Introduction of phpstan #57
Conversation
switch to syde/phpcs.
…cast in Package::new().
…stan-deprecation-rules".
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #57 +/- ##
============================================
- Coverage 98.84% 98.54% -0.30%
Complexity 251 251
============================================
Files 10 10
Lines 607 620 +13
============================================
+ Hits 600 611 +11
- Misses 7 9 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Co-authored-by: Thorsten Frommen <[email protected]> Signed-off-by: Christian Leucht <[email protected]>
…andards back to inpsyde/php-coding-standards.
…ipts"-section to use phpstan instead of psalm.
…pe,psalm-type with correct phpstan-* .github/workflows/*, README.md, .gitattributes // replaced psalm with phpstan
…string value as return.
Co-authored-by: Thorsten Frommen <[email protected]> Signed-off-by: Christian Leucht <[email protected]>
Co-authored-by: Thorsten Frommen <[email protected]> Signed-off-by: Christian Leucht <[email protected]>
Co-authored-by: Thorsten Frommen <[email protected]> Signed-off-by: Christian Leucht <[email protected]>
| "phpstan/phpstan": "^2.1.1", | ||
| "phpstan/phpstan-mockery": "^2.0.0", | ||
| "phpstan/phpstan-phpunit": "^2.0.4", | ||
| "szepeviktor/phpstan-wordpress": "^2", |
There was a problem hiding this comment.
I'm not a fan of this thing. This is designed to make PHPStan pass more easily, not to make the code safer. Take this example:
function filterTitle(string $title): string
{
/**
* @param string $title Page title.
*/
return apply_filters('list_pages', $title);
} Using that plugin, this passes as-is. Nice! Nice?
What if you have code that does:
add_filter('list_pages', '__return_zero');Now, the filterTitle() function will return an integer, with string declared as the return type, resulting in a fatal error that the static analysis did not catch.
One might say that the culprit is the add_filter that returned an integer where a string was expected. And that is true but was static analysis able to tell whoever wrote that add_filter they were doing something wrong? No, not at all.
In short, the behavior above is clearly a logic mistake that a static analysis could catch, but using that plugin, it is hiding from us.
Without using that plugin, PHPStan would report an error on filterTitle, telling that it returns mixed where a string is expected. That might be annoying but it is the absolute truth. apply_filters makes our function return mixed, and if we use a plugin to "mock" it returns a string, then we are not working to make our code better, we are just making the tool happy hiding a whole set of errors.
The goal is not to have the CI green; the goal is to catch possible errors. Otherwise, for our unit tests, we could use a tool like https://github.com/hugues-m/phpunit-vw to ensure we never have failing tests, right?
If you don't have that plugin, you have two possibilities. Either you do something like this:
function filterTitle(string $title): string
{
$filtered = apply_filters('list_pages', $title);
return is_string($filtered) ? $filtered : $title;
} Or you do:
function filterTitle(string $title): string
{
$filtered = apply_filters('list_pages', $title);
assert(is_string($filtered));
return $filtered;
} In the first case, you are aiming at stability and defensiveness. Which is great for public APIs.
In the second case, you are making it explicit that you're trusting the filter consumers. This has the same net effect of using the PHPStan plugin (if someone returns an integer from the filter, it breaks) but:
- it is explicit
- forces the developer to think about it and decide to opt for this or for the defensive path
Having a tool that hides all of that from you, might look nice at first because the checks pass more easily, but that is not the goal, right?
There was a problem hiding this comment.
This is fine for me.
I left a comment regarding the usage of the worpdress-phpstan plugin which, in general, I think is not a great idea.
However that plugin does more than one thing, and if we remove it then we have to have other things in place (e.g. our stubs).
I expect the impact on this specific codebase is minimal, so I don't think is much important here, but I think that is worth a discussion about it when we are bringing PHPStan as our tool of choice for all our codebase and not just here.
Please check if the PR fulfills these requirements
What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
This PR will replace "phpcs" with "phpstan" (level 8!) and adds additional extensions for
phpstan/phpstan-deprecation-rules´ andswissspidy/phpstan-no-private`.