PHPStan as third party issues

Martin1 · January 10, 2022, 9:41am

We’re trying to integrate report from PHPStan into Sonarqube. I added into my repo file “sonar-project.properties” and there I defined “sonar.php.phpstan.reportPaths=report.json”. In sonarqube GUI I see error: “No issue will be imported from this report. The content of the file probably does not have the expected format”

Example of report.json:

This is standart output of PHPStan.

Also is there any graphical summary of imported report as third party issues?

I am using
Developer Edition Version 9.2.4 (build 50792)

Thank you

Colin · January 11, 2022, 2:26pm

Hey there.

What command are you using to generate the report?

My report (using json or prettyJson output formats) looks a lot different. See the documentation on output formats here.

{
    "totals": {
        "errors": 0,
        "file_errors": 1
    },
    "files": {
        "src/Greeter.php": {
            "errors": 1,
            "messages": [
                {
                    "message": "Unreachable statement - code above always terminates.",
                    "line": 11,
                    "ignorable": true
                }
            ]
        }
    },
    "errors": []
}

It looks like you might be using the gitlab output format. SonarQube cannot read this.

Martin1 · January 13, 2022, 9:42am

Hi Colin,

Thank you for your reply.

I tried both format. There is an example of json output, but I still getting error: “Failed to resolve 220 file path(s) in PHPStan gl-code-quality-report__3_.json report. No issues imported related to file(s): /var/www/html/legacy/admin/core.php;/var/www/html/legacy/admin/index.php”

Do you have any idea, why SonarQube cannot resolve these path?

I also tried that report you sent, but still getting error: “Failed to resolve 1 file path(s) in PHPStan phpstan2.json report. No issues imported related to file(s): src/Greeter.php”

Thanks in advance.

Colin · January 13, 2022, 1:25pm

Hey @Martin1

I can reproduce the same issue. By changing the filepath in the report to start from the directory the scanner executes I can get the issues to import successfully… but I don’t think you should have to do that. I’ve raised a point internally.

Martin1 · January 14, 2022, 12:30pm

Hi @Colin

There is similar feature on GitLab calling “path correction” Test coverage visualization | GitLab

Does SonarQube support something similar? Thank you.

Colin · January 28, 2022, 8:53am

Hey @Martin1

Based on the filename of your PHPStan report (gl-code-quality-report__3_.json) I assume you are running this in the context of a GitLab CI job – is that correct? Can you share your gitlab-ci.yml?

Martin1 · February 1, 2022, 9:06am

Hi @Colin

Yes, it’s done via Gitlab CI.

docker run xxxxx/xxxxxx:debug-${DOCKER_ENV} php -d memory_limit=4G ./vendor/phpstan/phpstan/phpstan analyse src legacy -l 1 --no-progress --error-format=json >gl-code-quality-report__3_.json || echo “Ignoring non-ok PHPStan”

artifacts:
when: always
reports:
codequality: gl-code-quality-report__3_.json

This is for phpstan test. It’s generating gl-code-quality-report__3_.json.json what I sent before.

Nils_Werner · February 3, 2022, 10:16am

Hi @Martin1,

Thank you for your detailed explanation and cooperation. The problem seems to be the mismatch of the fully qualified paths, as you have already noted. This circumstance comes from the GitLab build environments. Unfortunately, only fully qualified paths are specified in the JSON output of PHPStan. We decided to add a mechanism that matches and adjusts paths from external reports and SonarQube internal paths, similar to what you described with “path correction”.

To address the problem I have created the ticket SONARPHP-1282.

Best,
Nils