From d85305aa77d50446bd001f550567bb8738cf42ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Apr 2026 15:28:19 +0200 Subject: [PATCH 1/7] chore(deps): Bump actions/download-artifact from 4 to 8 (#12) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d3030ec..150226e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -120,7 +120,7 @@ jobs: with: fetch-depth: 0 - name: Download coverage - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: coverage-report - name: SonarQube Scan From a50eca7728994c1775a39df960779ce93be720b2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Apr 2026 15:31:21 +0200 Subject: [PATCH 2/7] chore(deps): Bump actions/upload-artifact from 4 to 7 (#13) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 150226e..f7b2bb8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,7 +104,7 @@ jobs: run: bin/test.sh --coverage 8.3 - name: Upload coverage - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: coverage-report path: coverage.xml From 14723cb97135849bcf1681eedf154ada9b597d1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Apr 2026 15:32:37 +0200 Subject: [PATCH 3/7] chore(deps): Bump dependabot/fetch-metadata from 2 to 3 (#14) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2 to 3. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v2...v3) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependabot-automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index 6ecf7e0..a64646f 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v6 - name: Fetch Dependabot metadata 🔍 - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@v3 id: metadata with: github-token: ${{ github.token }} From 0239073dbf8b33faf5b1bb99dd32449ca424b5fb Mon Sep 17 00:00:00 2001 From: Oliver Zieschang Date: Wed, 22 Apr 2026 15:36:31 +0200 Subject: [PATCH 4/7] chore(doc): fixed wrong config-key --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b35e7a1..b20fe59 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ includes: ### Configuration -Several rules require or accept configuration parameters under the `iwf` key. +Several rules require or accept configuration parameters under the `iwfWeb` key. #### Controller rules From 343e18e6b843380dd79ef60f8b6f85f4993478a8 Mon Sep 17 00:00:00 2001 From: Oliver Zieschang Date: Sun, 26 Apr 2026 23:56:32 +0200 Subject: [PATCH 5/7] fix(ci): removed erroneous fetch depth argument --- .github/workflows/ci.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f7b2bb8..cdf9457 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,8 +15,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - name: Build env: @@ -48,8 +46,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - name: Set service name run: | @@ -82,8 +78,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - name: Build env: @@ -117,8 +111,6 @@ jobs: needs: [coverage] steps: - uses: actions/checkout@v6 - with: - fetch-depth: 0 - name: Download coverage uses: actions/download-artifact@v8 with: From 0060358f75f067db0804658ba5d686b9ce3b1c7a Mon Sep 17 00:00:00 2001 From: Oliver Zieschang Date: Mon, 27 Apr 2026 16:12:41 +0200 Subject: [PATCH 6/7] feat: add excludedClasses support to AttributeRequirementsRule --- config/common.neon | 3 ++ src/Common/AttributeRequirementsRule.php | 7 +++ ...uteRequirementsRuleExcludedClassesTest.php | 49 +++++++++++++++++++ .../data/attribute-requirements-excluded.php | 13 +++++ 4 files changed, 72 insertions(+) create mode 100644 tests/AttributeRequirementsRuleExcludedClassesTest.php create mode 100644 tests/data/attribute-requirements-excluded.php diff --git a/config/common.neon b/config/common.neon index 64103be..03ba430 100644 --- a/config/common.neon +++ b/config/common.neon @@ -9,6 +9,8 @@ parameters: - { namespace: 'Symfony\Component\Validator\Constraints', alias: 'Assert' } - { namespace: 'Symfony\Component\Serializer\Attribute', alias: 'Serializer' } attributeRequirements: + excludedClasses: + - 'App\Controller\Api\Security\LoginController' attributeDefinitions: - attribute: 'Symfony\Component\Routing\Attribute\Route' @@ -40,6 +42,7 @@ services: class: IWFWeb\PhpstanRules\Common\AttributeRequirementsRule arguments: attributeDefinitions: %iwfWeb.attributeRequirements.attributeDefinitions% + excludedClasses: %iwfWeb.attributeRequirements.excludedClasses% tags: - phpstan.rules.rule diff --git a/src/Common/AttributeRequirementsRule.php b/src/Common/AttributeRequirementsRule.php index 180c4f9..fb3d060 100644 --- a/src/Common/AttributeRequirementsRule.php +++ b/src/Common/AttributeRequirementsRule.php @@ -31,9 +31,11 @@ /** * @param list}> $attributeDefinitions + * @param list $excludedClasses Fully-qualified class names to skip */ public function __construct( private array $attributeDefinitions = [], + private array $excludedClasses = [], ) {} #[\Override] @@ -56,6 +58,11 @@ public function processNode(Node $node, Scope $scope): array return []; } + $classReflection = $scope->getClassReflection(); + if ($classReflection !== null && \in_array($classReflection->getName(), $this->excludedClasses, true)) { + return []; + } + $presentAttributes = []; foreach ($node->attrGroups as $attrGroup) { diff --git a/tests/AttributeRequirementsRuleExcludedClassesTest.php b/tests/AttributeRequirementsRuleExcludedClassesTest.php new file mode 100644 index 0000000..343cdd7 --- /dev/null +++ b/tests/AttributeRequirementsRuleExcludedClassesTest.php @@ -0,0 +1,49 @@ + + * @copyright Copyright (c) 2025-2026 IWF Web Solutions + * @license https://github.com/iwf-web/phpstan-rules/blob/main/LICENSE.txt MIT License + * @link https://github.com/iwf-web/phpstan-rules + */ + +namespace IWFWeb\PhpstanRules\Tests; + +use App\Controller\Api\Security\LoginController; +use IWFWeb\PhpstanRules\Common\AttributeRequirementsRule; +use PHPStan\Rules\Rule; +use Symfony\Component\Routing\Attribute\Route; + +/** + * @extends AbstractRuleTestCase + * + * @internal + */ +final class AttributeRequirementsRuleExcludedClassesTest extends AbstractRuleTestCase +{ + protected function getRule(): Rule + { + return new AttributeRequirementsRule( + attributeDefinitions: [ + [ + 'attribute' => Route::class, + 'requires' => [ + 'OpenApi\Attributes\Tag', + 'Symfony\Component\Security\Http\Attribute\IsGranted', + ], + ], + ], + excludedClasses: [LoginController::class], + ); + } + + public function testExcludedClassIsIgnored(): void + { + $files = [__DIR__.'/data/attribute-requirements-excluded.php']; + $errors = $this->gatherAnalyserErrors($files); + self::assertNoRuleErrors($errors); + } +} diff --git a/tests/data/attribute-requirements-excluded.php b/tests/data/attribute-requirements-excluded.php new file mode 100644 index 0000000..bab0b62 --- /dev/null +++ b/tests/data/attribute-requirements-excluded.php @@ -0,0 +1,13 @@ + Date: Mon, 27 Apr 2026 16:17:03 +0200 Subject: [PATCH 7/7] chore(deps): Bump googleapis/release-please-action from 4 to 5 (#15) Bumps [googleapis/release-please-action](https://github.com/googleapis/release-please-action) from 4 to 5. - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/release-please-action/compare/v4...v5) --- updated-dependencies: - dependency-name: googleapis/release-please-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Oliver-Zieschang --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 387f35f..579fbe3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Create Release PR - uses: googleapis/release-please-action@v4 + uses: googleapis/release-please-action@v5 with: # Bot PAT with access to Workflows # The built-in GITHUB_TOKEN has cannot trigger other workflows