Table of Contents
- Introduction
- List of PHP Images
- List of Alpine Based PHP Images
- List of CI Tools
- PHP Code Sniffer
- PHP Copy/Paste Detector (PHPCPD)
- PHP Dead Code Detector
- SensioLabs Security Checker
- PhpMetrics
- Psecio Parse
- PHP VarDump Check
- PHP Parallel Lint
- PHP Magic Number Detector (PHPMND)
- PHP Assumptions
- churn-php
- Fink
- PHPMD
- PHP_Testability
- composer-normalize
- infection
- Deptrac
- PHP Insights
- PHPStan
- Local PHP Security Checker
- Pint
- Custom Tools
- How to use images locally
- How to Use in Gitlab CI
- How to Use in CircleCI
- How To Contribute
- Code of Conduct
A repository of Docker files to create images from official PHP images (from latest tag per PHP version) with some CI tools installed.
The tools that are installed by Composer are isolated by using different folder per tool and linked to /usr/local/bin folder.
- umutphp/php-docker-images-for-ci:5.6 (PHP 5.6.6)
- umutphp/php-docker-images-for-ci:7.0 (PHP 7.0.33)
- umutphp/php-docker-images-for-ci:7.1 (PHP 7.1.33)
- umutphp/php-docker-images-for-ci:7.2 (PHP 7.2.34)
- umutphp/php-docker-images-for-ci:7.3 (PHP 7.3.33)
- umutphp/php-docker-images-for-ci:7.4 (PHP 7.4.33)
- umutphp/php-docker-images-for-ci:8.0 (PHP 8.0.28)
- umutphp/php-docker-images-for-ci:8.1 (PHP 8.1.18)
- umutphp/php-docker-images-for-ci:8.2 (PHP 8.2.5)
- umutphp/php-docker-images-for-ci:8.3 (PHP 8.3.0)
- umutphp/php-docker-images-for-ci:7.0-alpine (PHP 7.0.33)
- umutphp/php-docker-images-for-ci:7.1-alpine (PHP 7.1.33)
- umutphp/php-docker-images-for-ci:7.2-alpine (PHP 7.2.34)
- umutphp/php-docker-images-for-ci:7.3-alpine (PHP 7.3.33-alpine)
- umutphp/php-docker-images-for-ci:7.4-alpine (PHP 7.4.33-alpine)
- umutphp/php-docker-images-for-ci:8.0-alpine (PHP 8.0.28-apline)
- umutphp/php-docker-images-for-ci:8.1-alpine (PHP 8.1.18-alpine)
- umutphp/php-docker-images-for-ci:8.1-alpine (PHP 8.2.5-alpine)
- umutphp/php-docker-images-for-ci:8.3-alpine (PHP 8.3.0-alpine)
PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards. PHP_CodeSniffer comes with two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpcs /app
PHP Copy/Paste Detector (PHPCPD) is a Copy/Paste Detector (CPD) for PHP code. It checks all the files under the folder given as a parameter and determines the code blocks which are copied and pasted.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpcpd /app
PHP Dead Code Detector is a Dead Code Detector (DCD) for PHP code. It scans a PHP project for all declared functions and methods and reports those as being "dead code" that are not called at least once.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpdcd /app
Warning The tool is deprecated and you can use Local PHP Security Checker instead. Don't use this piece of software anymore as the underlying web service will stop working after the end of January 2021.
