PHPStan is a good addition to our QA toolkit and with improvements PHPStan has made over the years is now a viable tool for us to use (previously it would give way too many false positives).
This commit:
Adds a separate job to the basics workflow in GH Actions.
Notes:
I've not added PHPStan to the Composer dependencies for two reasons:
It doesn't allow for installation on PHP < 7.2, which would break/block the composer install for our test runs.
It would add dependencies which could conflict/cause problems for our test runs due to those defining token constants too.
Phive could potentially be used to still have a setup which can be used locally, but just running locally from a PHPStan PHAR file should work just fine.
For CI, PHPStan will be installed as a PHAR file by setup-php now.
This does carry a risk if PHPStan would make breaking changes or if a new release adds rules for the levels being scanned as, in that case, builds could unexpectedly start failing.
Fixing the version for the setup-php action installs to the current release 1.10.32 could prevent that, but that adds an additional maintenance burden of having to keep updating the version as PHPStan releases pretty often.
So, for now, I've elected to run the risk of random failures. If and when those start happening, this should be re-evaluated.
The PHP version for the CI run is set to PHP 7.4 to prevent PHPStan throwing some errors/notices related to the outdated PHPUnit version being used.
Adds a configuration file for PHPStan.
Notes:
PHPStan needs to know about the dependencies (PHPCS et al), so I'm (re-)using the bootstrap file for the tests to load the PHPCS autoloader and register the standard with the PHPCS autoloader as adding an autoload directive to the composer.json file would cause problems with the PHPCS autoloader.
PHPStan flags type checks on properties with a documented type, while without strict_types we cannot always be sure the properties set will be of the correct type. For that reason, I've set treatPhpDocTypesAsCertain to false (which silences those notices).
I've gone through the scan results up to level 6 with a fine toothcomb and fixed what was reasonable to fix and ignored those things which should not be fixed.
Adds the configuration file to .gitattributes and the typical overload file for the configuration file to .gitignore.
PHPStan is a good addition to our QA toolkit and with improvements PHPStan has made over the years is now a viable tool for us to use (previously it would give way too many false positives).
This commit:
basics
workflow in GH Actions. Notes:composer install
for our test runs.setup-php
now. This does carry a risk if PHPStan would make breaking changes or if a new release adds rules for the levels being scanned as, in that case, builds could unexpectedly start failing. Fixing the version for thesetup-php
action installs to the current release1.10.32
could prevent that, but that adds an additional maintenance burden of having to keep updating the version as PHPStan releases pretty often. So, for now, I've elected to run the risk of random failures. If and when those start happening, this should be re-evaluated.autoload
directive to thecomposer.json
file would cause problems with the PHPCS autoloader.strict_types
we cannot always be sure the properties set will be of the correct type. For that reason, I've settreatPhpDocTypesAsCertain
tofalse
(which silences those notices)..gitattributes
and the typical overload file for the configuration file to.gitignore
.Refs: