Add Qodana configuration and Github action (#21)

This commit introduces Qodana, a code quality inspection tool from JetBrains. A configuration file (qodana.yaml) is added to define the required inspection profile. It also adds a new GitHub action (qodana_code_quality.yml) to run Qodana code quality check whenever code is pushed to the main branch.
MarjovanLier · Mar 5, 2024 · 4c64185 · 4c64185
1 parent 4913df9
commit 4c64185
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 0 deletions.
diff --git a/.github/workflows/qodana_code_quality.yml b/.github/workflows/qodana_code_quality.yml
@@ -0,0 +1,53 @@
+name: Qodana
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+
+jobs:
+  qodana:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        id: checkout
+        with:
+          fetch-depth: 0
+
+      - name: Setup PHP
+        id: setup-php
+        if: steps.checkout.outcome == 'success'
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.1"
+          extensions: ast, mbstring, pdo, pdo_mysql, xml, zip
+          coverage: xdebug
+
+      - name: Cache Composer Dependencies
+        id: composer-cache
+        if: steps.setup-php.outcome == 'success'
+        uses: actions/cache@v2
+        with:
+          path: vendor
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install dependencies
+        id: composer-install
+        if: steps.setup-php.outcome == 'success'
+        run: composer install --prefer-dist --no-progress
+
+      - name: "Qodana Scan"
+        id: qodana
+        if: steps.composer-cache.outcome == 'success'
+        uses: JetBrains/[email protected]
+        env:
+          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+        with:
+          pr-mode: false
+          #args: --apply-fixes,--baseline,qodana.sarif.json
+          args: --apply-fixes
+          push-fixes: pull-request
+          use-caches: true
+          post-pr-comment: true
+          upload-result: false
+          github-token: ${{ github.token }}
diff --git a/qodana.yaml b/qodana.yaml
@@ -0,0 +1,47 @@
+---
+#-------------------------------------------------------------------------------#
+#               Qodana analysis is configured by qodana.yaml file               #
+#             https://www.jetbrains.com/help/qodana/qodana-yaml.html            #
+#-------------------------------------------------------------------------------#
+version: "1.0"
+
+#Specify inspection profile for code analysis
+profile:
+  name: qodana.recommended
+
+php:
+  version: 8.1 #(Applied in CI/CD pipeline)
+
+linter: jetbrains/qodana-php:latest
+include:
+  - name: PhpVulnerablePathsInspection
+  - name: VulnerableLibrariesGlobal
+  - name: PhpCoverageInspection
+  - name: PhpInconsistentReturnPointsInspection
+  - name: PhpRedundantOptionalArgumentInspection
+  - name: PhpTernaryExpressionCanBeReplacedWithConditionInspection
+  - name: PhpFullyQualifiedNameUsageInspection
+  - name: PhpUnnecessaryFullyQualifiedNameInspection
+  - name: DuplicatedCode
+  - name: PhpReturnDocTypeMismatchInspection
+  - name: PhpMissingParamTypeInspection
+  - name: PhpMissingFieldTypeInspection
+  - name: PhpMissingReturnTypeInspection
+  - name: PhpDynamicFieldDeclarationInspection
+  - name: PhpUnusedAliasInspection
+  - name: PhpUnusedLocalVariableInspection
+plugins:
+  - id: com.kalessil.phpStorm.phpInspectionsEA
+
+exclude:
+  - name: All
+    paths:
+      - resources/views/welcome.blade.php
+      - storage
+      - storage/
+      - storage/*
+      - storage/**
+      - vendor
+      - vendor/
+      - vendor/*
+      - vendor/**