Replace superlinter with reusable workflows

Author: tvdijen

.github/workflows/php.yml

@@ -14,128 +14,33 @@ on:  # yamllint disable-line rule:truthy
   workflow_dispatch:
 
 jobs:
-  linter:
-    name: Linter
-    runs-on: ['ubuntu-latest']
-
-    steps:
-      - uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Lint Code Base
-        uses: github/super-linter/slim@v7
-        env:
-          SAVE_SUPER_LINTER_OUTPUT: false
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LINTER_RULES_PATH: 'tools/linters'
-          LOG_LEVEL: NOTICE
-          VALIDATE_ALL_CODEBASE: true
-          VALIDATE_CSS: true
-          VALIDATE_JAVASCRIPT_ES: true
-          VALIDATE_JSON: true
-          VALIDATE_YAML: true
-          VALIDATE_XML: true
-          VALIDATE_GITHUB_ACTIONS: true
-
-  quality:
-    name: Quality control
-    runs-on: [ubuntu-latest]
-
-    steps:
-      - name: Setup PHP, with composer and extensions
-        id: setup-php
-        # https://github.com/shivammathur/setup-php
-        uses: shivammathur/setup-php@v2
-        with:
-          # Should be the higest supported version, so we can use the newest tools
-          php-version: '8.5'
-          tools: composer, composer-require-checker, composer-unused, phpcs, phpstan
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, pdo, posix, spl, xml
-
-      - name: Setup problem matchers for PHP
-        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
-
-      - uses: actions/checkout@v5
-
-      - name: Get composer cache directory
-        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v4
-        with:
-          path: $COMPOSER_CACHE
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: ${{ runner.os }}-composer-
-
-      - name: Validate composer.json and composer.lock
-        run: composer validate
-
-      - name: Install Composer dependencies
-        run: composer install --no-progress --prefer-dist --optimize-autoloader
-
-      - name: Check code for hard dependencies missing in composer.json
-        run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json
-
-      - name: Check code for unused dependencies in composer.json
-        run: composer-unused
-
-      - name: PHP Code Sniffer
-        run: vendor/bin/phpcs
-
-      - name: PHPStan
-        run: |
-          vendor/bin/phpstan analyze -c phpstan.neon --debug
-
-      - name: PHPStan (testsuite)
-        run: |
-          vendor/bin/phpstan analyze -c phpstan-dev.neon --debug
-
-  security:
-    name: Security checks
-    runs-on: [ubuntu-latest]
-    steps:
-      - name: Setup PHP, with composer and extensions
-        # https://github.com/shivammathur/setup-php
-        uses: shivammathur/setup-php@v2
-        with:
-          # Should be the lowest supported version
-          php-version: '8.2'
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, pdo, posix, spl, xml
-          tools: composer
-          coverage: none
-
-      - name: Setup problem matchers for PHP
-        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
-
-      - uses: actions/checkout@v5
-
-      - name: Get composer cache directory
-        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v4
-        with:
-          path: $COMPOSER_CACHE
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: ${{ runner.os }}-composer-
-
-      - name: Install Composer dependencies
-        run: composer install --no-progress --prefer-dist --optimize-autoloader
+  phplinter:
+    name: 'PHP-Linter'
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version: ['8.1', '8.2', '8.3', '8.4']
 
-      - name: Security check for locked dependencies
-        run: composer audit
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/[email protected]
+    with:
+      php-version: ${{ matrix.php-version }}
 
-      - name: Update Composer dependencies
-        run: composer update --no-progress --prefer-dist --optimize-autoloader
+  linter:
+    name: 'Linter'
+    strategy:
+      fail-fast: false
 
-      - name: Security check for updated dependencies
-        run: composer audit
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/[email protected]
+    with:
+      enable_eslinter: false
+      enable_jsonlinter: true
+      enable_stylelinter: false
+      enable_yamllinter: true
 
   unit-tests-linux:
     name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
     runs-on: ${{ matrix.operating-system }}
-    needs: [linter, quality, security]
+    needs: [phplinter, linter]
     strategy:
       fail-fast: false
       matrix:
@@ -198,7 +103,7 @@ jobs:
   unit-tests-windows:
     name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
     runs-on: ${{ matrix.operating-system }}
-    needs: [linter, quality, security]
+    needs: [phplinter, linter]
     strategy:
       fail-fast: true
       matrix:
@@ -246,6 +151,100 @@ jobs:
       - name: Run unit tests
         run: vendor/bin/phpunit --no-coverage
 
+  quality:
+    name: Quality control
+    runs-on: [ubuntu-latest]
+
+    steps:
+      - name: Setup PHP, with composer and extensions
+        id: setup-php
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
+        with:
+          # Should be the higest supported version, so we can use the newest tools
+          php-version: '8.5'
+          tools: composer, composer-require-checker, composer-unused, phpcs, phpstan
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, pdo, posix, spl, xml
+
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - uses: actions/checkout@v5
+
+      - name: Get composer cache directory
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: $COMPOSER_CACHE
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Install Composer dependencies
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Check code for hard dependencies missing in composer.json
+        run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json
+
+      - name: Check code for unused dependencies in composer.json
+        run: composer-unused
+
+      - name: PHP Code Sniffer
+        run: vendor/bin/phpcs
+
+      - name: PHPStan
+        run: |
+          vendor/bin/phpstan analyze -c phpstan.neon --debug
+
+      - name: PHPStan (testsuite)
+        run: |
+          vendor/bin/phpstan analyze -c phpstan-dev.neon --debug
+
+  security:
+    name: Security checks
+    runs-on: [ubuntu-latest]
+    steps:
+      - name: Setup PHP, with composer and extensions
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
+        with:
+          # Should be the lowest supported version
+          php-version: '8.2'
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, pdo, posix, spl, xml
+          tools: composer
+          coverage: none
+
+      - name: Setup problem matchers for PHP
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - uses: actions/checkout@v5
+
+      - name: Get composer cache directory
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: $COMPOSER_CACHE
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install Composer dependencies
+        run: composer install --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Security check for locked dependencies
+        run: composer audit
+
+      - name: Update Composer dependencies
+        run: composer update --no-progress --prefer-dist --optimize-autoloader
+
+      - name: Security check for updated dependencies
+        run: composer audit
+
   coverage:
     name: Code coverage
     runs-on: [ubuntu-latest]

