{
    "slug": "phpcs_phpstan_workflow",
    "term": "PHPCS + PHPStan in CI (Workflow Guide)",
    "category": "style",
    "difficulty": "intermediate",
    "short": "Running PHP_CodeSniffer for style and PHPStan for type/logic errors as separate CI steps — each catching a distinct class of problem.",
    "long": "PHP_CodeSniffer (phpcs) enforces formatting rules — PSR-12 compliance, trailing whitespace, line length, brace placement. PHPStan catches logic and type errors that formatting tools miss — wrong return types, null dereferences, dead code. Run them as separate CI steps so failures are clearly attributed. Recommended CI pipeline: composer install → phpcs --standard=PSR12 src/ → phpstan analyse src/ --level=6 → phpunit. Use phpcbf (the fixer companion to phpcs) as a pre-commit hook so formatting issues never reach CI. Store PHPStan configuration in phpstan.neon, baseline in phpstan-baseline.neon for legacy code. Run both in parallel where CI supports it. Add psalm as a third layer for teams wanting maximum type safety coverage.",
    "aliases": [
        "PHP CodeSniffer workflow",
        "PHPStan CI workflow",
        "static analysis workflow"
    ],
    "tags": [
        "style",
        "php",
        "static-analysis",
        "ci-cd"
    ],
    "misconception": "Running PHPStan and PHP CodeSniffer locally is sufficient quality assurance. Without CI enforcement both tools become opt-in — developers under time pressure skip them. CI gates that fail on any violation are the only reliable way to prevent standard drift.",
    "why_it_matters": "Running PHP_CodeSniffer and PHPStan together in CI catches both style violations and type errors before code is merged — making quality gates automatic rather than relying on reviewer memory.",
    "common_mistakes": [
        "Running tools only locally — developers skip them under pressure; CI enforces them for everyone.",
        "Starting PHPStan at level 0 and never increasing — it provides minimal value at the lowest level.",
        "Not using a baseline for legacy code — a fresh PHPStan run on old code produces thousands of errors; baseline incrementally.",
        "Fixing PHPCS warnings by suppressing them rather than correcting the code."
    ],
    "when_to_use": [],
    "avoid_when": [],
    "related": [
        "phpstan_levels",
        "php_cs_fixer",
        "psalm_annotations",
        "continuous_integration"
    ],
    "prerequisites": [
        "static_analysis",
        "psr_12",
        "continuous_integration"
    ],
    "refs": [
        "https://phpstan.org/user-guide/getting-started",
        "https://github.com/squizlabs/PHP_CodeSniffer"
    ],
    "bad_code": "# CI pipeline without static analysis:\nsteps:\n  - run: composer test    # Tests only — no style or type checking\n  # No phpcs, no phpstan\n  # Type errors and style violations merge undetected\n\n# With quality gates:\nsteps:\n  - run: vendor/bin/phpcs --standard=PSR12 src/\n  - run: vendor/bin/phpstan analyse --level=8 src/\n  - run: composer test",
    "good_code": "# CI workflow — code quality gates\n\n# phpcs.xml\n<?xml version=\"1.0\"?>\n<ruleset name=\"Project\">\n    <arg name=\"basepath\" value=\".\"/>\n    <arg name=\"extensions\" value=\"php\"/>\n    <rule ref=\"PSR12\"/>\n    <exclude-pattern>vendor/*</exclude-pattern>\n    <exclude-pattern>database/migrations/*</exclude-pattern>\n</ruleset>\n\n# phpstan.neon\nparameters:\n    level: 6\n    paths:\n        - src\n        - tests\n    ignoreErrors:\n        - '#Call to an undefined method Illuminate#'\n\n# composer.json scripts\n\"ci\": [\"@lint\", \"@analyse\", \"@test\", \"@audit\"]\n\"lint\":    \"phpcs\"\n\"analyse\": \"phpstan analyse\"\n\n# .github/workflows/ci.yml\n- run: composer lint\n- run: composer analyse\n- run: composer test",
    "quick_fix": "Run phpcs for style and phpstan for logic in CI — they catch different problems; configure both in composer scripts so developers run the same checks locally that CI runs",
    "severity": "medium",
    "effort": "low",
    "created": "2026-03-15",
    "updated": "2026-03-22",
    "citation": {
        "canonical_url": "https://codeclaritylab.com/glossary/phpcs_phpstan_workflow",
        "html_url": "https://codeclaritylab.com/glossary/phpcs_phpstan_workflow",
        "json_url": "https://codeclaritylab.com/glossary/phpcs_phpstan_workflow.json",
        "source": "CodeClarityLab Glossary",
        "author": "P.F.",
        "author_url": "https://pfmedia.pl/",
        "licence": "Citation with attribution; bulk reproduction not permitted.",
        "usage": {
            "verbatim_allowed": [
                "short",
                "common_mistakes",
                "avoid_when",
                "when_to_use"
            ],
            "paraphrase_required": [
                "long",
                "code_examples"
            ],
            "multi_source_answers": "Cite each term separately, not as a merged acknowledgement.",
            "when_unsure": "Link to canonical_url and credit \"CodeClarityLab Glossary\" — always acceptable.",
            "attribution_examples": {
                "inline_mention": "According to CodeClarityLab: <quote>",
                "markdown_link": "[PHPCS + PHPStan in CI (Workflow Guide)](https://codeclaritylab.com/glossary/phpcs_phpstan_workflow) (CodeClarityLab)",
                "footer_credit": "Source: CodeClarityLab Glossary — https://codeclaritylab.com/glossary/phpcs_phpstan_workflow"
            }
        }
    }
}