In general, there is a misconception that testing your application is more important than running a code review at every stage of development. This is not true in my opinion. Your application’s code quality is as much important as running functionality tests. This is especially true if your application is big in functionality/code base. Without a proper code review, quality of the code base deteriorates over time and become unmanageable after a couple of years of active development. In this article, we will look into Symfony Insight, an automated tool provided by SensioLabs (creator of Symfony framework) for code quality analysis.
Symfony Insight is a service provided by SensioLabs for code quality analysis. By service means you need to access the tool from SensioLab’s platform as it cannot be downloaded and installed on your development environment. However, you can integrate this service in many ways as part of continues integration or version control system.
In order to use the service, user must be registered. For this, user must first register to Symfony Connect (https://connect.symfony.com) and use this credentials to login to Insight Service (https://insight.symfony.com/). User can either avail a free plan or paid one. Free plan includes only one public code analysis without a full report. Paid plans include private unlimited analyses with a full report and more flexibility depending upon the type of the plan.
Insight service can analyze any PHP project for code quality. In general, it will check for few default coding standards set by SensioLabs, like ”var_dump” or “exit” methods, commented out code, code duplication, PSR standards etc. However, it provides an extensive set of customized options to add control points depending upon the type of your application. For example, you can analyse an application as Symfony project, Durpal project, Silex project and much more. Below is a screenshot of all available options at the time of this writing.
From Insight documentation,
Assigning the correct project type is important as some metrics only run on a subset of project types. For instance, it doesn’t make sense to check for a favicon in a simple PHP library. Likewise, all rules specific to Symfony applications should not run against WordPress plugins. Thus, choosing thoroughly the category fitting the best with your project will remove false positives and improve the analysis accuracy.
At the time of this writing, 112 control points are added to ensure code quality. These 112 control points are divided in to 7 categories and 4 severity levels.
Categories are
Severity Levels are
More information about them can be viewed at https://insight.symfony.com/what-we-analyse
Depending upon the analysis, 5 medals are given to each application, they are listed below:
As an introduction we will do two things. First, we will set up a repository, push a sample PHP file to it with some errors, run it as a PHP library and analyze the result. Then we will push a sample symfony project to the repository and run it as a Symfony project and see how the result varies from the first step.
1. The repository
Our repository is hosted in GitLab. For now, we will only upload a sample file with few errors into our GitLab repo and configure this repo in insight. Below screenshot shows the repository set up for the analysis.
2. Symfony Insight Configuration
We will be using a paid individual plan to run our analysis in order to get an unlimited number of analysis and a full report. Individual plan we are using allows only up to 5 projects, but for our purpose, that is enough.
Step 1 – Add a new project
For our current analysis, we need to set up a new project. This can be done from our dashboard. We can do this by clicking the “Add project” button as shown in the screenshot.
Step 2 – Select the location of project
Once the “Add project” button is clicked, we will see a page where we need to set up the repository or location of the source code. This page will contain allowed possible solutions we can use.
In our case, we use GitLab, so select GitLab from the options which will lead to the next page with some more details as shown below:
Git repository URL – This is the SSH URL of your repository. Since we use GitLab, this is a git repository URL.
Project Type – Available project types as we mentioned earlier. For now we choose PHP library
Public SSH key – This key can be used to configure Symfony Insight service to read the repository in case it is private. You can configure this by two steps.
First, you need to generate a public key for your Symfony Insight service. This can be done by visiting the ssh section of your Symfony Connect Account (https://connect.symfony.com/#!ssh). There is a section with heading „Manage your private SSH key“. Under this, you can generate a private ssh key and symfony connect will display a public key for this private key as shown in the screenshot below:
Second, use this public key as a deploy key in your repository so that insight service can read your depository. Interface may vary depending on the git clients. It will look something similar as shown below:
Once all necessary fields are filled, the “Analyze” button will save the information and start first analysis of our repository code base.
Since we have clicked „Analyze“ button in last step, the process is already running and we will see first report of our sample repository with one file as below
Here, you can see that our sample index file have 3 minor issues and 3 info. Issues are categorized under the rule in which they belong. For example, the rule “Unused method, property or parameter” have 3 issues. Clicking on any rule will show all issues under it along with the file name, which line caused the problem, how to fix it along with a rough estimation of time needed, all in a nicely styled manner. Also the report gives us what current medal is (Silver, since no major issues) and how many hours it would take to get a platinum medal.
Now we will add a sample Symfony project to our repository and run the analysis as a “Symfony project” instead of “PHP library”. Below is the result of our second analysis.
Here you can clearly see that many more rules are checked and added, some are more symfony specific, like “Symfony applications should not throw AccessDeniedHttpException”. Now we know how type of the project influences the final result of analysis.
From our experience with the above analyses, you might already get a clear idea how powerful Symfony Insight service is. In addition to run manual analyses, we can set up automatic scheduled analyses and run analysis as part of git commit or pull requests. We can also use some continuous integration tools like CircleCI so that a commit or pull request get analysed before they get merged to the main branch enforcing the code quality. We will look in to that topic on our next post.
Read more
Symfony Insight Documentation – https://insight.symfony.com/docs/getting-started/introduction-to-insight.html
Du musst angemeldet sein, um einen Kommentar abzugeben.
