.github/dependabot.yml

@@ -8,9 +8,9 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
 
   - package-ecosystem: "composer"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"

.github/workflows/main.yml

@@ -5,34 +5,63 @@ on: [push, pull_request]
 jobs:
   phpunit:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ['7.4', '8.4']
+        dependencies:
+          - lowest
+          - highest
+
+    name: phpunit (${{ matrix.php-versions }}-${{ matrix.dependencies }})
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: shivammathur/setup-php@2.3.1
+      - uses: actions/checkout@v4.2.2
+
+      - uses: shivammathur/setup-php@2.31.1
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+        if: matrix.php-versions != '8.4' || matrix.dependencies != 'highest'
+
+      - uses: shivammathur/setup-php@2.31.1
         with:
-          php-version: 7.3
+          php-version: ${{ matrix.php-versions }}
           coverage: pcov
+        if: matrix.php-versions == '8.4' && matrix.dependencies == 'highest'
 
       - name: Setup problem matcher for PHPUnit
         run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
 
       - name: Install dependencies
+        if: matrix.dependencies == 'lowest'
+        run: composer update --prefer-lowest
+
+      - name: Install dependencies
+        if: matrix.dependencies == 'highest'
         run: composer install
-        
+
       - name: Run PHPUnit
+        run: vendor/bin/phpunit
+        if: matrix.php-versions != '8.4' || matrix.dependencies != 'highest'
+
+      - name: Run PHPUnit with coverage
         run: vendor/bin/phpunit --coverage-clover=coverage.xml
+        if: matrix.php-versions == '8.4' && matrix.dependencies == 'highest'
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v1.0.7
+        uses: codecov/codecov-action@v5.1.2
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+        if: matrix.php-versions == '8.4' && matrix.dependencies == 'highest'
 
   phpcs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: shivammathur/setup-php@2.3.1
+      - uses: actions/checkout@v4.2.2
+      - uses: shivammathur/setup-php@2.31.1
         with:
-          php-version: 7.3
+          php-version: 7.4
           coverage: none
           tools: cs2pr
 
@@ -42,18 +71,18 @@ jobs:
       - name: Run PHP Codesniffer
         run: vendor/bin/phpcs --report=checkstyle -q | cs2pr --graceful-warnings
 
-  psalm:
+  phpstan:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
-      - uses: shivammathur/setup-php@2.3.1
+      - uses: actions/checkout@v4.2.2
+      - uses: shivammathur/setup-php@2.31.1
         with:
-          php-version: 7.3
+          php-version: 7.4
           coverage: none
 
       - name: Install dependencies
         run: composer install
 
-      - name: Run Psalm
-        run: vendor/bin/psalm --output-format=github
+      - name: Run PHPStan
+        run: vendor/bin/phpstan

README.md

@@ -1,12 +1,12 @@
 
-Gitlab Report for PHP_CodeSniffer
+GitLab Report for PHP_CodeSniffer
 ---------------------------------
-![Main workflow](https://github.com/micheh/phpcs-gitlab/workflows/Main%20workflow/badge.svg)
-[![codecov](https://codecov.io/gh/micheh/phpcs-gitlab/branch/master/graph/badge.svg)](https://codecov.io/gh/micheh/phpcs-gitlab)
+![Main workflow](https://github.com/micheh/phpcs-gitlab/actions/workflows/main.yml/badge.svg)
+[![codecov](https://codecov.io/github/micheh/phpcs-gitlab/graph/badge.svg?token=02FSF3TT0T)](https://codecov.io/github/micheh/phpcs-gitlab)
 
 
-This library adds a custom report to [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) (phpcs) to generate a codequality artifact, which can be used by Gitlab CI/CD.
-The custom report will be generated in the Code Climate format and allows Gitlab CI/CD to display the violations in the Code Quality report.
+This library adds a custom report to [PHP_CodeSniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer/) (phpcs) to generate a codequality artifact that can be used by GitLab CI/CD.
+The custom report is generated in Code Climate format and allows GitLab CI/CD to display the violations in the Code Quality report.
 
