dockerfile)1.60.7-php8.0-alpine
,1.60-php8.0-alpine
,php8.0-alpine
(alpine/Dockerfile)
These are the latest tags for PHP versions that are no longer supported:
1.44.0-php7.2
,1.44-php7.2
,php7.2
(7.2/debian/Dockerfile)1.44.0-php7.2-alpine
,1.44-php7.2-alpine
,php7.2-alpine
(7.2/alpine/Dockerfile)1.26.0-php7.1
,1.26-php7.1
,php7.1
(7.1/debian/Dockerfile)1.26.0-php7.1-alpine
,1.26-php7.1-alpine
,php7.1-alpine
(7.1/alpine/Dockerfile)
Some tools are not included in the docker image, to use them refer to their documentation:
- exakat - a real time PHP static analyser
Name | Summary |
---|---|
composer-normalize | Composer plugin to normalize composer.json files |
design-pattern | Detects design patterns |
phpcf | Finds usage of deprecated features |
phpstan-localheinz-rules | Additional rules for PHPstan |
security-checker | Checks composer dependencies for known security vulnerabilities |
testability | Analyses and reports testability issues of a php codebase |
Pull the image:
docker pull jakzal/phpqa
The default command will list available tools:
docker run -it --rm jakzal/phpqa
To run the selected tool inside the container, you'll need to mount
the project directory on the container with -v "$(pwd):/project"
.
Some tools like to write to the /tmp
directory (like PHPStan, or Behat in some cases), therefore it's often useful
to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp"
.
If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the
--init
option. Please refer to the docker run documentation for more information.
docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa phpstan analyse src
You might want to tweak this command to your needs and create an alias for convenience:
alias phpqa='docker run --init -it --rm -v "$(pwd):/project" -v "$(pwd)/tmp-phpqa:/tmp" -w /project jakzal/phpqa:alpine'
Add it to your ~/.bashrc
so it's defined every time you start a new terminal session.
Now the command becomes a lot simpler:
phpqa phpstan analyse src
The image can be used with GitHub actions. Below is an example for several static analysis tools.
# .github/workflows/static-code-analysis.yml
name: Static code analysis
on: [pull_request]
jobs:
static-code-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: PHPStan
uses: docker://jakzal/phpqa:php8.0-alpine
with:
args: phpstan analyze src/ -l 1
- name: PHP-CS-Fixer
uses: docker://jakzal/phpqa:php8.0-alpine
with:
args: php-cs-fixer --dry-run --allow-risky=yes --no-interaction --ansi fix
- name: Deptrac
uses: docker://jakzal/phpqa:php8.0-alpine
with:
args: deptrac --no-interaction --ansi --formatter-graphviz-display=0
Here is an example configuration of a bitbucket pipeline using the phpqa image:
# bitbucket-pipelines.yml
image: jakzal/phpqa:php8.0-alpine
pipelines:
default:
- step:
name: Static analysis
caches:
- composer
script:
- composer install --no-scripts --no-progress
- phpstan analyze src/ -l 1
- php-cs-fixer --dry-run --allow-risky=yes --no-interaction --ansi fix
- deptrac --no-interaction --ansi --formatter-graphviz-display=0
Unfortunately, bitbucket overrides the docker entrypoint so composer needs to be explicitly invoked as in the above example.
A template repository for agnostic PHP libraries. It utilizes the PHPQA image into a Makefile
and configures some
tools by default.
A template repository for Docker based Symfony applications. It utilizes the PHPQA image into
a Dockerfile
and integrates in the composed landscape.
git clone https://github.com/jakzal/phpqa.git
cd phpqa
make build-debian
To build the alpine version:
make build-alpine
It's often needed to customise the image with project specific extensions.
To achieve that simply create a new image based on jakzal/phpqa
:
FROM jakzal/phpqa:alpine
RUN apk add --no-cache libxml2-dev \
&& docker-php-ext-install soap
Next, build it:
docker build -t foo/phpqa .
Finally, use your customised image instead of the default one:
docker run --init -it --rm -v "$(pwd):/project" -w /project foo/phpqa phpmetrics .
A number of PHPStan extensions is available on the image in /tools/.composer/vendor-bin/phpstan/vendor
out of the box.
You can find them with the command below:
phpqa find /tools/.composer/vendor-bin/phpstan/vendor/ -iname 'rules.neon' -or -iname 'extension.neon'
Use the composer-bin-plugin to install any additional PHPStan extensions in the phpstan
namespace:
FROM jakzal/phpqa:alpine
RUN composer global bin phpstan require phpstan/phpstan-phpunit
You'll be able to include them in your PHPStan configuration from the /tools/.composer/vendor-bin/phpstan/vendor
path:
includes:
- /tools/.composer/vendor-bin/phpstan/vendor/phpstan/phpstan-phpunit/extension.neon
The pcov code coverage extension, as well as the php-dbg debugger, are provided on the image out of the box.
pcov is disabled by default so it doesn't affect performance when it's not needed,
and doesn't break interoperability with other coverage extensions.
It can be enabled by setting pcov.enabled=1
:
phpqa php -d pcov.enabled=1 ./vendor/bin/phpunit --coverage-text
Infection users will need to define initial php options:
phpqa /tools/infection run --initial-tests-php-options='-dpcov.enabled=1'
Please read the Contributing guide to learn about contributing to this project. Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.