Qodana 2022.2 Help

Qodana for PHP Docker image configuration

Docker image paths

Path

Description

/data/project

Root directory of the project to be analyzed

/data/results

Directory to store the analysis results, needs to be empty before running Qodana for PHP

/opt/idea

PhpStorm distributive directory

/root/.config/idea

PhpStorm configuration directory

/data/profile.xml

Used if a profile was not previously configured either via the CLI or the qodana.yaml file. See Order of resolving a profile.

Configuration options

Docker images can be configured using several CLI options. All these options can be divided into three groups.

The first group requires the equal sign (=) to be placed between the option name and its argument like --project-dir=/path/to/project.

The second group uses the space character ( ) to separate option names and their arguments like −−baseline /path/to/sarif/file.

The third group of options does not require any arguments to be supplied with, as you can see it in case of the --save-report option.

You can run the docker run jetbrains/qodana-php command to see the list of options in the CLI.

Directories

Option

Description

-i, --project-dir=

Root directory of the inspected project (default: current working directory /data/project).

-o, --results-dir=

Directory to save Qodana inspection results to (default: /data/results).

-r, --report-dir=

Directory to save an HTML report to (default: /data/results/report).

--cache-dir=

Cache directory (default: /data/cache).

-d, --source-directory

Directory inside the project-dir directory that needs to be inspected. If not specified, the whole project is inspected.

Profile

Qodana profile can be configured using these CLI options. Alternatively, you can configure Qodana using the qodana.yaml file as described in the Configure profile section.

Option

Description

--disable-sanity

Skip running the inspections configured by the sanity profile (default: enabled).

-n, --profile-name

Profile name defined in the project. Note that the name of the profile does not necessarily match the name of the containing file stored in .idea/inspectionProfiles. The actual name is stored as the <option name="myName" value="%profileName%" /> value in the profile xml file and is visible in the PhpStorm UI. For details on working with inspection profiles in PhpStorm, see the PhpStorm documentation.

-p, --profile-path

Absolute path to the profile file.

--run-promo

Set to true to have the application run the inspections configured by the promo profile; set to false otherwise. By default, a promo run is enabled if the application is executed with the default profile and is disabled otherwise.

--stub-profile

Absolute path to the fallback profile file. This option is applied in case the profile was not specified using any available options.

Baseline

To learn more about the baseline feature, see the Run in the baseline mode example, or study the Baseline section.

Option

Description

-b, --baseline

Run Qodana in the baseline mode. Provide the path to an existing SARIF report to be used in the baseline state calculation.

--baseline-include-absent

Include in the output report the results from the baseline run that are absent in the current run.

Miscellaneous

Option

Description

-s, --save-report

Generate HTML report.

-w, --show-report

Serve HTML report on port 8080.

--property=

Set a JVM property to be used while running Qodana using the --property=property.name=value1,value2,...,valueN notation. This option can be repeated multiple times for setting multiple JVM properties.

--fail-threshold

Set the number of problems that will serve as a quality gate. If this number is reached, the inspection run is terminated.

-c, --changes

Inspect uncommitted changes and report new problems.

--script

Override the default run scenario (default: default).

Qodana Cloud

Option

Description

-a, --analysis-id=

Unique report identifier (GUID) to be used by Qodana Cloud.

To learn how to forward Qodana reports to Qodana Cloud, see the Forward reports to Qodana Cloud section.

Examples of execution tuneup

Override the default inspection profile

docker run ... -v <inspection-profile.xml>:/data/profile.xml \ jetbrains/qodana-php

If no profile is specified, the default qodana.recommended profile is used. For more options of how to specify a profile, see Order of resolving a profile. For more about available profiles, see Set up a profile.

Save a report as HTML

docker run ... jetbrains/qodana-php --save-report

By default, the HTML report is stored in a separate report/ subdirectory under the results directory. This location could be configured with --report-dir.

Display a report in HTML

docker run ... -p 8080:8080 jetbrains/qodana-php --show-report

After the inspection is finished, the container will not exit and will listen on port 8080. You can connect to http://localhost:8080 to see the results. To stop the web server, press Ctrl-C in the Docker console.

Change the Heap size

docker run ... -e _JAVA_OPTIONS=-Xmx6g jetbrains/qodana-php

By default, Heap size is set to 80% of the host RAM.

Log INFO messages to STDOUT

docker run ... jetbrains/qodana-php \ --property=idea.log.config.file=info.xml

The default log level for STDOUT is WARN.