 ## Installation
 
@@ -16,26 +16,42 @@ Install this library using [Composer](https://getcomposer.org):
 composer require --dev micheh/phpcs-gitlab
 ```
 
-Then adjust your `.gitlab-ci.yml` to run PHP_CodeSniffer with the custom reporter and to gather the codequality artifacts:
+Then adjust your `.gitlab-ci.yml` to run PHP_CodeSniffer with the custom reporter and to collect the codequality artifacts:
 
 ```yaml
 phpcs:
-  script: vendor/bin/phpcs --report=emacs --report-\\Micheh\\PhpCodeSniffer\\Report\\Gitlab=phpcs-quality-report.json
+  script: vendor/bin/phpcs --report=full --report-\\Micheh\\PhpCodeSniffer\\Report\\Gitlab=phpcs-quality-report.json
   artifacts:
     reports:
       codequality: phpcs-quality-report.json
 ```
 
-The example above uses two reports, one to display in the build log (emacs) and one to generate the codequality artifact file in the Code Climate format.
+The example above uses two reports, one to display in the build log (full) and one to generate the codequality artifact file in Code Climate format.
 
-> **Note:** Gitlab currently does not support multiple codequality artifacts. 
-> You will not be able to display the violations of multiple tools (e.g. PHP Code Sniffer & PHPStan) in the Code Quality report.
+> **Note:** GitLab did not support multiple codequality artifacts before version 15.7. 
+> If you are using an earlier version of GitLab, you will not be able to see the violations from multiple tools (e.g. PHP Code Sniffer & PHPStan) in the Code Quality report.
 
+Inside the codequality artifact, GitLab expects relative paths to the files with violations. 
+To generate relative paths with PHP Code Sniffer, set the `basepath` argument in your `phpcs.xml.dist` configuration file with `<arg name="basepath" value="."/>` or run phpcs with `--basepath=.` (adjust the base path as needed).
+
+It is also possible to specify the reports to be used in the `phpcs.xml.dist` file:
+
+```xml
+<arg name="report" value="full"/>
+<arg name="report-\Micheh\PhpCodeSniffer\Report\Gitlab" value="phpcs-quality-report.json"/>
+```
+
+## Upgrade from version 1 to 2
+
+The usage of this package remains the same. 
+However, the calculation of the fingerprint has been updated and is now based on the content instead of the line number. 
+This has the advantage that lines with violations can move up or down and GitLab will not report them as new violations.
+When upgrading to version 2, it is likely that all violations will show up as changed once, since all fingerprints are new.
 
 ## References
 
-- [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer)
-- [Gitlab CI/CD Code Quality](https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html)
+- [PHP_CodeSniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer/)
+- [GitLab CI/CD Code Quality](https://docs.gitlab.com/ee/ci/testing/code_quality.html)
 - [Code Climate Specification](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types)
 
 

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "micheh/phpcs-gitlab",
-    "description": "Gitlab Report for PHP_CodeSniffer (display the violations in the Gitlab CI/CD Code Quality Report)",
+    "description": "GitLab Report for PHP_CodeSniffer (display the violations in the GitLab CI/CD Code Quality Report)",
     "type": "library",
     "license": "BSD-3-Clause",
     "authors": [
@@ -14,16 +14,17 @@
         "php_codesniffer",
         "gitlab",
         "code quality",
+        "code climate",
         "report"
     ],
     "minimum-stability": "stable",
     "require": {
         "ext-json": "*"
     },
     "require-dev": {
-        "phpunit/phpunit": "^9.0",
-        "squizlabs/php_codesniffer": "^3.5",
-        "vimeo/psalm": "^3.12"
+        "phpstan/phpstan": "^2.0",
+        "phpunit/phpunit": "^9.3 || ^10.0",
+        "squizlabs/php_codesniffer": "^3.5.0"
     },
     "autoload": {
         "psr-4": {

phpcs.xml.dist

@@ -15,4 +15,5 @@
 
     <file>src</file>
     <file>tests</file>
+    <exclude-pattern>tests/_files/*</exclude-pattern>
 </ruleset>

phpstan.neon.dist

@@ -0,0 +1,10 @@
+
+parameters:
+  level: 8
+  paths:
+    - src
+    - tests
+  excludePaths:
+    - tests/_files/
+  scanDirectories:
+    - vendor/squizlabs/php_codesniffer

phpunit.xml.dist

@@ -1,21 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
 <!-- https://phpunit.readthedocs.io/en/latest/configuration.html -->
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
          bootstrap="vendor/squizlabs/php_codesniffer/autoload.php"