phpstan-baseline-dev.neon

@@ -1,21 +1,25 @@
 parameters:
 	ignoreErrors:
 		-
-			message: "#^Parameter \\#1 \\$array of function asort expects array, string given\\.$#"
+			message: '#^Parameter \#1 \$array of function asort expects array, string given\.$#'
+			identifier: argument.type
 			count: 4
 			path: tests/src/Auth/Source/PasswordVerifyTest.php
 
 		-
-			message: "#^Property SimpleSAML\\\\Test\\\\Module\\\\sqlauth\\\\Auth\\\\Source\\\\PasswordVerifyTest\\:\\:\\$config \\(array\\<string, string\\|null\\>\\) does not accept array\\<string, array\\<int, string\\>\\|string\\|null\\>\\.$#"
+			message: '#^Property SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\PasswordVerifyTest\:\:\$config \(array\<string, string\|null\>\) does not accept array\<string, list\<string\>\|string\|null\>\.$#'
+			identifier: assign.propertyType
 			count: 4
 			path: tests/src/Auth/Source/PasswordVerifyTest.php
 
 		-
-			message: "#^Parameter \\#1 \\$array of function asort expects array, mixed given\\.$#"
+			message: '#^Parameter \#1 \$array of function asort expects array, mixed given\.$#'
+			identifier: argument.type
 			count: 4
 			path: tests/src/Auth/Source/SQLTest.php
 
 		-
-			message: "#^Property SimpleSAML\\\\Test\\\\Module\\\\sqlauth\\\\Auth\\\\Source\\\\SQLTest\\:\\:\\$config \\(array\\<string, string\\|null\\>\\) does not accept array\\<string, array\\<int, string\\>\\|string\\|null\\>\\.$#"
+			message: '#^Property SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\SQLTest\:\:\$config \(array\<string, string\|null\>\) does not accept array\<string, list\<string\>\|string\|null\>\.$#'
+			identifier: assign.propertyType
 			count: 4
 			path: tests/src/Auth/Source/SQLTest.php

phpstan-baseline.neon

@@ -1,6 +0,0 @@
-parameters:
-	ignoreErrors:
-		-
-			message: "#^Strict comparison using \\=\\=\\= between mixed and null will always evaluate to false\\.$#"
-			count: 1
-			path: src/Auth/Source/PasswordVerify.php

src/Auth/Source/PasswordVerify.php

@@ -4,6 +4,7 @@
 
 namespace SimpleSAML\Module\sqlauth\Auth\Source;
 
+use SimpleSAML\Assert\Assert;
 use SimpleSAML\Error;
 use SimpleSAML\Logger;
 use SimpleSAML\Module\sqlauth\Auth\Source\SQL;
@@ -50,6 +51,7 @@ class PasswordVerify extends SQL
      */
     protected string $passwordhashcolumn = 'passwordhash';
 
+
     /**
      * Constructor for this authentication source.
      *
@@ -67,7 +69,6 @@ public function __construct(array $info, array $config)
     }
 
 
-
     /**
      * Attempt to log in using the given username and password.
      *
@@ -142,16 +143,7 @@ protected function login(string $username, string $password): array
                  * This should never happen as the count(data) test above would have already thrown.
                  * But checking twice doesn't hurt.
                  */
-                if ($pwhash === null) {
-                    if ($pwhash != $row[$this->passwordhashcolumn]) {
-                        Logger::error(sprintf(
-                            'sqlauth:%s: column `%s` does not contain a password hash.',
-                            $this->authId,
-                            $this->passwordhashcolumn,
-                        ));
-                        throw new Error\Error('WRONGUSERPASS');
-                    }
-                }
+                Assert::notNull($pwhash);
 
                 /**
                  * VERIFICATION!

src/Auth/Source/SQL.php

@@ -70,6 +70,7 @@ class SQL extends UserPassBase
      */
     protected array $query;
 
+
     /**
      * Constructor for this authentication source.
      *
@@ -155,6 +156,7 @@ protected function connect(): PDO
         return $db;
     }
 
+
     /**
      * Extract SQL columns into SAML attribute array
      *
@@ -191,6 +193,7 @@ protected function extractAttributes(array &$attributes, array $data, array $for
         return $attributes;
     }
 
+
     /**
      * Execute the query with given parameters and return the tuples that result.
      *
@@ -223,6 +226,7 @@ protected function executeQuery(PDO $db, string $query, array $params): array
         }
     }
 
+
     /**
      * If there is a username_regex then verify the passed username against it and
      * throw an exception if it fails.
@@ -240,6 +244,7 @@ protected function verifyUserNameWithRegex(string $username): void
         }
     }
 
+
     /**
      * Attempt to log in using the given username and password.
      *