Use a different 'idea.properties' file

docker run ... -e IDEA_PROPERTIES=/data/project/idea.properties \ jetbrains/qodana-php

Forward reports to Qodana Cloud

This snippet contains the QODANA_TOKEN environment variable that specifies a project token of Qodana Cloud:

docker run \ -v $(pwd)/project/:/data/project/ \ -e QODANA_TOKEN=<qodana_cloud_token> \ jetbrains/qodana-<linter>

Turn off user statistics

To disable the reporting of usage statistics, adjust the idea.headless.enable.statistics value:

docker run ... jetbrains/qodana-php \ --property=idea.headless.enable.statistics=false

Manage plugins

You can add any free IntelliJ platform plugins or your custom plugin by using the following command:

docker run ... -v /your/custom/path/%pluginName%:/opt/idea/plugins/%pluginName% \ jetbrains/qodana-php

To optimize the most common cases, some bundled plugins are disabled by default. You can check the whole list of disabled plugins in /root/.config/idea/disabled_plugins.txt.

The PHP and its libraries'/frameworks' plugins are enabled by default.

To change the plugin list, do any of the following:

  • Override disabled_plugins.txt by mounting your own file:

    docker run ... -v $empty_file:/root/.config/idea/disabled_plugins.txt \ jetbrains/qodana-php
  • Use IDE properties idea.required.plugins.id and idea.suppressed.plugins.id:

    docker run ... jetbrains/qodana-php \ --property=idea.required.plugins.id=JavaScript,org.intellij.grails \ --property=idea.suppressed.plugins.id=com.intellij.spring.security

Analyze changes

Qodana for PHP lets you check only changed files:

docker run ... jetbrains/qodana-php \ --property=idea.required.plugins.id=Git4Idea,Subversion,hg4idea \ --changes

You can adjust the idea.required.plugins.id value and keep only the VCS plugin suitable for your project.

Run in the baseline mode

In the baseline run mode, each new Qodana for PHP run is compared to some initial run selected as a "baseline". This can help in situations when you have no possibility to fix old problems and rather want to prevent the appearance of new ones.

docker run ... jetbrains/qodana-php \ --baseline <baseline-path> [--baseline-include-absent]

where <baseline-path> is the path to a qodana.sarif.json file from an earlier run. If the --baseline-include-absent option is provided, the inspection results will include absent problems, that is the problems detected only in the baseline run but not in the current run.

The SARIF output report will contain the per-problem information on the baseline state.

To learn more about the baseline feature, see the Baseline section.

Set a quality gate

Qodana for PHP lets you configure a "quality gate", that is, the number of problems that will act as a threshold. If the threshold number is reached, the inspection run is terminated.

docker run ... jetbrains/qodana-php --fail-threshold <number>

When running in baseline mode, a threshold is calculated as the sum of new and absent problems. Unchanged results are ignored.

Run as non-root

By default, the container is run as the root user so that Qodana for PHP can read any volumes bind-mounted with the project and write the results. As a result, files in the results/ folder are owned by the root after the run.

To avoid this, you can run the container as a regular user:

docker run -u $(id -u):$(id -g) ...

Note that in this case the results/ folder on host should already be created and owned by you. Otherwise, Docker will create it as root and Qodana for PHP will not be able to write to it.

Cache dependencies

You can decrease the time for a Qodana for PHP run by persisting cache from one run to another. For example, package and dependency management tools such as Maven, Gradle, npm, and Yarn keep a local cache of downloaded dependencies.

By default, Qodana for PHP would save caches to folder /data/cache inside container. This location could be changed via --cache-dir cli argument. The data inside is per-repository, so you can pass cache from branch-a to build checking branch-b. In this case, only new dependencies would be downloaded, if they were added.

Example for local run:

docker run --rm -it -p 8080:8080 \ -v <source-directory>/:/data/project/ \ -v <output-directory>/:/data/results/ \ -v <cache-directory>/:/data/cache/ \ jetbrains/qodana-php --show-report

In this case mapping the same <cache-directory> would speed up the second run.

In a GitHub workflow you can utilise actions/cache, see full example.

GitLab CI/CD also has cache which can be stored only inside the project directory. In this case, we recommend excluding the cache folder from inspection via qodana.yaml.

Override the default run scenario

docker run ... jetbrains/qodana-php --script <script-name>:<parameters>

You can override the standard Qodana run scenario by using the --script option. By default, Qodana employs the default scenario, which is equivalent to running:

docker run ... jetbrains/qodana-php --script default

Dependency installation using PHP Composer

If you use PHP Composer, Qodana will install your project dependencies automatically right before the code analysis starts.

Change the language level

In case you need to change the language level, add the following to <source-directory>/.idea/php.xml:

<?xml version="1.0" encoding="UTF-8"?> <project version="4"> <component name="PhpProjectSharedConfiguration" php_language_level="<desired level>" /> </project>

Order of resolving a profile

Qodana for PHP checks the configuration parameters for resolving the inspection profile in this order:

  1. Profile with the name %name% from the command-line option --profile-name %name%.

  2. Profile by the path %path% from the command-line option --profile-path %path%.

  3. Profile with the name %name% from qodana.yaml.

  4. Profile by the path %path% from qodana.yaml.

  5. Profile mounted to /data/profile.xml.

  6. Fall back to using the default qodana.recommended profile.

Last modified: 21 November 2022