Skip to content

Backgrounds

How-to Guides

Technical References

Customize the VIP Code Analysis Bot

The VIP Code Analysis Bot can be customized by adding configuration options to a JSON file named .vipgoci_options. The .vipgoci_options file must be created at the root of a relevant repository.

The contents of .vipgoci_options can be unique to each branch in a repository, including working branches. The.vipgoci_options file that exists in the branch being analyzed is the one that will be applied.

This file must contain a valid JSON string in order to work as expected; if the file is not parsable, it will be ignored.

Multiple options can be configured within one .vipgoci_options file, combined into one JSON string. Configuring all of the options is not required. It is recommended to only configure the options needed and nothing else. 

The options outlined below run during a Bot’s analysis at their default settings unless configured otherwise in .vipgoci_options.

post-generic-pr-support-comments

Default value: true

By default, the Bot posts a support message to new pull requests explaining what it does as well as what to expect next. Setting this option to false will disable these messages.

{“post-generic-pr-support-comments”: false}

skip-execution

Caution

VIP does not recommend disabling the VIP Code Analysis Bot unless an alternative code analysis package has been enabled. 

Default value: false

Setting this option to true will disable analysis by the Bot entirely for all pull requests.

{“skip-execution”: true}

skip-draft-prs

Default value: false

The Bot analyzes GitHub draft pull requests by default. To disable Bot analysis of draft pull requests set this option to true:

{“skip-draft-prs”:true}

When a pull request is switched from draft mode to review mode, a new commit is required to trigger a Bot analysis for the pull request.

review-comments-include-severity

Default value: true

By default the Bot displays severity of issues in feedback. When set to false, issues identified by the Bot will be reported but their severity will not be displayed.

{“review-comments-include-severity”: false}

review-comments-sort

Default value: true

By default, the Bot sorts identified issues by severity, highest to lowest, before posting the feedback. Setting this option to false will disable a predictable sorting order for reported issues.

{“review-comments-sort”: false}

phpcs

Default value: true

PHPCS analysis is one of many types of analysis performed by the Bot. Setting this option to false will disable PHPCS scanning, but leave all other analysis (e.g., PHP linting) enabled. 

{“phpcs”: false}

phpcs-severity

Note

The PHPCS severity level should not be adjusted unless this option is fully understood and the implications of its use are clear. By increasing the severity level of feedback returned, important feedback can be missed.

Accepted values: numerical integer value between 1 and 10
Default value: 1

A more detailed explanation of errors and warnings for each severity level is available for interpreting PHPCS feedback.

{"phpcs-severity":2}

Enabling or disabling PHPCS sniffs

Note

By disabling any PHPCS sniffs, important feedback can be missed.

VIP’s PHPCS standards evolve and so PHPCS sniffs might be added, renamed or removed.

The set of sniffs performed by PHPCS can be customized by enabling or disabling individual sniffs. When configuring sniffs, names of PHPCS sniffs must be specified precisely. The Bot will post an error message to the pull request if the configuration of the PHPCS sniffs are incorrect.

If PHPCS is installed locally, this command can be run to return a full list of enabled PHPCS sniffs:

phpcs --standard=WordPress-VIP-Go,PHPCompatibilityWP -e

phpcs-sniffs-include

Accepted values: string

Specify one or more sniffs with this option in order to enable them. This is in addition to the PHPCS sniffs already enabled by the PHPCS standards that VIP uses.

{"phpcs-sniffs-include":["Generic.Commenting.DocComment","Generic.Files.LineLength"]}

phpcs-sniffs-exclude

Accepted values: string

Specify one or more sniffs with this option in order to disable them.

{“phpcs-sniffs-exclude”:[“WordPressVIPMinimum.Security.Twig”]}

svg-checks

Default value: true

Setting this option to false will disable the Bot’s SVG file analysis.

{“svg-checks”: false}

Adjusting auto approvals

Options that can be set to modify the Bot’s auto approval functionality:

autoapprove

Default value: true

Set this option to false to disable auto approvals by the Bot.

autoapprove-php-nonfunctional-changes

Default value: true

PHP changes that do not affect functionality such as whitespacing or comments are considered as non-functional changes. Setting this option to false will disable auto approvals for non-functional changes.

hashes-api

Default value: true

By default, the Bot checks if the code being analyzed exists is in a database of already approved code (database consists only of file hashes, not code). Set this option to false to disable this check.

Last updated: October 08, 2021