Symfony Insight – An introduction to code quality assurance

Erstellt von Sooraj L V am 04. Mrz. 2019

Introduction

In general, there is a misconception that testing your application is more important than running a code review at every stage of development. This is not true in my opinion. Your application’s code quality is as much important as running functionality tests. This is especially true if your application is big in functionality/code base. Without a proper code review, quality of the code base deteriorates over time and become unmanageable after a couple of years of active development. In this article, we will look into Symfony Insight, an automated tool provided by SensioLabs (creator of Symfony framework) for code quality analysis.

What is Symfony Insight?

Symfony Insight is a service provided by SensioLabs for code quality analysis. By service means you need to access the tool from SensioLab’s platform as it cannot be downloaded and installed on your development environment. However, you can integrate this service in many ways as part of continues integration or version control system.

In order to use the service, user must be registered. For this, user must first register to Symfony Connect (https://connect.symfony.com) and use this credentials to login to Insight Service (https://insight.symfony.com/). User can either avail a free plan or paid one. Free plan includes only one public code analysis without a full report. Paid plans include private unlimited analyses with a full report and more flexibility depending upon the type of the plan.

Insight service can analyze any PHP project for code quality. In general, it will check for few default coding standards set by SensioLabs, like ”var_dump” or “exit” methods, commented out code, code duplication, PSR standards etc. However, it provides an extensive set of customized options to add control points depending upon the type of your application. For example, you can analyse an application as Symfony project, Durpal project, Silex project and much more. Below is a screenshot of all available options at the time of this writing.

Project types in insight analysis

From Insight documentation,

Assigning the correct project type is important as some metrics only run on a subset of project types. For instance, it doesn’t make sense to check for a favicon in a simple PHP library. Likewise, all rules specific to Symfony applications should not run against WordPress plugins. Thus, choosing thoroughly the category fitting the best with your project will remove false positives and improve the analysis accuracy.

What Symfony Insight analyse

At the time of this writing, 112 control points are added to ensure  code quality. These 112 control points are divided in to 7 categories and 4 severity levels.

Categories are

  1. Security
  2. Bug Risk
  3. Performance
  4. Architecture
  5. Dead Code
  6. Readability
  7. Code Style

Severity Levels are

  1. Critical Checks
  2. Major Checks
  3. Minor Checks
  4. Info Checks

More information about them can be viewed at https://insight.symfony.com/what-we-analyse

Depending upon the analysis, 5 medals are given to each application, they are listed below:

  1. Platinum – No alerts at all
  2. Gold – At least 1 info alert
  3. Silver – At least 1 minor alert
  4. Bronze – At least 1 major error
  5. No Medal – At least 1 critical error

Setting up the project

As an introduction we will do two things. First, we will set up a repository, push a sample PHP file to it with some errors, run it as a PHP library and analyze the result. Then we will push a sample symfony project to the repository and run it as a Symfony project and see how the result varies from the first step.

1. The repository

Our repository is hosted in GitLab. For now, we will only upload a sample file with few errors into our GitLab repo and configure this repo in insight. Below screenshot shows the repository set up for the analysis.

Repository set up

2. Symfony Insight Configuration

We will be using a paid individual plan to run our analysis in order to get an unlimited number of analysis and a full report. Individual plan we are using allows only up to 5 projects, but for our purpose, that is enough.

Step 1 – Add a new project

For our current analysis, we need to set up a new project. This can be done from our dashboard. We can do this by clicking the “Add project” button as shown in the screenshot.

New project in SensioLabs Insight

Step 2 – Select the location of project

Once the “Add project” button is clicked, we will see a page where we need to set up the repository or location of the source code. This page will contain allowed possible solutions we can use.

Repository types

In our case, we use GitLab, so select GitLab from the options which will lead to the next page with some more details as shown below:

Repository configuration

Git repository URL – This is the SSH URL of your repository. Since we use GitLab, this is a git repository URL.

Project Type – Available project types as we mentioned earlier. For now we choose PHP library

Public SSH key – This key can be used to configure Symfony Insight service to read the repository in case it is private. You can configure this by two steps.

First, you need to generate a public key for your Symfony Insight service. This can be done by visiting the ssh section of your Symfony Connect Account (https://connect.symfony.com/#!ssh). There is a section with heading „Manage your private SSH key“. Under this, you can generate a private ssh key and symfony connect will display a public key for this private key as shown in the screenshot below:

SSH key generation interface in Symfony Connect

Second, use this public key as a deploy key in your repository so that insight service can read your depository. Interface may vary depending on the git clients. It will look something similar as shown below:

Deploy key in git client

Once all necessary fields are filled, the “Analyze” button will save the information and start first analysis of our repository code base.

Analysis

Since we have clicked „Analyze“ button in last step, the process is already running and we will see first report of our sample repository with one file as below

Result

Here, you can see that our sample index file have 3 minor issues and 3 info.  Issues are categorized under the rule in which they belong. For example, the rule “Unused method, property or parameter”  have 3 issues. Clicking on any rule will show all issues under it along with the file name, which line caused the problem, how to fix it along with a rough estimation of time needed, all in a nicely styled manner. Also the report gives us what current medal is (Silver, since no major issues) and how many hours it would take to get a platinum medal.

Now we will add a sample Symfony project to our repository and run the analysis as a “Symfony project” instead of “PHP library”. Below is the result of our second analysis.

Symfony Result

Here you can clearly see that many more rules are checked and added, some are more symfony specific, like “Symfony applications should not throw AccessDeniedHttpException”. Now we know how type of the project influences the final result of analysis.

Conclusion

From our experience with the above analyses,   you might already get a clear idea how powerful Symfony Insight service is. In addition to run manual analyses, we can set up automatic scheduled analyses and run analysis as part of git commit or pull requests. We can also use some continuous integration tools like CircleCI so that a commit or pull request get analysed before they get merged to the main branch enforcing the code quality. We will look in to that topic on our next post.

Read more

Symfony Insight Documentation – https://insight.symfony.com/docs/getting-started/introduction-to-insight.html

Schreibe einen Kommentar

Kontaktieren Sie uns!
Nach oben scrollen