-         colors="true"
-         forceCoversAnnotation="true"
->
-    <testsuites>
-        <testsuite name="Project Test Suite">
-            <directory>tests</directory>
-        </testsuite>
-    </testsuites>
+         colors="true">
+
+  <php>
+    <const name="PHP_CODESNIFFER_IN_TESTS" value="true"/>
+    <const name="PHP_CODESNIFFER_CBF" value="false"/>
+    <const name="PHP_CODESNIFFER_VERBOSITY" value="0"/>
+  </php>
+
+  <testsuites>
+    <testsuite name="Project Test Suite">
+      <directory>tests</directory>
+    </testsuite>
+  </testsuites>
 
-    <filter>
-        <whitelist processUncoveredFilesFromWhitelist="true">
-            <directory suffix=".php">src</directory>
-        </whitelist>
-    </filter>
+  <coverage processUncoveredFiles="true">
+    <include>
+      <directory suffix=".php">src</directory>
+    </include>
+  </coverage>
 </phpunit>

src/Report/Gitlab.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * @copyright Copyright (c) 2020, Michel Hunziker <info@michelhunziker.com>
+ * @copyright Copyright (c) 2025, Michel Hunziker <info@michelhunziker.com>
  * @license http://www.opensource.org/licenses/BSD-3-Clause The BSD-3-Clause License
  */
 
@@ -11,8 +11,12 @@
 
 use PHP_CodeSniffer\Files\File;
 use PHP_CodeSniffer\Reports\Report;
+use SplFileObject;
 
+use function count;
+use function is_string;
 use function md5;
+use function preg_replace;
 use function rtrim;
 use function str_replace;
 
@@ -21,20 +25,26 @@
 class Gitlab implements Report
 {
     /**
-     * @psalm-suppress ImplementedParamTypeMismatch PHP_CodeSniffer has a wrong docblock
+     * @param array{filename: string, errors: int, warnings: int, fixable: int, messages: array<mixed>} $report
      */
     public function generateFileReport($report, File $phpcsFile, $showSources = false, $width = 80)
     {
         $hasOutput = false;
+        $violations = [];
 
         foreach ($report['messages'] as $line => $lineErrors) {
-            foreach ($lineErrors as $column => $colErrors) {
+            $lineContent = $this->getContentOfLine($phpcsFile->getFilename(), $line);
+
+            foreach ($lineErrors as $col => $colErrors) {
                 foreach ($colErrors as $error) {
-                    $issue = [
+                    $fingerprint = md5($report['filename'] . $lineContent . $error['source']);
+
+                    $violations[$fingerprint][$line . $col] = [
                         'type' => 'issue',
                         'categories' => ['Style'],
                         'check_name' => $error['source'],
-                        'fingerprint' => md5($report['filename'] . $error['message'] . $line . $column),
+                        'fingerprint' => $fingerprint,
+                        'severity' => $error['type'] === 'ERROR' ? 'major' : 'minor',
                         'description' => str_replace(["\n", "\r", "\t"], ['\n', '\r', '\t'], $error['message']),
                         'location' => [
                             'path' => $report['filename'],
@@ -44,10 +54,19 @@ public function generateFileReport($report, File $phpcsFile, $showSources = fals
                             ]
                         ],
                     ];
+                }
+            }
+        }
 
-                    echo json_encode($issue, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ',';
-                    $hasOutput = true;
+        foreach ($violations as $fingerprints) {
+            $hasMultiple = count($fingerprints) > 1;
+            foreach ($fingerprints as $lineColumn => $issue) {
+                if ($hasMultiple) {
+                    $issue['fingerprint'] = md5($issue['fingerprint'] . $lineColumn);
                 }
+
+                echo json_encode($issue, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE) . ',';
+                $hasOutput = true;
             }
         }
 
@@ -67,4 +86,25 @@ public function generate(
     ) {
         echo '[' . rtrim($cachedData, ',') . ']' . PHP_EOL;
     }
+
+    /**
+     * @param string $filename
+     * @param int $line
+     * @return string
+     */
+    private function getContentOfLine($filename, $line)
+    {
+        $file = new SplFileObject($filename);
+
+        if (!$file->eof()) {
+            $file->seek($line - 1);
+            $contents = $file->current();
+
+            if (is_string($contents)) {
+                return (string) preg_replace('/\s+/', '', $contents);
+            }
+        }
+
+        return '';
+    }
 }