As an essential step to this goal in the short term, we are working on enabling the Sonar QA reporting system for PHP projects.
Sebastian Bergmann asked some time ago for this possibility, but he discovered one missing link to complete the chain: some Java plugins to read and integrate PHP reports into Sonar.
Fortunately at SQLI Paris we have a strong Java department and Jérôme Tama volunteered to help in this task, supervised by Frédéric Leroy.
If you look a little into the Sonar WebUI you’ll see that a lot of information is brought in Java projects by the checkstyle plugin.
Unfortunately the possibilities of our analog PHP_CodeSniffer are actually smaller, giving a poorer Sonar report. This was the other missing link, less obvious to see.
The good news is that I was working since a while on “SQLI_CodeSniffer”, a wrapper to PHP_CodeSniffer that adds most of the features needed for a full integration.
So we’ve been able to integrate reports from SQLI_CodeSniffer, PHPUnit with XDebug code coverage, PHP_Depend, and the PHPUnit pmd report (partially added, we plan to switch to the brand new PHPMD).
So today I’ve a nice prototype working on my computer and I want to share some screenshots with you.
On the Dashboard screen you have a rich project overview with a remarkable radar of rules compliance by nature.
On the Components screen you have a view by component with an impressing treemap visualization. Let’s play with it !
You can change the measure represented by the size of rectangles. Let’s choose complexity.
And the measure that gives their color. Let’s choose coverage.
Ok, now I have a synthetic view of the project testing effort areas and priorities to cover that complexity.
Every report in Sonar can be specialized by component:
Now I see an overview for my project controllers.
In the component view I now have details for each class instead.
On the Violations drilldown screen you have detailed statistics about severities of your violations, most violated rules, violations by component and by class.
You can also see violations filtered by categories. You can easely concentrate your improving efforts on certains areas first.
Selecting a file gives you the code details with violations just pointing to the incriminated line: clear!
You can also filter the shown violations.
Switching to the coverage tab gives you the familiar covering visual report, with the numbers on the left indicating how many times your tests passed on the line.
The duplications tabs gives you details about your file code duplications. You can see the duplicated code by expanding the line.
In the Time machine screen you’ll be able to select all of your measures and see their evolution through time. In the greed you can choose for which dates to show figures by selecting them directly or filtering them by events.
In the Hotspots screen you have a nice synthetic view of project priorities: most violated rules, most violating classes, most complex classes and methods, …
I’ve not played enough with the administration part, but just looking at the menu you can imagine the richness: users/groups, global and project roles, defining manual metrics… Let’s just jump into the PHP quality profile.
I choosed the SQLI_CodeSniffer rules (PHP_CHECKSTYLE). I’m able to edit their presence and severity through the Sonar interface. This just let me think about all the times I had applied some good PHP_CodeSniffer standard on projects I was auditing just to discover tenths of thousands errors… What to suggest to developers? How to help them concentrate their effort?
My first impression as a user: Sonar informational richness and reporting quality is so superior to what we’re accustomed to see that this can really represents a jump in usability and in QA everyday practices.
If you like this as much as I do, you’ld probably go and download SQLI_CodeSniffer and search for the Sonar plugins… but please, be patient for a little while.
Development is still in alpha as important changes are coming, the most important being the merge of SQLI_CodeSniffer into PHP_CodeSniffer, and there is no sense in publishing all the work right now.
I’ll talk about all of this in an upcoming post: stay tuned!