The SensioLabs Security Checker is a command line tool that checks if your application uses dependencies with known security vulnerabilities. It uses the Security Check Web service and the Security Advisories Database.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 security-checker security:check /app
PhpMetrics provides software metrics about PHP project and classes. It generates readable and accessible reports about maintainability, quality and complexity of a source code.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpmetrics /app
Psecio Parse scanner is a static scanning tool to review your PHP code for potential security-related issues. . It requires atleast PHP 7.0.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 psecio-parse scan /app
PHP VarDump Check is a PHP console application for finding forgotten variable dump lines. It supports PHP build in method print_r, var_dump and var_export methods and also methods from Tracy debugger, Ladybug, Symfony, Laravel, Doctrine and Zend Framework.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 var-dump-check /app
PHP Parallel Lint checks syntax of PHP files faster than serial check with a fancier output. Running parallel jobs in PHP is inspired by Nette framework tests.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 parallel-lint /app
PHP Magic Number Detector (PHPMND) is a tool that aims to help you to detect magic numbers in your PHP code. By default 0 and 1 are not considered to be magic numbers. This tool is incompatible with PHP 8.0.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpmnd /app
PHP Assumptions is the result of a proof of concept inspired by the "From assumptions to assertions" blog post. It's a static code analysis tool doing checks for weak assumptions.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpa /app
churn-php is a package that helps you identify php files in your project that could be good candidates for refactoring. It requires atleast PHP 7.1.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 churn run src /app
Fink (pronounced "Phpink") is a command line tool for checking HTTP links written in PHP. It requires atleast PHP 7.1.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 fink http://yoursite.domain
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpmd /app text codesize,unusedcode,naming
PHP_Testability analyses and produces a report with testability issues of a php codebase. It requires atleast PHP 7.0.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 testability /app -o report
composer-normalize Provides a composer plugin for normalizing composer.json. It requires atleast PHP 7.1.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 cd /app && composer normalize
Infection is a PHP mutation testing framework based on AST (Abstract Syntax Tree) mutations. It works as a CLI tool and can be executed from your project’s root.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 infection
Deptrac is a static code analysis tool that helps to enforce rules for dependencies between software layers in your PHP projects. It requires atleast PHP 7.1.
PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal. It requires atleast PHP 7.2 and It is not supporting PHP 8.0 for now.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.3 phpinsights
PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It requires atleast PHP 7.1.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.3 phpstan analyse
The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with known security vulnerabilities. It uses the Security Advisories Database.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.3 local-php-security-checker --path=/app/composer.lock
Pint is an opinionated PHP code style fixer for minimalists. Pint is built on top of PHP-CS-Fixer and makes it simple to ensure that your code style stays clean and consistent. Pint requires atleast PHP 8.0.
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:8.1 pint
- Gitignore Checker:
gitignore_checkerchecks the .gitignore file under the directory that the command executed and finds if there are file or files both in the git ignore file and the repository. - Git Merge Conflict Marker Checker:
merge_conflict_checkerchecks all the files in the given folder (current folder is checked if not given) to find the forgotten merge conflict markers like "<<<<<<< HEAD".
- A sample execution for PHP Code Sniffer;
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 phpcs /app
- A sample execution for SensioLabs Security Checker;
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 security-checker security:check /app/composer.lock
- A sample execution for Psecio Parse;
docker run -v /path/to/project:/app umutphp/php-docker-images-for-ci:7.1 /root/.composer/vendor/bin/psecio-parse scan /app
You need to enable Docker executors on Gitlab CI. You can find sample job definitions for executing the tools on Gitlab CI pipeline for your repo.
A sample job definition for PHP Code Sniffer;
code_sniffer:
stage: stage_name
image: umutphp/php-docker-images-for-ci:7.1
script:
- cd /path/to/code/base
- phpcs
A sample job definition for SensioLabs Security Checker;
security_composer_checker:
stage: stage_name
image: umutphp/php-docker-images-for-ci:7.1
script:
- security-checker security:check /path/to/composer.lock
A sample job definition for Psecio Parse;
security_psecio_parse:
stage: stage_name
image: umutphp/php-docker-images-for-ci:7.1
script:
- psecio-parse scan /path/to/your/codebase/
You can make some static code checks before bulding and testing your application on CircleCI.
# PHP CircleCI 2.0 configuration file
#
version: 2
jobs:
checks:
docker:
- image: umutphp/php-docker-images-for-ci:7.2
steps:
- checkout
- run:
name: Composer-normalize
no_output_timeout: 20m
command: composer normalize --dry-run
- run:
name: PHP-Lint
no_output_timeout: 20m
command: parallel-lint --exclude vendor .
- run:
name: Var-Dump-Check
no_output_timeout: 20m
command: var-dump-check .
- run:
name: Merge-Conflict-Checker
no_output_timeout: 20m
command: merge_conflict_checker .
workflows:
version: 2
build:
jobs:
- checks
Please read the instructions in CONTRIBUTING.md file.
See CODE_OF_CONDUCT for information.