Bump dependencies & migrate psalm > phpstan

Author: tvdijen

.github/workflows/php.yml

@@ -14,53 +14,62 @@ on:  # yamllint disable-line rule:truthy
   workflow_dispatch:
 
 jobs:
+  phplinter:
+    name: 'PHP-Linter'
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version: ['8.3', '8.4', '8.5']
+
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.11.1
+    with:
+      php-version: ${{ matrix.php-version }}
+
   linter:
-    name: Linter
-    runs-on: ['ubuntu-latest']
+    name: 'Linter'
+    strategy:
+      fail-fast: false
 
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          # super-linter needs the full git history to get the
-          # list of files that changed across commits
-          fetch-depth: 0
-
-      - name: Lint Code Base
-        uses: super-linter/super-linter/slim@v8
-        env:
-          SAVE_SUPER_LINTER_OUTPUT: false
-          # To report GitHub Actions status checks
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LINTER_RULES_PATH: 'tools/linters'
-          LOG_LEVEL: NOTICE
-          VALIDATE_ALL_CODEBASE: true
-          VALIDATE_CSS: true
-          VALIDATE_JAVASCRIPT_ES: true
-          VALIDATE_JSON: true
-          VALIDATE_PHP_BUILTIN: true
-          VALIDATE_YAML: true
-          VALIDATE_XML: true
-          VALIDATE_GITHUB_ACTIONS: true
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_linter.yml@v1.11.1
+    with:
+      enable_eslinter: true
+      enable_jsonlinter: true
+      enable_stylelinter: true
+      enable_yamllinter: true
 
-  quality:
-    name: Quality control
-    runs-on: [ubuntu-latest]
+  unit-tests-linux:
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    runs-on: ${{ matrix.operating-system }}
+    needs: [linter, phplinter]
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-system: [ubuntu-latest]
+        php-versions: ['8.3', '8.4', '8.5']
 
     steps:
       - name: Setup PHP, with composer and extensions
-        id: setup-php
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          # Should be the higest supported version, so we can use the newest tools
-          php-version: '8.3'
-          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
-          # optional performance gain for psalm: opcache
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, pcre, posix, spl, xml
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl,\
+            pcre, posix, session, sodium, spl, xml
+          tools: composer
+          ini-values: error_reporting=E_ALL
+          coverage: pcov
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
+      - name: Setup problem matchers for PHPUnit
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
       - uses: actions/checkout@v6
 
       - name: Get composer cache directory
@@ -73,64 +82,61 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
-      - name: Validate composer.json and composer.lock
-        run: composer validate
-
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Check code for hard dependencies missing in composer.json
-        run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json
-
-      - name: Check code for unused dependencies in composer.json
-        run: composer-unused
-
-      - name: PHP Code Sniffer
-        run: phpcs
+      - name: Run unit tests with coverage
+        if: ${{ matrix.php-versions == '8.5' }}
+        run: vendor/bin/phpunit
 
-      - name: Psalm
-        continue-on-error: true
-        run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+      - name: Run unit tests (no coverage)
+        if: ${{ matrix.php-versions != '8.5' }}
+        run: vendor/bin/phpunit --no-coverage
 
-      - name: Psalm (testsuite)
-        run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+      - name: Save coverage data
+        if: ${{ matrix.php-versions == '8.5' }}
+        uses: actions/upload-artifact@v7
+        with:
+          name: coverage-data
+          path: ${{ github.workspace }}/build
 
-      - name: Psalter
-        run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+  unit-tests-windows:
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    runs-on: ${{ matrix.operating-system }}
+    needs: [linter, phplinter]
+    strategy:
+      fail-fast: true
+      matrix:
+        operating-system: [windows-latest]
+        php-versions: ['8.3', '8.4', '8.5']
 
-  security:
-    name: Security checks
-    runs-on: [ubuntu-latest]
     steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          # Should be the lowest supported version
-          php-version: '8.1'
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix,\
+            session, sodium, spl, xml
           tools: composer
+          ini-values: error_reporting=E_ALL
           coverage: none
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
+      - name: Setup problem matchers for PHPUnit
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
       - uses: actions/checkout@v6
 
       - name: Get composer cache directory
-        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV"
 
       - name: Cache composer dependencies
         uses: actions/cache@v5
@@ -140,49 +146,32 @@ jobs:
           restore-keys: ${{ runner.os }}-composer-
 
       - name: Install Composer dependencies
-        run: composer install --no-progress --prefer-dist --optimize-autoloader
-
-      - name: Security check for locked dependencies
-        run: composer audit
-
-      - name: Update Composer dependencies
-        run: composer update --no-progress --prefer-dist --optimize-autoloader
+        run: composer install --no-progress --prefer-dist --optimize-autoloader  --ignore-platform-req=ext-posix
 
-      - name: Security check for updated dependencies
-        run: composer audit
+      - name: Run unit tests
+        run: vendor/bin/phpunit --no-coverage
 
-  unit-tests-linux:
-    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
-    runs-on: ${{ matrix.operating-system }}
-    needs: [linter, quality, security]
-    strategy:
-      fail-fast: false
-      matrix:
-        operating-system: [ubuntu-latest]
-        php-versions: ['8.1', '8.2', '8.3']
+  quality:
+    name: Quality control
+    needs: [unit-tests-linux]
+    runs-on: [ubuntu-latest]
 
     steps:
       - name: Setup PHP, with composer and extensions
+        id: setup-php
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
-          tools: composer
-          ini-values: error_reporting=E_ALL
-          coverage: pcov
+          # Should be the higest supported version, so we can use the newest tools
+          php-version: '8.5'
+          tools: composer, composer-require-checker, composer-unused
+          # optional performance gain for psalm: opcache
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl,\
+            pcre, posix, session, sodium, spl, xml
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - name: Setup problem matchers for PHPUnit
-        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
-      - name: Set git to use LF
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.eol lf
-
       - uses: actions/checkout@v6
 
       - name: Get composer cache directory
@@ -195,60 +184,52 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Run unit tests with coverage
-        if: ${{ matrix.php-versions == '8.3' }}
-        run: vendor/bin/phpunit
+      - name: Check code for hard dependencies missing in composer.json
+        run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json
 
-      - name: Run unit tests (no coverage)
-        if: ${{ matrix.php-versions != '8.3' }}
-        run: vendor/bin/phpunit --no-coverage
+      - name: Check code for unused dependencies in composer.json
+        run: composer-unused
 
-      - name: Save coverage data
-        if: ${{ matrix.php-versions == '8.3' }}
-        uses: actions/upload-artifact@v7
-        with:
-          name: coverage-data
-          path: ${{ github.workspace }}/build
+      - name: PHP Code Sniffer
+        run: vendor/bin/phpcs
 
-  unit-tests-windows:
-    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
-    runs-on: ${{ matrix.operating-system }}
-    needs: [linter, quality, security]
-    strategy:
-      fail-fast: true
-      matrix:
-        operating-system: [windows-latest]
-        php-versions: ['8.1', '8.2', '8.3']
+      - name: PHPStan
+        run: |
+          vendor/bin/phpstan analyze -c phpstan.neon
+
+      - name: PHPStan (testsuite)
+        run: |
+          vendor/bin/phpstan analyze -c phpstan-dev.neon
 
+  security:
+    name: Security checks
+    needs: [unit-tests-linux]
+    runs-on: [ubuntu-latest]
     steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+          # Should be the lowest supported version
+          php-version: '8.3'
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl,\
+            pcre, posix, session, sodium, spl, xml
           tools: composer
-          ini-values: error_reporting=E_ALL
           coverage: none
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - name: Setup problem matchers for PHPUnit
-        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
-      - name: Set git to use LF
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.eol lf
-
       - uses: actions/checkout@v6
 
       - name: Get composer cache directory
-        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV"
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
 
       - name: Cache composer dependencies
         uses: actions/cache@v5
@@ -258,10 +239,16 @@ jobs:
           restore-keys: ${{ runner.os }}-composer-
 
       - name: Install Composer dependencies
-        run: composer install --no-progress --prefer-dist --optimize-autoloader  --ignore-platform-req=ext-posix
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Run unit tests
-        run: vendor/bin/phpunit --no-coverage
+      - name: Security check for locked dependencies
+        run: composer audit
+
+      - name: Update Composer dependencies
+        run: composer update --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Security check for updated dependencies
+        run: composer audit
 
   coverage:
     name: Code coverage

composer.json

@@ -37,16 +37,16 @@
         }
     },
     "require": {
-        "php": "^8.1",
+        "php": "^8.3",
 
-        "guzzlehttp/guzzle": "^7.8",
-        "simplesamlphp/assert": "^1.0",
-        "surfnet/yubikey-api-client": "^2.3",
-        "symfony/http-foundation": "^6.4"
+        "guzzlehttp/guzzle": "^7.10",
+        "simplesamlphp/assert": "^2.0",
+        "surfnet/yubikey-api-client": "^2.4",
+        "symfony/http-foundation": "^7.4"
     },
     "require-dev": {
-        "simplesamlphp/simplesamlphp": "^2.2",
-        "simplesamlphp/simplesamlphp-test-framework": "^1.7"
+        "simplesamlphp/simplesamlphp": "^2.5@dev",
+        "simplesamlphp/simplesamlphp-test-framework": "^1.11"
     },
     "support": {
         "issues": "https://github.com/simplesamlphp/simplesamlphp-module-authyubikey/issues",

phpstan-dev.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 9
+  paths:
+    - tests

phpstan.neon

@@ -0,0 +1,4 @@
+parameters:
+  level: 6
+  paths:
+    - src