-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: grandfather current static analysis failures #551
Conversation
We want to begin using static analysis to improve the code base, but we don't want to go back through the 760+ current issues before doing so. This commit uses the Psalm baseline functionality to grandfather in the current failures and adds psalm static analysis to the test cycle. This will catch future issues in the code, while allowing for gradual remediation of historical issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want to begin using static analysis to improve the code base, but we don't want to go back through the 760+ current issues before doing so. This commit uses the Psalm baseline functionality to grandfather in the current failures and adds psalm static analysis to the test cycle. This will catch future issues in the code, while allowing for gradual remediation of historical issues.
I would expect to see the result of the report before approving the silent quality degradation.
@bxsx, do you mean you want to see the baseline as set in this PR, or that you want to see the baseline every time the CI runs? For the first scenario, that information is available in the file
For the second scenario, Psalm does not seem to provide a way to show the baseline while also ignoring it. Consequently, to show this on each one we'd have to either:
Finally, I'll clarify there's no quality degradation: we're merely accepting the current state. Any code changes that introduce new violations will appear as errors, thus preventing us from worsening the code. However, it does make sense that unless someone comes around later and fixes these, they'll be "dark" forever. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bishopb, thanks for the detailed response!
It seems psalm
does not grandfather all issues but errors, and the number of error occurrences is not that high. I expected to see 760+ items in the baseline file ;-)
Any code changes that introduce new violations will appear as errors, thus preventing us from worsening the code. However, it does make sense that unless someone comes around later and fixes these, they'll be "dark" forever.
The baseline file only stores occurrence counters without any fingerprints. It seems relatively easy to cheat the "system". Although this is a very rare case.
What worries me the most is the pitfall of the aforementioned darkness. I wonder if we could add additional reporting to the CI pipeline. Can we run --update-baseline
or something similar in the CI pipeline to track eventual progression? This would be much more reliable than backlogging such errors.
Oh, ok. You already provided the answer to this too :) |
Yes, @bxsx. Here's what the additional output looks like:
In synthetic tests (n=100), running with Finally, to clarify, the baseline file is a committed artifact so Personally, I'm uncertain of its value, so for now I'm merging this PR. We can easily add |
Description of the change
We want to begin using static analysis to improve the code base, but we don't want to go back through the 760+ current issues before doing so. This commit uses the Psalm baseline functionality to grandfather in the current failures and adds psalm static analysis to the test cycle. This will catch future issues in the code, while allowing for gradual remediation of historical issues.
Type of change
Related issues
Checklists
Development
Code review