# 安裝 PHPStan
composer require --dev phpstan/phpstan

# 創(chuàng)建 phpstan.neon 配置文件
touch phpstan.neon

# phpstan.neon
parameters:
  level: 5
  paths:
    - app
    - tests
  excludePaths:
    - app/Console/Kernel.php
    - app/Http/Kernel.php
  checkMissingIterableValueType: false
  checkGenericClassInNonGenericObjectType: false
  ignoreErrors:
    - '#Unsafe usage of new static#'

# 級別 0 - 基本檢查
vendor/bin/phpstan analyze --level=0

# 級別 5 - 嚴格性和實用性的良好平衡
vendor/bin/phpstan analyze --level=5

# 級別 9 - 非常嚴格，幾乎捕獲所有問題
vendor/bin/phpstan analyze --level=9

# 安裝 Laravel 擴展
composer require --dev nunomaduro/larastan

# 為 Laravel 更新的 phpstan.neon
# 更多 Laravel 特定配置，請參見：
# https://mycuriosity.blog/level-up-your-laravel-validation-advanced-tips-tricks
parameters:
  level: 5
  paths:
    - app
  includes:
    - ./vendor/nunomaduro/larastan/extension.neon

# phpstan.neon
parameters:
  level: 6
  paths:
    - app
    - tests

  # 忽略特定模式
  ignoreErrors:
    - '#Call to an undefined method Illuminate\\Database\\Eloquent\\Builder#'
    - '#Method App\\Models\\User::find\(\) should return App\\Models\\User\|null but returns Illuminate\\Database\\Eloquent\\Model\|null#'

  # 自定義規(guī)則
  rules:
    - PHPStan\Rules\Classes\UnusedConstructorParametersRule
    - PHPStan\Rules\DeadCode\UnusedPrivateMethodRule
    - PHPStan\Rules\DeadCode\UnusedPrivatePropertyRule

  # 類型別名
  typeAliases:
    UserId: 'int<1, max>'
    Email: 'string'

  # 前沿功能
  reportUnmatchedIgnoredErrors: true
  checkTooWideReturnTypesInProtectedAndPublicMethods: true
  checkUninitializedProperties: true

# 安裝 Psalm
composer require --dev vimeo/psalm

# 初始化 Psalm
vendor/bin/psalm --init

<!-- psalm.xml -->
<?xml version="1.0"?>
<psalm
    errorLevel="3"
    resolveFromConfigFile="true"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="https://getpsalm.org/schema/config"
    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
>
    <projectFiles>
        <directory name="app" />
        <directory name="tests" />
        <ignoreFiles>
            <directory name="vendor" />
            <file name="app/Console/Kernel.php" />
        </ignoreFiles>
    </projectFiles>

    <issueHandlers>
        <LessSpecificReturnType errorLevel="info" />
        <MoreSpecificReturnType errorLevel="info" />
        <PropertyNotSetInConstructor errorLevel="info" />
    </issueHandlers>

    <plugins>
        <pluginClass class="Psalm\LaravelPlugin\Plugin"/>
    </plugins>
</psalm>

# 安裝 Laravel 插件
composer require --dev psalm/plugin-laravel

# 啟用插件
vendor/bin/psalm-plugin enable psalm/plugin-laravel

// 我原來的危險代碼
function calculateTotal(array $items): float
{
    $total = 0;
    foreach ($items as $item) {
        $total += $item; // PHPStan: Cannot add array|string to int
    }
    return $total; // 可能返回完全錯誤的金額！
}

// PHPStan 強制我明確類型
function calculateTotal(array $items): float
{
    $total = 0.0;
    foreach ($items as $item) {
        if (is_numeric($item)) {
            $total += (float) $item;
        } else {
            throw new InvalidArgumentException('All items must be numeric');
        }
    }
    return $total;
}

// PHPStan 捕獲潛在的空指針
function getUserEmail(int $userId): string
{
    $user = User::find($userId); // 返回 User|null
    return $user->email; // 錯誤：無法訪問 null 上的屬性
}

// 修復(fù)版本
function getUserEmail(int $userId): ?string
{
    $user = User::find($userId);
    return $user?->email;
}

// 或者顯式空值檢查
function getUserEmail(int $userId): string
{
    $user = User::find($userId);
    if ($user === null) {
        throw new UserNotFoundException("User {$userId} not found");
    }
    return $user->email;
}

// PHPStan 檢測無法到達的代碼
function processPayment(float $amount): bool
{
    if ($amount <= 0) {
        return false;
    }

    if ($amount > 1000000) {
        throw new InvalidArgumentException('Amount too large');
    }

    return true;
    echo "Payment processed"; // 無法到達的代碼
}

/**
 * @template T
 * @param class-string<T> $className
 * @return T
 */
function createInstance(string $className): object
{
    return new $className();
}

// 使用
$user = createInstance(User::class); // PHPStan 知道這是 User

/**
 * @param array<int, User> $users
 * @return array<int, string>
 */
function extractUserEmails(array $users): array
{
    return array_map(fn(User $user) => $user->email, $users);
}

