Add PHPStan static analysis at level 0#1180
Open
utkarshcloudinary wants to merge 4 commits into
Open
Conversation
Set up PHPStan 2.x with szepeviktor/phpstan-wordpress and stub packages
(wp-cli, woocommerce) plus minimal hand-written stubs for the optional
WPML and WordPress VIP symbols the plugin references.
Fix all level-0 findings in code rather than baselining them:
- Filters mistakenly registered with add_action (return value silently
discarded): wp_resource_hints, http_request_args, template_include,
cloudinary_build_queue_query, cloudinary_thread_queue_details_query.
- Incorrect $accepted_args counts on several hook registrations.
- Class-case bugs: SYNC -> Sync, media_status -> Media_Status.
- Missing return paths in File_System::get_file_src_root() and
Component::render().
- Guard $old_meta against a false return before unset; drop redundant
dead-code unset of srcset.
- Replace defined('DOING_AJAX') && DOING_AJAX with wp_doing_ajax().
- Normalize non-standard hook docblocks (@param $name {type}) to valid
PHPDoc and add @method annotations for Component magic methods.
The only suppressed check is HookCallbackRule's 'action callback should
not return anything', which is too strict for dual-purpose methods; its
argument-count checks remain active.
phpcs excludes tests/phpstan/stubs/ since stub files intentionally
mirror third-party API shapes.
Run with: composer phpstan
Adds a PHPStan job to CI so the level-0 analysis is enforced on every push and pull request. Runs once on PHP 8.3 (static analysis does not need the full PHP version matrix) via 'composer phpstan'.
Set a project-relative tmpDir so PHPStan's result cache persists at .phpstan-cache, cache it in CI keyed on composer.lock + phpstan config, and gitignore it locally. Warm runs reuse the cache (~20x faster: ~17s cold vs <1s warm), with correct content-based invalidation when source files change.
The lock had php-stubs/woocommerce-stubs resolved as dev-master (9999999-dev), which did not satisfy the ^9.0 constraint in composer.json and broke 'composer install' in CI. Update the lock to v9.9.5 so the constraint is satisfied.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds PHPStan static analysis to the project.
Approach
szepeviktor/phpstan-wordpressat level 0, run viacomposer phpstan.php-stubs/wp-cli-stubs,php-stubs/woocommerce-stubs) and minimal hand-written stubs undertests/phpstan/stubs/for the optional WPML and WordPress VIP symbols the plugin references (no official stub packages exist for those).add_action, so their return value was silently discarded:wp_resource_hints,http_request_args,template_include(broke the debug-view template swap),cloudinary_build_queue_query,cloudinary_thread_queue_details_query.$accepted_argscounts on several hook registrations.SYNC→Sync,media_status→Media_Status.File_System::get_file_src_root()andComponent::render().$old_metacould befalsebeforeunset; removed a redundant dead-codeunsetofsrcset.defined( 'DOING_AJAX' ) && DOING_AJAXwithwp_doing_ajax().@param $name {type}) to valid PHPDoc and added@methodannotations for theComponentmagic methods.HookCallbackRule's "action callback should not return anything", which is too strict for dual-purpose methods that are both called directly and registered on a real action; its argument-count checks remain active.PHPStanjob (PHP 8.3, runs once) and cached PHPStan's result cache for fast subsequent runs (~17s cold → <1s warm).phpcsexcludestests/phpstan/stubs/since stub files intentionally mirror third-party API shapes.QA notes
composer installthencomposer phpstan— it should report[OK] No errors.composer phpstanagain should complete in well under a second).wp_resource_hints) still output on the front end.CLD_DEBUGenabled, the debug view template replacement still works (template_include).