Enhancement request: Run static analyzers in CI

[TysonAndre]

General information

• SDK/Library version:any
• Environment: any

  Issue description

Many open source static analyzers are available for PHP (Phan, Psalm, PHPStan) They can help make code review easier (and reduce the number of potential bugs) by catching obvious bugs, and can be tuned to suppress warnings that aren't useful.

https://gist.github.com/TysonAndre/9749fa295d3051e58153677a9e05699a is a result of analysis with Phan, using an automatically generated config with no tuning (with phan --init).

These bugs these can detect range from minor to more severe bugs:

lib/Braintree/AddressGateway.php:177 PhanCommentParamWithoutRealParam Saw an @param annotation for transactionAttribs, but it was not found in the param list of function updateNoValidate($customerOrId, $addressId, $attributes) : \Braintree\Transaction

• a trivial bug (out of date phpdoc) in https://github.com/braintree/braintree_php/blob/master/lib/Braintree/AddressGateway.php#L177

lib/Braintree/Xml/Generator.php:143 PhanUndeclaredClassCatch Catching undeclared class \Braintree\Xml\Exception (Did you mean class \Exception or class \Braintree\Exception)

• A more important bug in https://github.com/braintree/braintree_php/blob/master/lib/Braintree/Xml/Generator.php#L143

---

Additionally, look into fixing any issues mentioned in the above gist that seem worthwhile to fix

[jackellenberger]

Hi @TysonAndre, this is a really good idea and I think one we'll take on in the not-too-distant future. We've had static analysis on our ruby library for some time, and have recently added it to Java as well. These have been running on the internal copies of our SDK's as we have all of the CI infrastructure for running them set to go already, but adding Travis to the public repos (see: this one) isn't a bad idea either.

I'm going to close this and put it on our internal roadmap, we can update you when we have something in place for PHP.