psalm fails during Github actions due to XML config error

[sirbrillig]

Recently, when Github actions runs psalm, it has an error:

> ./vendor/bin/psalm --no-cache
PHP Fatal error:  Uncaught Psalm\Exception\ConfigException: Error parsing file /home/runner/work/phpcs-variable-analysis/phpcs-variable-analysis/ on line 9: Element '{https://getpsalm.org/schema/config}psalm': No matching global declaration available for the validation root.
 in /home/runner/work/phpcs-variable-analysis/phpcs-variable-analysis/vendor/vimeo/psalm/src/Psalm/Config.php:215

I'm not sure why this happens but one clue is the version of psalm being used:

  - Installing vimeo/psalm (0.3.14): Extracting archive

Considering this is running in PHP 8.3.13, it's strange that we're getting version 0.3 instead of version 5.21. 🙃

Note that psalm runs just fine (from composer static-analysis) in my local install. This is only happening in github actions.

A full example of this can be seen here: https://github.com/sirbrillig/phpcs-variable-analysis/actions/runs/11884238927/job/33112139346

[sirbrillig]

@jrfnl no urgency but you have a lot more experience with Github actions and composer dependencies than I do; any ideas?

[jrfnl]

@sirbrillig Short answer: PHPUnit requires PHP Parser 5.x, while Psalm doesn't support that yet and as Psalm in a distant past had their version requirements too loosey, this results in v 0.3.14 being installed.

Oh and I can reproduce this locally without any problems too.

Have a look at: https://packagist.org/packages/vimeo/psalm

https://packagist.org/packages/vimeo/psalm#0.3.14
- php: >=5.5
- nikic/php-parser: >=3.0.2

https://packagist.org/packages/vimeo/psalm#0.3.15
- php: ^5.5 || ^7.0
- nikic/php-parser: ^3.0.2

https://packagist.org/packages/vimeo/psalm#5.26.1
- php: ^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0
- nikic/php-parser: ^4.17

And if you run:

composer why nikic/php-parser

You'll see this as a reply:

phpunit/php-code-coverage 11.0.7 requires nikic/php-parser (^5.3.1)
sebastian/complexity      4.0.1  requires nikic/php-parser (^5.0)
sebastian/lines-of-code   3.0.1  requires nikic/php-parser (^5.0)
vimeo/psalm               0.3.14 requires nikic/php-parser (>=3.0.2)

I can think of two possible ways to solve this, but haven't tested either:

• Restrict PHPUnit to a version which requires PHP Parser 4.x.
• Split the static-analysis job in the csqa.yml workflow into two separate jobs, one for PHPStan, one for Psalm. And then in the Psalm one, do a composer remove --dev phpunit/phpunit --no-update before running the Composer install. Not sure how well Psalm will run without having access to PHPUnit, but at least it should install a much more recent version.