Issue #30: Replace Psalm with PHPStan

.github/workflows/static-analysis.yml

@@ -0,0 +1,49 @@
+on:
+  - push
+
+name: Run PHPStan checks
+
+jobs:
+  mutation:
+    name: PHPStan ${{ matrix.php }}-${{ matrix.os }}
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+
+        php:
+          - "8.1"
+          - "8.2"
+          - "8.3"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "${{ matrix.php }}"
+          coverage: pcov
+          ini-values: assert.exception=1, zend.assertions=1, error_reporting=-1, log_errors_max_len=0, display_errors=On
+          tools: composer:v2, cs2pr
+
+      - name: Determine composer cache directory
+        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies installed with composer
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: |
+            php${{ matrix.php }}-composer-
+
+      - name: Install dependencies with composer
+        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+
+      - name: Run static analysis with PHPStan
+        run:  vendor/bin/phpstan analyse

README.md

@@ -4,8 +4,14 @@ Rbac authorization model implements [dot-authorization](https://github.com/dotke
 
 The RBAC model defines roles that can be assigned to users. The authorization is done on a role basis, not user basis as in ACL. Each role can have one or multiple permissions/privileges assigned. When deciding if a user is authorized, the requested permission is checked in all user roles and if at least one role has that permission, access is granted.
 
+## Documentation
+
+Documentation is available at: https://docs.dotkernel.org/dot-rbac/.
+
+## Badges
+
 ![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac)
-![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/3.5.2)
+![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/3.7.0)
 
 [![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/issues)
 [![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/network)
@@ -14,8 +20,7 @@ The RBAC model defines roles that can be assigned to users. The authorization is
 
 [![Build Static](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml)
 [![codecov](https://codecov.io/gh/dotkernel/dot-rbac/graph/badge.svg?token=GCK6C92N83)](https://codecov.io/gh/dotkernel/dot-rbac)
-
-[![SymfonyInsight](https://insight.symfony.com/projects/ce0cfbb2-7e97-427b-b394-531ff5be13d6/big.svg)](https://insight.symfony.com/projects/ce0cfbb2-7e97-427b-b394-531ff5be13d6)
+[![PHPStan](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml)
 
 ## Installation
 

composer.json

@@ -1,7 +1,7 @@
 {
     "name": "dotkernel/dot-rbac",
     "type": "library",
-    "description": "DotKernel RBAC authorization component",
+    "description": "Dotkernel RBAC authorization component",
     "license": "MIT",
     "homepage": "https://github.com/dotkernel/dot-rbac",
     "keywords": [
@@ -11,7 +11,7 @@
     ],
     "authors": [
         {
-            "name": "DotKernel Team",
+            "name": "Dotkernel Team",
             "email": "team@dotkernel.com"
         }
     ],
@@ -29,9 +29,10 @@
         "laminas/laminas-authentication": "2.16.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^10.2",
-        "vimeo/psalm": "^5.13",
-        "laminas/laminas-coding-standard": "^2.5"
+        "laminas/laminas-coding-standard": "^3.0",
+        "phpstan/phpstan": "^2.1",
+        "phpstan/phpstan-phpunit": "^2.0",
+        "phpunit/phpunit": "^10.2"
     },
     "autoload": {
         "psr-4": {
@@ -46,12 +47,12 @@
     "scripts": {
         "check": [
             "@cs-check",
-            "@test"
+            "@test",
+            "@static-analysis"
         ],
         "cs-check": "phpcs",
         "cs-fix": "phpcbf",
         "test": "phpunit --colors=always",
-        "test-coverage": "phpunit --colors=always --coverage-clover clover.xml",
-        "static-analysis": "psalm --shepherd --stats"
+        "static-analysis": "phpstan analyse --memory-limit 1G"
     }
 }

docs/book/index.md

@@ -0,0 +1 @@
+../../README.md

docs/book/v3/overview.md

@@ -0,0 +1,17 @@
+# dot-rbac
+
+The rbac authorization service decides if the authenticated identity or guest has access to certain parts of the application
+
+## Badges
+
+![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac)
+![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/3.7.0)
+
+[![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/issues)
+[![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/network)
+[![GitHub stars](https://img.shields.io/github/stars/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/stargazers)
+[![GitHub license](https://img.shields.io/github/license/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/blob/3.0/LICENSE.md)
+
+[![Build Static](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml)
+[![codecov](https://codecov.io/gh/dotkernel/dot-rbac/graph/badge.svg?token=GCK6C92N83)](https://codecov.io/gh/dotkernel/dot-rbac)
+[![PHPStan](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml)

