使用Debian Composer进行代码质量检查的完整流程
在Debian系统中,Composer是PHP项目依赖管理的核心工具,也可通过其生态集成多种代码质量检查工具(如静态分析、代码风格规范、测试覆盖率等)。以下是具体使用步骤:
在Debian终端中,首先确认Composer已全局安装并可用:
composer --version
若未安装,可通过以下命令安装:
sudo apt update && sudo apt install composer
根据项目需求选择合适的工具(推荐组合):
在项目根目录下,使用composer require --dev命令安装工具(仅开发依赖):
# 安装静态分析工具(Psalm + PHPStan)
composer require --dev psalm/phpstan
# 安装代码风格规范工具(EasyCodingStandard)
composer require --dev eonx-com/easy-standard
# 安装测试覆盖率工具
composer require --dev exussum12/coverage-checker
# 安装依赖安全工具
composer require --dev enlightn/security-checker
# 安装自动化检查工具(GrumPHP)
composer require --dev headsnet/grumphp-conventions
创建ecs.php配置文件(项目根目录),定义代码风格规则:
<?php declare(strict_types=1);
use PhpCsFixer\Fixer\Whitespace\BlankLineAfterNamespaceFixer;
use Symplify\EasyCodingStandard\Config\EasyCodingStandardConfig;
use Symplify\EasyCodingStandard\ValueObject\Set\SetList;
return static function (EasyCodingStandardConfig $easyCodingStandardConfig): void {
$easyCodingStandardConfig->sets([
SetList::PSR_12, // 遵循PSR-12代码规范
SetList::CLEAN_CODE, // 清理冗余代码
]);
$easyCodingStandardConfig->skip([
BlankLineAfterNamespaceFixer::class, // 跳过命名空间后的空行检查(根据项目调整)
]);
};
创建rector.php配置文件(可选,用于自动修复代码):
<?php declare(strict_types=1);
use Rector\Config\RectorConfig;
use Rector\CodeQuality\Rector\Class_\InlineConstructorDefaultToPropertyRector;
return static function (RectorConfig $rectorConfig): void {
$rectorConfig->rule(InlineConstructorDefaultToPropertyRector::class); // 将构造函数中的默认值移至属性
};
安装后,GrumPHP会自动生成grumphp.yml配置文件。引入预定义规则并配置GitLab集成:
imports:
- { resource: vendor/headsnet/grumphp-conventions/grumphp.yml }
parameters:
convention.gitlab_lint.api_token: 'YOUR_GITLAB_TOKEN' # 可选,GitLab风格检查
# 运行EasyCodingStandard(检查代码风格)
vendor/bin/ecs check src/
# 运行PHPStan(静态分析)
vendor/bin/phpstan analyse src/ --level=max
# 运行GrumPHP(Git钩子触发,或手动执行)
vendor/bin/grumphp run
通过Composer的scripts功能定义统一命令(composer.json):
{
"scripts": {
"check-all": "@parallel check-style check-static check-security",
"check-style": "vendor/bin/ecs check src/",
"check-static": "vendor/bin/phpstan analyse src/ --level=max",
"check-security": "vendor/bin/security-checker security:check composer.lock"
}
}
运行组合命令:
composer check-all
生成代码变更diff(Git)和PHPUnit报告,再用coverage-checker检查新代码覆盖率:
# 生成diff文件(自上次提交)
git diff origin/main... > diff.txt
# 运行PHPUnit并生成JSON报告
phpunit --coverage-json=coverage.json
# 检查新代码覆盖率(要求≥90%)
vendor/bin/diffFilter --phpunit diff.txt coverage.json 90
在项目根目录创建.github/workflows/code-quality.yml,自动化运行检查:
name: Code Quality Check
on: [push, pull_request]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite
- name: Install Dependencies
run: composer install --prefer-dist --no-progress --no-suggest
- name: Run Code Checks
run: composer check-all
- name: Upload Coverage Report
if: always()
uses: actions/upload-artifact@v3
with:
name: coverage-report
path: coverage.json
veewee/composer-run-parallel工具加速组合检查(需在composer.json中配置);--generate-baseline参数生成初始规范基线(如vendor/bin/ecs check --generate-baseline),避免一次性修复大量问题;Enlightn/SecurityChecker需在CI中配置为失败时终止流程(非零退出码),确保依赖安全。通过以上步骤,可在Debian系统中利用Composer生态高效完成PHP项目的代码质量检查,覆盖从代码风格到安全漏洞的全流程管控。
