Upgrade to Pro — share decks privately, control downloads, hide ads and more …

効果的な静的解析の CI導入パターンを求めて / Great static analysis ...

効果的な静的解析の CI導入パターンを求めて / Great static analysis with CI

Yuichi Sugiyama

December 11, 2020
Tweet

More Decks by Yuichi Sugiyama

Other Decks in Technology

Transcript

  1. Whoami • ਿࢁ ༞Ұ @oogFranz • αΠϘ΢ζ6೥໨ΤϯδχΞ • େاۀ޲͚άϧʔϓ΢ΣΞGaroon࡞ͬͯΔ •

    ෳۀδϟζϛϡʔδγϟϯ@MASHݭָஂ • ϦϞʔτϫʔΫͷӨڹͰ඘͕ੜ͑ͨ 
  2. αΠϘ΢ζ Garoon ͷཪଆઆ໌ • PHPͱMySQLͰͰ͖ͯΔWebΞϓϦέʔγϣϯ • ։ൃ19೥໨ • PHP͸ 4͔Β7.4ʹʢPHP

    8.0Ҡߦ΋ਐΊͯͧ͘ʂʣ • PHPͷίʔυ͸180ສߦ͘Β͍  ͳ͔ͳ͔ϨΨγʔʂ
  3. baselineͷಋೖ • baseline: suppress ruleΛࣗಈੜ੒͢Δػೳ • طଘͷissueΛه࿥͠ɺ੩తղੳ࣌ʹ͸ ه࿥͞ΕͨissueΛແࢹ͢Δ • 

    $ vendor/bin/psalm --save-baseline baseline.xml $ vendor/bin/phan --save-baseline baseline.php $ vendor/bin/phpstan analyse --generate-baseline phpstan-baseline.neon
  4. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi
  5. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi CIʢCircleCIʣͷΩϟογϡ͔Β baselineΛऔಘ
  6. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi ։ൃதϒϥϯνʹbaseline͕ ͋Ε͹ͦΕΛར༻
  7. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi ։ൃதϒϥϯνʹbaseline͕ ͳ͚Ε͹developϒϥϯνΛར༻
  8. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi ੩తղੳΛ࣮ߦʢ͜͜Ͱ͸Phanʣ
  9. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi baseline͕ݟ͔ͭΒͳ͍࣌͸Skip
  10. baselineΛར༻ͯ͠੩తղੳ  phan-load-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - restore_cache: name: Restore baseline keys: - v1-phan-baseline-{{ .BRANCH }}- - v1-phan-baseline-develop- - run: name: Phan command: | if [[ -f ~/phan_baseline.php ]]; then phan ./ --load-baseline ~/phan_baseline.php fi Ωϟογϡʹอଘ͞Ε͍ͯͨbaselineΛ ར༻ͯ͠੩తղੳΛ࣮ߦ
  11. baselineΛߋ৽͢Δ  phan-save-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout

    - run: name: Save Phan baseline command: | set +e phan ./ --save-baseline ~/phan_baseline.php exit 0 - save_cache: key: v1-phan-baseline-{{ .BRANCH }}-{{ .Revision }} paths: ~/phan_baseline.php
  12. phan-save-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout - run:

    name: Save Phan baseline command: | set +e phan ./ --save-baseline ~/phan_baseline.php exit 0 - save_cache: key: v1-phan-baseline-{{ .BRANCH }}-{{ .Revision }} paths: ~/phan_baseline.php baselineΛߋ৽͢Δ  baselineΛ࡞੒
  13. phan-save-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout - run:

    name: Save Phan baseline command: | set +e phan ./ --save-baseline ~/phan_baseline.php exit 0 - save_cache: key: v1-phan-baseline-{{ .BRANCH }}-{{ .Revision }} paths: ~/phan_baseline.php baselineΛߋ৽͢Δ  ੩తղੳπʔϧʹΑͬͯ͸issue͕ଘࡏ͢Δ ͱऴྃίʔυ͕1Λฦ͢ͷͰέΞ͕ඞཁ
  14. phan-save-baseline: docker: - image: docker-registory.cybozu.private/phan:X.Y.Z steps: - checkout - run:

