Qual: Add phan

.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: "CI"
+
+on: [push, pull_request]
+jobs:
+  #pre-commit:
+  #  if: false
+  #  uses: ./.github/workflows/pre-commit.yml
+  #  secrets: inherit
+  #  with:
+  #    gh_event: ${{ github.event_name }}
+  phan:
+    uses: ./.github/workflows/phan.yml
+    secrets: inherit
+    # needs: [pre-commit]
+    with:
+      gh_event: ${{ github.event_name }}
+#phpstan:
+#  if: false
+#  uses: ./.github/workflows/phpstan.yml
+#  secrets: inherit
+#  needs: [pre-commit]
+#  with:
+#    gh_event: ${{ github.event_name }}
+#windows-ci:
+#  if: false
+#  needs: [pre-commit, phpstan, phan]
+#  secrets: inherit
+#  uses: ./.github/workflows/windows-ci.yml
+#  with:
+#    gh_event: ${{ github.event_name }}
+#gh-travis:  # Runs travis script on github runner (not on travis)
+#  if: false
+#  # needs: [pre-commit, phan]
+#  # needs: [windows-ci]
+#  secrets: inherit
+#  uses: ./.github/workflows/gh-travis.yml
+#  with:
+#    gh_event: ${{ github.event_name }}

.github/workflows/phan.yml

@@ -0,0 +1,58 @@
+---
+on:
+  # pull_request:
+  # push:
+  # schedule:
+  #   # execute once a day, the 1st
+  #   - cron: 10 9 * * *
+  workflow_call:
+    inputs:
+      gh_event:
+        required: true
+        type: string
+  workflow_dispatch:
+
+concurrency:
+  group: phan-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+env:
+  gh_event: ${{ inputs.gh_event || github.event_name }}
+  PHAN_CONFIG: >
+    ${{ 'dev/tools/phan/config.php' }}
+  PHAN_BASELINE: dev/tools/phan/baseline.txt
+  PHAN_MIN_PHP: 7.0
+  PHAN_QUICK: ${{ github.event.schedule && '' || '--quick' }}
+  GITHUB_JSON: ${{ toJSON(github) }} # Helps in debugging Github Action
+
+name: phan
+jobs:
+  phan:
+    name: Run phan
+    runs-on: ubuntu-latest
+    # Do not run schedule on forks
+    if: |
+      github.repository == 'DoliCloud/DoliMods'
+      || github.event.schedule == false
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.2
+          coverage: none # disable xdebug, pcov
+          tools: cs2pr,phan
+      - name: Run Phan analysis
+        run: |
+          phan $PHAN_QUICK -k $PHAN_CONFIG -B $PHAN_BASELINE --analyze-twice --minimum-target-php-version $PHAN_MIN_PHP --output-mode=checkstyle -o _phan.xml
+      - name: Add results to PR
+        if: ${{ always() }}
+        run: |
+          cs2pr --prepend-filename --prepend-source --notices-as-warnings _phan.xml
+      - name: Provide phan log as artifact
+        uses: actions/upload-artifact@v4
+        if: ${{ always() }}
+        with:
+          name: phan-srcrt
+          # path: ${{ github.workspace }}/phan.log
+          path: ${{ github.workspace }}/_phan.xml
+          retention-days: 2

dev/tools/phan/README.md

@@ -0,0 +1,7 @@
+# `dolibarr.php`
+
+The Dolibarr 'stub' is generated using `php-stubs/generator` installable with composer.
+
+```bash
+( cd DolibarrRoot ; php -d memory_limit=4G .../vendor/bin/generate-stubs --out /fullpath/to/dolibarr.php --force htdocs )
+```