/**
 * @param Collection<int, Product> $products
 * @return Collection<int, Product>
 */
function getActiveProducts(Collection $products): Collection
{
    return $products->filter(fn(Product $product) => $product->isActive());
}

/**
 * @param array{name: string, age: int, email: string} $userData
 * @return User
 */
function createUser(array $userData): User
{
    return new User($userData['name'], $userData['age'], $userData['email']);
}

/**
 * @param array<string, int|string|bool> $config
 * @return void
 */
function configure(array $config): void
{
    // 實現(xiàn)
}

// CustomRule.php
use PHPStan\Rules\Rule;
use PHPStan\Analyser\Scope;
use PhpParser\Node;

class NoDirectDatabaseQueryRule implements Rule
{
    public function getNodeType(): string
    {
        return Node\Expr\StaticCall::class;
    }

    public function processNode(Node $node, Scope $scope): array
    {
        if ($node->class instanceof Node\Name &&
            $node->class->toString() === 'DB' &&
            $node->name instanceof Node\Identifier &&
            in_array($node->name->name, ['select', 'insert', 'update', 'delete'])) {

            return ['Direct database queries are not allowed. Use repositories instead.'];
        }

        return [];
    }
}

# .github/workflows/static-analysis.yml
name: Static Analysis

on: [push, pull_request]

jobs:
  phpstan:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.2'

      - name: Install dependencies
        run: composer install --no-dev --optimize-autoloader

      - name: Run PHPStan
        run: vendor/bin/phpstan analyze --error-format=github

      - name: Run Psalm
        run: vendor/bin/psalm --output-format=github

# 安裝 pre-commit
pip install pre-commit

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: phpstan
        name: phpstan
        entry: vendor/bin/phpstan analyze --no-progress
        language: system
        types: [php]
        pass_filenames: false

      - id: psalm
        name: psalm
        entry: vendor/bin/psalm --no-progress
        language: system
        types: [php]
        pass_filenames: false

# 安裝 PHP CS Fixer
composer require --dev friendsofphp/php-cs-fixer

# .php-cs-fixer.php
<?php
return (new PhpCsFixer\Config())
    ->setRules([
        '@PSR12' => true,
        'array_syntax' => ['syntax' => 'short'],
        'ordered_imports' => true,
        'no_unused_imports' => true,
        'declare_strict_types' => true,
    ])
    // 遵循 PSR 標(biāo)準(zhǔn)提高代碼質(zhì)量：
    // https://mycuriosity.blog/php-psr-standards-writing-interoperable-code
    ->setFinder(
        PhpCsFixer\Finder::create()
            ->in('app')
            ->in('tests')
    );

# 安裝 PHPMD
composer require --dev phpmd/phpmd

# phpmd.xml
<?xml version="1.0"?>
<ruleset name="Custom PHPMD ruleset">
    <rule ref="rulesets/cleancode.xml">
        <exclude name="StaticAccess" />
    </rule>
    <rule ref="rulesets/codesize.xml" />
    <rule ref="rulesets/controversial.xml" />
    <rule ref="rulesets/design.xml" />
    <rule ref="rulesets/naming.xml" />
    <rule ref="rulesets/unusedcode.xml" />
</ruleset>

# 生成基線以忽略現(xiàn)有問題
vendor/bin/phpstan analyze --generate-baseline

# 這會創(chuàng)建 phpstan-baseline.neon

parameters:
  includes:
    - phpstan-baseline.neon

# phpstan.neon
parameters:
  parallel:
    maximumNumberOfProcesses: 4
    processTimeout: 120.0

# phpstan.neon
parameters:
  tmpDir: var/cache/phpstan
  resultCachePath: var/cache/phpstan/resultCache.php

// .vscode/settings.json
{
  "php.validate.enable": false,
  "php.suggest.basic": false,
  "phpstan.enabled": true,
  "phpstan.path": "vendor/bin/phpstan",
  "phpstan.config": "phpstan.neon"
}

// 不好 - 抑制過于寬泛
/** @phpstan-ignore-next-line */
$user = User::find($id);

// 好 - 具體抑制并說明原因
/** @phpstan-ignore-next-line User::find() can return null but we know ID exists */
$user = User::find($validatedId);

// 不好 - 過度注解明顯類型
/** @var string $name */
$name = 'John';

// 好 - 注解復(fù)雜類型
/** @var array<string, mixed> $config */
$config = json_decode($jsonString, true);

// 要跟蹤的指標(biāo)
class StaticAnalysisMetrics
{
    public function getMetrics(): array
    {
        return [
            'phpstan_errors' => $this->countPhpStanErrors(),
            'psalm_errors' => $this->countPsalmErrors(),
            'code_coverage' => $this->getCodeCoverage(),
            'type_coverage' => $this->getTypeCoverage(),
            'bugs_prevented' => $this->getBugsPrevented(),
        ];
    }

    private function countPhpStanErrors(): int
    {
        // 解析 PHPStan 輸出
        $output = shell_exec('vendor/bin/phpstan analyze --error-format=json');
        $data = json_decode($output, true);
        return count($data['files'] ?? []);
    }
}