    name: Save Phan baseline command: | set +e phan ./ --save-baseline ~/phan_baseline.php exit 0 - save_cache: key: v1-phan-baseline-{{ .BRANCH }}-{{ .Revision }} paths: ~/phan_baseline.php baselineΛߋ৽͢Δ  baselineΛΩϟογϡʹอଘ
  15. baselineͷϦηοτ • ੩తղੳπʔϧͷόʔδϣϯΞοϓͳͲͰ baselineΛϦηοτ͍͕ͨ࣌͋͠Δ • ΩϟογϡͷΩʔ໊Λมߋ͢Δ  - save_cache: key:

    v1-phan-baseline-{{ .BRANCH }}-{{ .Revision }} paths: ~/phan_baseline.php - save_cache: key: v2-phan-baseline-{{ .BRANCH }}-{{ .Revision }} paths: ~/phan_baseline.php ΩϟογϡΩʔ໊Λߋ৽͢Δ
  16. git cloneΛૣ͘͢Δ • ௕͘։ൃ͍ͯ͠ΔϓϩμΫτͰ͸git clone͕஗͍ • →shallow cloneΛ͢Δʢ࠷৽ίϛοτ͚ͩऔಘ͢Δʣ • Garoonͩͱ໿6ഒૣ͘ͳΔʢ25.2

    ඵ → 4.0 ඵʣ  $ git clone --depth=1 --branch ${CIRCLE_BRANCH} \ --single-branch ${CIRCLE_REPOSITORY_URL}
  17. ϓϧϦΫऔಘ GitHub API  $curl -H "Authorization: token ${GITHUB_API_TOKEN}" \

    -H 'Accept: application/vnd.github.v3.diff' \
 https://github.dev.cybozu.co.jp/api/v3/repos/garoon/garoon/pulls/14386 diff --git a/source/page/master/sample.php b/source/page/master/sample.php index b644b6edbf5..03624413a6a 100644 --- a/source/page/master/sample.php +++ b/source/page/master/sample.php @@ -1,3 +1,4 @@ +echo "diff test"
  18. ϓϧϦΫऔಘ GitHub API  $curl -H "Authorization: token ${GITHUB_API_TOKEN}" \

    -H 'Accept: application/vnd.github.v3.diff' \
 https://github.dev.cybozu.co.jp/api/v3/repos/garoon/garoon/pulls/14386 diff --git a/source/page/master/sample.php b/source/page/master/sample.php index b644b6edbf5..03624413a6a 100644 --- a/source/page/master/sample.php +++ b/source/page/master/sample.php @@ -1,3 +1,4 @@ +echo "diff test" media typeͷࢦఆͰdiff͕औΕΔ https://docs.github.com/en/free-pro-team@latest/rest/overview/media-types#commits-commit-comparison-and-pull-requests
  19.  $curl -H "Authorization: token ${GITHUB_API_TOKEN}" \ -H 'Accept: application/vnd.github.v3.diff'

    \
 https://github.dev.cybozu.co.jp/api/v3/repos/garoon/garoon/pulls/14386 diff --git a/source/page/master/sample.php b/source/page/master/sample.php index b644b6edbf5..03624413a6a 100644 --- a/source/page/master/sample.php +++ b/source/page/master/sample.php @@ -1,3 +1,4 @@ +echo "diff test" ࡶʹ +++ ͱϑΝΠϧ֦ுࢠΛgrep͢Ε͹ɺ ੩తղੳର৅ͷϑΝΠϧ͕औಘͰ͖Δ https://docs.github.com/en/free-pro-team@latest/rest/overview/media-types#commits-commit-comparison-and-pull-requests ϓϧϦΫऔಘ GitHub API