Customize the VIP Code Analysis Bot
The VIP Code Analysis Bot can be customized by adding configuration options to a JSON file named .vipgoci_options. The .vipgoci_options file must be created at the root of a relevant repository.
The contents of .vipgoci_options can be unique to each branch in a repository, including working branches. The .vipgoci_options file that exists in the branch being analyzed is the one that will be applied.
This file must contain a valid JSON string in order to work as expected; if the file is not parsable, it will be ignored.
Multiple options can be configured within one .vipgoci_options file, combined into one JSON string. Configuring all of the options is not required. It is recommended to only configure the options needed and nothing else.
The options outlined below run during a Bot’s analysis at their default settings unless configured otherwise in .vipgoci_options.
Adjust auto approvals
Options that can be set to modify the Bot’s auto approval functionality:
autoapprove
Default value: true
Set this option to false disables auto approvals by the Bot.
autoapprove-php-nonfunctional-changes
Default value: true
PHP changes that do not affect functionality such as whitespacing or comments are considered as non-functional changes. Setting this option to false will disable auto approvals for non-functional changes.
Enable or disable PHPCS sniffs
Note
By disabling any PHPCS sniffs, important feedback can be missed.
VIP’s PHPCS standards evolve and so PHPCS sniffs might be added, renamed or removed.
The set of sniffs performed by PHPCS can be customized by enabling or disabling individual sniffs. When configuring sniffs, names of PHPCS sniffs must be specified precisely. The Bot will post an error message to the pull request if the configuration of the PHPCS sniffs are incorrect.
If PHPCS is installed locally, this command can be run to return a full list of enabled PHPCS sniffs:
phpcs --standard=WordPress-VIP-Go,PHPCompatibilityWP -ephpcs-sniffs-include
Accepted values: string
Specify one or more sniffs with this option in order to enable them. This is in addition to the PHPCS sniffs already enabled by the PHPCS standards that VIP uses.
{"phpcs-sniffs-include":["Generic.Commenting.DocComment","Generic.Files.LineLength"]}phpcs-sniffs-exclude
Accepted values: string
Specify one or more sniffs with this option in order to disable them.
{"phpcs-sniffs-exclude":["WordPressVIPMinimum.Security.Twig"]}Modify comment and message behavior
post-generic-pr-support-comments
Default value: true
By default, the Bot posts a support message to new pull requests explaining what it does as well as what to expect next. Setting this option to false will disable these messages.
{"post-generic-pr-support-comments": false}report-no-issues-found
Default value: true
By default the Bot will publish a comment when no issues or no further issues were found. This comment will not be published if this option is set to false.
review-comments-include-severity
Default value: true
By default the Bot displays severity of issues in feedback. When set to false, issues identified by the Bot will be reported but their severity will not be displayed.
{"review-comments-include-severity": false}review-comments-sort
Default value: true
By default, the Bot sorts identified issues by severity, highest to lowest, before posting the feedback. Setting this option to false will disable a predictable sorting order for reported issues.
{"review-comments-sort": false}scan-details-msg-include
Default value: true
By default the Bot will include a few details in reviews submitted and other messaging about the scan itself, versions of software used, options altered and so forth. These details will not be posted if this option is set to false.
skip-execution
Caution
VIP does not recommend disabling the VIP Code Analysis Bot unless an alternative code analysis package has been enabled.
Default value: false
Setting this option to true will disable analysis by the Bot entirely for all pull requests.
{"skip-execution": true}skip-draft-prs
Default value: false
The Bot analyzes GitHub draft pull requests by default. To disable Bot analysis of draft pull requests set this option to true:
{"skip-draft-prs":true}When a pull request is switched from draft mode to review mode, a new commit is required to trigger a Bot analysis for the pull request.
phpcs
Default value: true
PHPCS analysis is one of many types of analysis performed by the Bot. Setting this option to false will disable PHPCS scanning, but leave all other analysis (e.g., PHP linting) enabled.
{"phpcs": false}phpcs-severity
Note
The PHPCS severity level should not be adjusted unless this option is fully understood and the implications of its use are clear. By increasing the severity level of feedback returned, important feedback can be missed.
Accepted values: numerical integer value between 1 and 10
Default value: 1
A more detailed explanation of errors and warnings for each severity level is available for interpreting PHPCS feedback.
{"phpcs-severity":2}svg-checks
Default value: true
Setting this option to false will disable the Bot’s SVG file analysis.
{"svg-checks": false}lint-modified-files-only
Default value: true
By default, the Bot only analyzes the modified files in a pull request. Setting this option to false will modify this behavior and require the VIP Code Analysis Bot’s PHP linter to scan the entire Git repository in a pull request.
{"lint-modified-files-only": false}wpscan-api
Default value: true
Setting this option to false will disable the Bot’s Vulnerability and Update Scan.
{"wpscan-api": false}Last updated: January 05, 2024