phpstan.neon

@@ -0,0 +1,15 @@
+includes:
+    - vendor/phpstan/phpstan-phpunit/extension.neon
+parameters:
+    level: 5
+    paths:
+        - src
+        - test
+    treatPhpDocTypesAsCertain: false
+    ignoreErrors:
+        - message: '#Call to method Laminas\\ServiceManager\\AbstractPluginManager<Laminas\\ServiceManager\\AbstractPluginManager>::validate\(\) with ''test'' will always evaluate to false.#'
+          path: test/Assertion/AssertionPluginManagerTest.php
+        - message: '#PHPDoc type class-string<Dot\\Rbac\\Role\\Provider\\RoleProviderInterface>\|null of property Dot\\Rbac\\Role\\Provider\\RoleProviderPluginManager::\$instanceOf is not covariant with PHPDoc type class-string<Laminas\\ServiceManager\\AbstractPluginManager>\|null of overridden property Laminas\\ServiceManager\\AbstractPluginManager<Laminas\\ServiceManager\\AbstractPluginManager>::\$instanceOf.#'
+          path: src/Role/Provider/RoleProviderPluginManager.php
+        - message: '#PHPDoc type class-string<Dot\\Rbac\\Assertion\\AssertionInterface>\|null of property Dot\\Rbac\\Assertion\\AssertionPluginManager::\$instanceOf is not covariant with PHPDoc type class-string<Laminas\\ServiceManager\\AbstractPluginManager>\|null of overridden property Laminas\\ServiceManager\\AbstractPluginManager<Laminas\\ServiceManager\\AbstractPluginManager>::\$instanceOf.#'
+          path: src/Assertion/AssertionPluginManager.php

src/Assertion/AssertionPluginManager.php

@@ -11,6 +11,6 @@
  */
 class AssertionPluginManager extends AbstractPluginManager
 {
-    /** @var string  */
+    /** @var null|class-string<AssertionInterface> $instanceOf */
     protected $instanceOf = AssertionInterface::class;
 }

src/Role/Provider/RoleProviderPluginManager.php

@@ -12,7 +12,7 @@
  */
 class RoleProviderPluginManager extends AbstractPluginManager
 {
-    /** @var string  */
+    /** @var null|class-string<RoleProviderInterface> $instanceOf */
     protected $instanceOf = RoleProviderInterface::class;
 
     /** @var string[]  */

test/Assertion/FactoryTest.php

@@ -48,7 +48,7 @@ public function assert(AuthorizationInterface $authorization, mixed $context = n
         $subject = new Factory($container, $assertionPluginManager);
 
         $result = $subject->create(['type' => 'testType']);
-        $this->assertInstanceOf(AssertionInterface::class, $result);
+        $this->assertContainsOnlyInstancesOf(AssertionInterface::class, [$result]);
     }
 
     /**
@@ -62,6 +62,6 @@ public function testGetAssertionPluginManager(): void
         $subject = new Factory($container, $assertionPluginManager);
 
         $result = $subject->getAssertionPluginManager();
-        $this->assertInstanceOf(AssertionPluginManager::class, $result);
+        $this->assertContainsOnlyInstancesOf(AssertionPluginManager::class, [$result]);
     }
 }

test/Factory/AssertionPluginManagerFactoryTest.php

@@ -34,6 +34,6 @@ public function testCanCreateManager(): void
             ->willReturn($config);
 
         $result = (new AssertionPluginManagerFactory())($container);
-        $this->assertInstanceOf(AssertionPluginManager::class, $result);
+        $this->assertSame(AssertionPluginManager::class, $result::class);
     }
 }

test/Factory/AuthenticationIdentityProviderFactoryTest.php

@@ -39,6 +39,6 @@ public function testWillCreateService(): void
             ]);
 
         $result = (new AuthenticationIdentityProviderFactory())($this->container);
-        $this->assertInstanceOf(AuthenticationIdentityProvider::class, $result);
+        $this->assertSame(AuthenticationIdentityProvider::class, $result::class);
     }
 }

test/Factory/AuthorizationOptionFactoryTest.php

@@ -28,6 +28,6 @@ public function testCanCreateInterface(): void
             ->willReturn(['dot_authorization' => null]);
 
         $interface = (new AuthorizationOptionsFactory())($container);
-        $this->assertInstanceOf(AuthorizationOptions::class, $interface);
+        $this->assertSame(AuthorizationOptions::class, $interface::class);
     }
 }

test/Factory/AuthorizationServiceFactoryTest.php

@@ -47,6 +47,6 @@ public function testWillCreateService(): void
         );
 
         $service = (new AuthorizationServiceFactory())($container);
-        $this->assertInstanceOf(AuthorizationService::class, $service);
+        $this->assertSame(AuthorizationService::class, $service::class);
     }
 }

test/Factory/RoleProviderPluginManagerFactoryTest.php

@@ -35,6 +35,6 @@ public function testCanCreate(): void
             ->willReturn($config);
 
         $service = (new RoleProviderPluginManagerFactory())($container);
-        $this->assertInstanceOf(RoleProviderPluginManager::class, $service);
+        $this->assertSame(RoleProviderPluginManager::class, $service::class);
     }
 }

test/Factory/RoleServiceFactoryTest.php

@@ -44,7 +44,7 @@ public function testWillCreateService(): void
 
         $service = (new RoleServiceFactory())($container);
 
-        $this->assertInstanceOf(RoleService::class, $service);
+        $this->assertSame(RoleService::class, $service::class);
     }
 
     /**