dev/tools/phan/config.php

@@ -0,0 +1,198 @@
+<?php
+
+define('DOL_PROJECT_ROOT', __DIR__.'/../../..');
+define('DOL_DOCUMENT_ROOT', DOL_PROJECT_ROOT.'/htdocs');
+//define('DOL_DOCUMENT_ROOT', DOL_PROJECT_ROOT);
+define('PHAN_DIR', __DIR__);
+
+/**
+ * This configuration will be read and overlaid on top of the
+ * default configuration. Command line arguments will be applied
+ * after this file is read.
+ */
+return [
+    //    'processes' => 6,
+    'backward_compatibility_checks' => false,
+    'simplify_ast'=>true,
+    'analyzed_file_extensions' => ['php','inc'],
+
+    // Supported values: `'5.6'`, `'7.0'`, `'7.1'`, `'7.2'`, `'7.3'`, `'7.4'`, `null`.
+    // If this is set to `null`,
+    // then Phan assumes the PHP version which is closest to the minor version
+    // of the php executable used to execute Phan.
+    //"target_php_version" => null,
+    //"target_php_version" => '7.0',
+    //"target_php_version" => '7.4',
+    //"target_php_version" => '7.3',
+    //"target_php_version" => '5.6',
+    "target_php_version" => '8.2',
+    'minimum-target-php-version'=>'7.0',
+
+    // A list of directories that should be parsed for class and
+    // method information. After excluding the directories
+    // defined in exclude_analysis_directory_list, the remaining
+    // files will be statically analyzed for errors.
+    //
+    // Thus, both first-party and third-party code being used by
+    // your application should be included in this list.
+    'directory_list' => [
+        'htdocs',
+		'dev/tools/phan/stubs',
+        //'tests',
+    ],
+
+    // A directory list that defines files that will be excluded
+    // from static analysis, but whose class and method
+    // information should be included.
+    //
+    // Generally, you'll want to include the directories for
+    // third-party code (such as "vendor/") in this list.
+    //
+    // n.b.: If you'd like to parse but not analyze 3rd
+    //       party code, directories containing that code
+    //       should be added to the `directory_list` as
+    //       to `exclude_analysis_directory_list`.
+    "exclude_analysis_directory_list" => [
+		'dev/tools/phan/stubs',
+        'htdocs/google/includes/google-api-php-client/vendor',
+		'htdocs/facturxutil/includes',
+		'htdocs/filemanager/includes',
+		'htdocs/google/includes',
+		'htdocs/netatmo/includes',
+		'htdocs/numberwords/includes/Numbers',
+		'htdocs/ovh/includes',
+		'htdocs/phpsysinfo/includes/phpsysinfo',
+		'htdocs/pibarcode/includes/barcode',
+		'htdocs/tawkto/includes',
+		'htdocs/webmailr/includes/roundcubemail',
+    ],
+    //'exclude_file_regex' => '@^vendor/.*/(tests?|Tests?)/@',
+   'exclude_file_regex' => '@^('
+		.'nonexisting'
+		.'|htdocs/google/includes/google-api-php-client/vendor/guzzlehttp/.*'
+		.')$@',
+
+
+
+    // A list of plugin files to execute.
+    // Plugins which are bundled with Phan can be added here by providing their name
+    // (e.g. 'AlwaysReturnPlugin')
+    //
+    // Documentation about available bundled plugins can be found
+    // at https://github.com/phan/phan/tree/master/dev/tools/phan/plugins
+    //
+    // Alternately, you can pass in the full path to a PHP file
+    // with the plugin's implementation (e.g. 'vendor/phan/phan/dev/tools/phan/plugins/AlwaysReturnPlugin.php')
+    'plugins' => [
+        // checks if a function, closure or method unconditionally returns.
+        // can also be written as 'vendor/phan/phan/dev/tools/phan/plugins/AlwaysReturnPlugin.php'
+        'DeprecateAliasPlugin',
+        'EmptyMethodAndFunctionPlugin',
+        'InvalidVariableIssetPlugin',
+        'MoreSpecificElementTypePlugin',
+        'NoAssertPlugin',
+        'NotFullyQualifiedUsagePlugin',
+        'PHPDocRedundantPlugin',
+        'PHPUnitNotDeadCodePlugin',
+        'PossiblyStaticMethodPlugin',
+        'PreferNamespaceUsePlugin',
+        'PrintfCheckerPlugin',
+        'RedundantAssignmentPlugin',
+    // PhanPluginCanUseParamType : 1300+ occurrences
+    // PhanPluginComparisonNotStrictForScalar : 700+ occurrences
+    // PhanPluginCanUseReturnType : 680+ occurrences
+    // PhanPluginNumericalComparison : 470+ occurrences
+    // PhanPluginNonBoolInLogicalArith : 290+ occurrences
+    // PhanPluginPossiblyStaticClosure : 270+ occurrences
+    // PhanPluginPossiblyStaticPublicMethod : 230+ occurrences
+    // PhanPluginSuspiciousParamPosition : 150+ occurrences
+    // PhanPluginCanUseNullableParamType : 140+ occurrences
+    // PhanPluginCanUsePHP71Void : 130+ occurrences
+    // PhanPluginInlineHTML : 100+ occurrences
