Infection VS Deptrac

Obviously, we can not generate mutants manually. For that purpose, there are mutation testing utilities. For PHP, we have Infection.

Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit

Infection: PHP Mutation Testing library. Plugins: roave/infection-static-analysis-plugin: Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis bitexpert/captainhook-infection: Captain Hook Plugin to run InfectionPHP only against the changed files of a commit

If you want to enforce testing automatically probably the best option is to rely on mutation testing, using Infection. That doesn't just check that the tests cover the code, it checks that if the code was different to what it is then the tests would (usually) fail.

IMO code coverage is a very flawed metric on its own. A high percentage doesn't guarantee that the tests actually test the right things, and it would be much more efficient if mutation testing was used (e.g. Infection). It still uses the generated code coverage reports, but only as a base for its own metrics.

For your last edit - you can also add infection which will infect your code with other values, like if you expect a positive number, it will try and inject a negative number - and see what happens - does your code break everything or something. Also it will try to inject false where you might expect a true and many many other things, and yes you will get some weird results from infection, but its a good thing to look at, and atleast check the logs and see why the infection failed at a test.

The only one that I've used is infection for PHP.

That's practically a light form of mutant testing. Have you checked Infection?

Deptrac

Deptrac: Keep your architecture clean.

So far I've found some tools which I could piece together to accomplish enforcing module boundaries, probably run as part of an automated github action. - https://github.com/qossmic/deptrac Uses YAML to define any boundary, you can also use @internal to hide implementation classes. Seems like a good way to achieve what I want.

How about https://qossmic.github.io/deptrac/ ?

>I wonder: Is automatic DI even helpful? You save some lines of boilerplate but sacrifice control over the initialization-order and get a flat, messy, implicit dependency graph

Initialization order doesn't matter if your services are stateless. At least in our codebase, all of them are stateless, as it greatly simplifies reasoning about concurrent code (both in-process and between servers). Yes, it's easy to end up with a very a convoluted dependency graph under the hood, but I don't think it's a problem you really should care about. I mean, your code most likely already compiles to a very convoluted mess of machine code under the hood (with all the optimizations, ABI quirks etc.) and I doubt it matters to you much, as long as it does its job well and doesn't hinder your productivity.

If you are talking about messy dependency graphs from the architectural standpoint (someone can easily add a dependency in the constructor without thinking about the consequences), we use deptrac for our PHP monolith which can validate your architecture is clean at build time [0]

However, for our microservices written in Go, we decided to use manual DI to stimulate developers to prefer simpler design, otherwise our microservices could quickly turn to monoliths again.

[0] https://github.com/qossmic/deptrac

Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects.