ci: add PHPStan and run it in CI for static analysis

thephpleague · Dec 18, 2024 · cc5e8cb · cc5e8cb
1 parent 8069ff9
commit cc5e8cb
Show file tree

Hide file tree

Showing 31 changed files with 268 additions and 108 deletions.
diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -27,20 +27,14 @@ jobs:
 
   lint:
     name: "Lint"
-    needs: ["coding-standards", "coverage"]
     runs-on: "ubuntu-latest"
-    strategy:
-      fail-fast: true
-      matrix:
-        php-version: [ '8.1', '8.2', '8.3', '8.4' ]
     steps:
       - uses: "actions/checkout@v4"
       - uses: "shivammathur/setup-php@v2"
         with:
-          php-version: "${{ matrix.php-version }}"
+          php-version: "latest"
           coverage: "none"
-          ini-values: "memory_limit=-1, zend.assertions=1, error_reporting=-1, display_errors=On"
-          tools: "composer:v2"
+          tools: "composer"
       - uses: "ramsey/composer-install@v3"
       - name: "Lint the PHP source code"
         run: "./vendor/bin/parallel-lint src test"
@@ -60,19 +54,33 @@ jobs:
       - name: "Check coding standards"
         run: "./vendor/bin/phpcs"
 
+  static-analysis:
+    name: "Static Analysis"
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: "actions/checkout@v4"
+      - uses: "shivammathur/setup-php@v2"
+        with:
+          php-version: "latest"
+          coverage: "none"
+          ini-values: "memory_limit=-1"
+          tools: "composer"
+      - uses: "ramsey/composer-install@v3"
+      - name: "Analyze code for errors"
+        run: "./vendor/bin/phpstan"
+
   coverage:
     name: "Coverage"
+    needs: ["coding-standards", "lint", "static-analysis"]
     runs-on: "ubuntu-latest"
     steps:
       - uses: "actions/checkout@v4"
       - uses: "shivammathur/setup-php@v2"
         with:
           php-version: "latest"
-          coverage: "pcov"
+          coverage: "xdebug"
           ini-values: "memory_limit=-1, zend.assertions=1, error_reporting=-1, display_errors=On"
           tools: "composer"
-      - name: "Prepare for tests"
-        run: "mkdir -p build/logs"
       - uses: "ramsey/composer-install@v3"
       - name: "Run unit tests"
         run: "./vendor/bin/phpunit --colors=always --coverage-clover build/logs/clover.xml --coverage-text"
@@ -81,7 +89,7 @@ jobs:
 
   unit-tests:
     name: "Unit Tests"
-    needs: ["lint"]
+    needs: ["coverage"]
     runs-on: "ubuntu-latest"
     strategy:
       fail-fast: true
@@ -95,8 +103,6 @@ jobs:
           coverage: "none"
           ini-values: "memory_limit=-1, zend.assertions=1, error_reporting=-1, display_errors=On"
           tools: "composer"
-      - name: "Prepare for tests"
-        run: "mkdir -p build/logs"
       - uses: "ramsey/composer-install@v3"
       - name: "Run unit tests"
         run: "./vendor/bin/phpunit --colors=always --no-coverage"
diff --git a/composer.json b/composer.json
@@ -37,6 +37,10 @@
         "guzzlehttp/guzzle": "^7.4.5",
         "mockery/mockery": "^1.6",
         "php-parallel-lint/php-parallel-lint": "^1.4",
+        "phpstan/extension-installer": "^1.4",
+        "phpstan/phpstan": "^2.0",
+        "phpstan/phpstan-mockery": "^2.0",
+        "phpstan/phpstan-phpunit": "^2.0",
         "phpunit/phpunit": "^10.5 || ^11.5",
         "ramsey/coding-standard": "^2.2",
         "squizlabs/php_codesniffer": "^3.11"
@@ -54,17 +58,20 @@
     "config": {
         "allow-plugins": {
             "dealerdirect/phpcodesniffer-composer-installer": true,
-            "ergebnis/composer-normalize": true
+            "ergebnis/composer-normalize": true,
+            "phpstan/extension-installer": true
         },
         "sort-packages": true
     },
     "scripts": {
+        "analyze": "phpstan analyze --memory-limit=1G",
         "cs": "phpcs",
         "cs-fix": "phpcbf",
         "lint": "parallel-lint src test",
         "test": [
             "@lint",
             "@cs",
+            "@analyze",
             "phpunit --no-coverage"
         ]
     },

diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -0,0 +1,6 @@
+parameters:
+    level: max
+    treatPhpDocTypesAsCertain: false
+    paths:
+        - src
+        - test
diff --git a/src/Grant/GrantFactory.php b/src/Grant/GrantFactory.php
@@ -19,7 +19,10 @@
 
 use League\OAuth2\Client\Grant\Exception\InvalidGrantException;
 
+use function gettype;
 use function is_object;
+use function is_scalar;
+use function is_string;
 use function is_subclass_of;
 use function sprintf;
 use function str_replace;
@@ -83,9 +86,15 @@ protected function registerDefaultGrant(string $name)
      * Determines if a variable is a valid grant.
      *
      * @return bool
+     *
+     * @phpstan-assert-if-true class-string<AbstractGrant> | AbstractGrant $class
      */
     public function isGrant(mixed $class)
     {
+        if (!is_string($class) && !is_object($class)) {
+            return false;
+        }
+
         return is_subclass_of($class, AbstractGrant::class);
     }
 
@@ -95,14 +104,21 @@ public function isGrant(mixed $class)
      * @return void
      *
      * @throws InvalidGrantException
+     *
+     * @phpstan-assert class-string<AbstractGrant> | AbstractGrant $class
      */
     public function checkGrant(mixed $class)
     {
         if (!$this->isGrant($class)) {
-            throw new InvalidGrantException(sprintf(
-                'Grant "%s" must extend AbstractGrant',
-                is_object($class) ? $class::class : $class,
-            ));
+            if (is_object($class)) {
+                $type = $class::class;
+            } elseif (is_scalar($class)) {
+                $type = $class;
+            } else {
+                $type = gettype($class);
+            }
+
+            throw new InvalidGrantException(sprintf('Grant "%s" must extend AbstractGrant', $type));
         }
     }
 }
diff --git a/src/OptionProvider/HttpBasicAuthOptionProvider.php b/src/OptionProvider/HttpBasicAuthOptionProvider.php
@@ -20,6 +20,7 @@
 use InvalidArgumentException;
 
 use function base64_encode;
+use function is_string;
 use function sprintf;
 
 /**
@@ -30,14 +31,20 @@
 class HttpBasicAuthOptionProvider extends PostAuthOptionProvider
 {
     /**
+     * @return array{headers: array{content-type: string, Authorization: string}, body?: string}
+     *
      * @inheritdoc
      */
-    public function getAccessTokenOptions($method, array $params)
+    public function getAccessTokenOptions(string $method, array $params): array
     {
         if (!isset($params['client_id']) || !isset($params['client_secret'])) {
             throw new InvalidArgumentException('clientId and clientSecret are required for http basic auth');
         }
 
+        if (!is_string($params['client_id']) || !is_string($params['client_secret'])) {
+            throw new InvalidArgumentException('clientId and clientSecret must be string values');
+        }
+
         $encodedCredentials = base64_encode(sprintf('%s:%s', $params['client_id'], $params['client_secret']));
         unset($params['client_id'], $params['client_secret']);
 

diff --git a/src/OptionProvider/PostAuthOptionProvider.php b/src/OptionProvider/PostAuthOptionProvider.php
@@ -28,9 +28,11 @@ class PostAuthOptionProvider implements OptionProviderInterface
     use QueryBuilderTrait;
 
     /**
+     * @return array{headers: array{content-type: string}, body?: string}
+     *
      * @inheritdoc
      */
-    public function getAccessTokenOptions($method, array $params)
+    public function getAccessTokenOptions(string $method, array $params): array
     {
         $options = ['headers' => ['content-type' => 'application/x-www-form-urlencoded']];