+    // PhanPluginPossiblyStaticPrivateMethod : 100+ occurrences
+    // PhanPluginCanUseNullableReturnType : 90+ occurrences
+    // PhanPluginInlineHTMLTrailing : 65+ occurrences
+
+/* Could be enabled for new code.
+        'ConstantVariablePlugin', // Warns about values that are actually constant 
+        'HasPHPDocPlugin', // Requires PHPDoc
+        'InlineHTMLPlugin', // html in PHP file, or at end of file
+        'NonBoolBranchPlugin', // Requires test on bool, nont on ints
+        'NonBoolInLogicalArithPlugin',
+        'NumericalComparisonPlugin',
+        'PHPDocToRealTypesPlugin',
+        'ShortArrayPlugin', // Checks that [] is used
+        'StrictLiteralComparisonPlugin',
+        'UnknownClassElementAccessPlugin',
+        'UnknownElementTypePlugin',
+        'WhitespacePlugin',
+/**/
+        'PHPDocInWrongCommentPlugin', // Missing /** (/* was used)
+        //'RemoveDebugStatementPlugin', // Reports echo, print, ...
+        'SimplifyExpressionPlugin',
+        //'StrictComparisonPlugin', // Expects ===
+        //'SuspiciousParamOrderPlugin', // reports function calls for parameters, not clear
+        'UnsafeCodePlugin',
+        //'UnusedSuppressionPlugin',
+
+        'AlwaysReturnPlugin',
+        //'DollarDollarPlugin',
+        'DuplicateArrayKeyPlugin',
+        'DuplicateExpressionPlugin',
+        'PregRegexCheckerPlugin',
+        'PrintfCheckerPlugin',
+        'SleepCheckerPlugin',
+        // Checks for syntactically unreachable statements in
+        // the global scope or function bodies.
+        'UnreachableCodePlugin',
+        'UseReturnValuePlugin',
+        'EmptyStatementListPlugin',
+        'LoopVariableReusePlugin',
+    ],
+
+    // Add any issue types (such as 'PhanUndeclaredMethod')
+    // here to inhibit them from being reported
+    'suppress_issue_types' => [
+        'PhanTypeMismatchReturnSuperType', // Newly introduced in phan many occurences.
+        //'PhanUndeclaredThis',
+	'PhanPluginMixedKeyNoKey',
+	'PhanPluginDuplicateConditionalNullCoalescing', // Suggests to optimize to ??
+        //'PhanUnreferencedClosure',  // False positives seen with closures in arrays, TODO: move closure checks closer to what is done by unused variable plugin
+        //'PhanPluginNoCommentOnProtectedMethod',
+        //'PhanPluginDescriptionlessCommentOnProtectedMethod',
+        //'PhanPluginNoCommentOnPrivateMethod',
+        //'PhanPluginDescriptionlessCommentOnPrivateMethod',
+        //'PhanPluginDescriptionlessCommentOnPrivateProperty',
+        // TODO: Fix edge cases in --automatic-fix for PhanPluginRedundantClosureComment
+        //'PhanPluginRedundantClosureComment',
+        'PhanPluginPossiblyStaticPublicMethod',
+        //'PhanPluginPossiblyStaticProtectedMethod',
+
+        // The types of ast\Node->children are all possibly unset.
+        'PhanTypePossiblyInvalidDimOffset', // Also checks optional array keys and requires that they are checked for existance.
+    ],
+    // You can put relative paths to internal stubs in this config option.
+    // Phan will continue using its detailed type annotations,
+    // but load the constants, classes, functions, and classes (and their Reflection types)
+    // from these stub files (doubling as valid php files).
+    // Use a different extension from php (and preferably a separate folder)
+    // to avoid accidentally parsing these as PHP (includes projects depending on this).
+    // The 'mkstubs' script can be used to generate your own stubs (compatible with php 7.0+ right now)
+    // Note: The array key must be the same as the extension name reported by `php -m`,
+    // so that phan can skip loading the stubs if the extension is actually available.
+    'autoload_internal_extension_signatures' => [
+         // Xdebug stubs are bundled with Phan 0.10.1+/0.8.9+ for usage,
+         // because Phan disables xdebug by default.
+         //'xdebug'     => 'vendor/phan/phan/dev/tools/phan/internal_stubs/xdebug.phan_php',
+        //'memcached'  => 'dev/tools/phan/your_internal_stubs_folder_name/memcached.phan_php',
+        'curl'  => 'dev/tools/phan/stubs/curl.phan_php',
+        'gd'  => 'dev/tools/phan/stubs/gd.phan_php',
+        'intl'  => 'dev/tools/phan/stubs/intl.phan_php',
+        'mcrypt'  => 'dev/tools/phan/stubs/mcrypt.phan_php',
+        'soap'  => 'dev/tools/phan/stubs/soap.phan_php',
+        'pdo_mysql'  => 'dev/tools/phan/stubs/pdo_mysql.phan_php',
+        'PDO'  => 'dev/tools/phan/stubs/PDO.phan_php',
+        'zip'  => 'dev/tools/phan/stubs/zip.phan_php',
+        'SimpleXML'  => 'dev/tools/phan/stubs/SimpleXML.phan_php',
+    ],
+];