Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ Only published SkillBuilder lessons are synchronized as Shopware products. Draft
- [Interview Q&A](docs/interview-qa.md)
- [Recruiter project summary](docs/project-summary-for-recruiters.md)
- [Portfolio audit report](docs/audit-report-2026-05-23.md)
- [PHPStan audit evidence](docs/phpstan-audit-2026-06-05.md)
- [Demo script](docs/demo-script.md)
- [Changelog](CHANGELOG.md)
- [Demo checklist](docs/demo-checklist.md)
Expand Down Expand Up @@ -215,6 +216,7 @@ Additional checks performed:
- Doctrine mapping validation
- router checks
- live smoke checks for public and protected routes
- PHPStan audit setup added in the private codebase; baseline reduced from 56 findings to 17 Doctrine generated-ID findings

## Portfolio Positioning

Expand Down
85 changes: 85 additions & 0 deletions docs/phpstan-audit-2026-06-05.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# PHPStan Audit - 2026-06-05

This audit documents the current static-analysis setup and cleanup state from the private SkillBuilder application.

## Scope

- Added PHPStan as a private-codebase audit tool.
- Added a GitHub Actions workflow named `Testing` for the private application branch.
- Reduced the PHPStan baseline from 56 findings to 17 findings.
- Kept the remaining 17 baseline entries limited to Doctrine generated ID properties.

## Implemented In Private Codebase

Private audit commit:

```text
b5fd3f2 Add PHPStan audit workflow
```

Main files added or changed in the private application:

- `composer.json`
- `composer.lock`
- `phpstan.neon`
- `phpstan-baseline.neon`
- `scripts/run-phpstan.ps1`
- `.github/workflows/testing.yml`
- targeted PHPStan cleanups in commands, controllers, services, tests, and one Doctrine entity callback

## Findings Reduced

Before cleanup:

```text
56 PHPStan baseline entries
```

After cleanup:

```text
17 PHPStan baseline entries
```

The removed findings covered:

- invalid or missing imports
- unreachable code
- redundant `method_exists()` guards
- redundant null-coalescing expressions
- overly broad user type checks
- direct session flash bag calls where controller flash helpers are clearer
- unused constructor dependency in GDPR export logic
- redundant lifecycle fallback for an initialized Doctrine timestamp

## Remaining Baseline

The remaining 17 entries are all Doctrine generated ID warnings of this form:

```text
Property App\Entity\...\$id (int|null) is never assigned int
```

These are intentionally kept because Doctrine assigns `#[GeneratedValue]` IDs at runtime. They should be removed later with a Doctrine-aware PHPStan setup, not by weakening entity ID types.

## Verification

Checks performed locally:

```text
php -l across changed PHP files: OK
PHPStan on changed command/controller/service files without baseline: OK
PHPStan on src/Entity with reduced baseline: OK
```

The full private-codebase PHPStan run is wired through the `Testing` workflow. The local Windows/P-drive environment required a PowerShell wrapper that copies the PHPStan PHAR to `%TEMP%` before execution.

## Current Quality Impact

This audit turns PHPStan from a one-off scan into repeatable project evidence:

- static analysis is now part of the private repository setup
- real PHPStan findings were fixed rather than hidden
- the baseline is narrow and explainable
- the remaining debt has a clear next step: add Doctrine-aware PHPStan support

Loading