At the beginning of October we attended the traditional konference PHP. Our company was represented by colleagues from the E-commerce team: Martin Fabík and Jaroslav Tesar.

‍

As the name suggests, the main topic of the conference was trends in PHP development and related technological innovations and automation. The program included five lectures focused on different areas of modern application development. The issues of increasing application performance, code quality and, above all, its long-term sustainability attracted the greatest response.

‍

Static analysis: inspiration for our projects

One of the main topics that caught our attention was the lecture on static analysis in PHP by Jan Hlubuček. He showed us how tools such as PHPStan or Psalm can help us improve code quality and detect bugs before deploying to production. Static analysis can be a key tool for uncovering hidden issues that manual testing or classic code review hardly catch. That's why we decided to try it out on our projects right away

‍

‍

Our Experience with Static Analysis

During the deployment of static analysis, we identified several areas of interest:

• Bugs causing problems: Static analysis revealed bugs that could likely cause production failures.

• Potential bugs: |It helped us identify parts of the code that could lead to errors in future modifications or changes.

• Complex and inefficient code: the analysis showed places where the code was less understandable or difficult to extend.

Thanks to the Magento 2 framework we use to develop e-commerce applications, we were able to easily prioritize errors and apply their solutions to other projects that use the same modules.

‍

How did we proceed?

We started by comparing several tools, including PHPStan, SonarQube and Psalm. Based on our needs, PHPStan won out, which we then adapted to our processes.

We spent some time tweaking the settings to achieve the desired result during use in development. We incorporated critical bugs that the analysis revealed right away into development.

The key step was to create a baseline - a list of bugs that the tool should ignore. This approach allowed us to focus on relevant issues without overwhelming developers with bug alerts that were unrelated to their current task. This kept the pipeline clean and ensured that the code remained consistent and easily extensible.

Consequently, our projects are undergoing development that produces compliant code with the maximum level of PHPStan, which means sustainable and readable code for us in the future.

‍

‍

What do we plan to do next?

Our goal now is to implement standardization and rules for static analysis to make development as automated and efficient as possible.

We want to further automate the processes and make our developers' jobs easier. That's why we are preparing pre-built Docker images to speed up the analysis runtime and minimize time wasted on installing dependencies.

This will give developers immediate feedback on their code, allowing them to react quickly to potential issues and focus more on quality and innovation.

‍

‍

Are you curious about how we use static analysis or want to know how to incorporate it in your projects?

‍

Talk to our experts to find out more!

‍