From 969fa783519db1657f85c311ec46841a32ad44d3 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Mon, 9 Sep 2024 20:51:33 +0200 Subject: [PATCH 1/4] Add dependabot config I noticed a few action runners used are out of date. Most updates are related to the Node version the action runners use under the hood updating to Node 20. Not having those updates will become problematic soonish when GHA drops support for Node 16. So, instead of manually updating the workflows, I'm proposing enabling Dependabot to submit updates for the GHA runners. This should take care of it via Dependabot opening PRs to do the updates. --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..d727b17c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +# Dependabot configuration. +# +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + commit-message: + prefix: "GH Actions:" From 16ec3c4fdc435656daa16eaee28b24b0e9cdb74b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 22:41:33 +0000 Subject: [PATCH 2/4] GH Actions: Bump ramsey/composer-install from 2 to 3 Bumps [ramsey/composer-install](https://github.com/ramsey/composer-install) from 2 to 3. - [Release notes](https://github.com/ramsey/composer-install/releases) - [Commits](https://github.com/ramsey/composer-install/compare/v2...v3) --- updated-dependencies: - dependency-name: ramsey/composer-install dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/continuous-integration.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 529a4396..2e23db2a 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -37,7 +37,7 @@ jobs: php-version: "${{ matrix.php-version }}" ini-values: error_reporting=-1, display_errors=On coverage: "none" - - uses: "ramsey/composer-install@v2" + - uses: "ramsey/composer-install@v3" with: composer-options: "${{ matrix.composer-options }}" - name: "Run the linter" @@ -53,6 +53,6 @@ jobs: php-version: "8.2" tools: "phpstan:1.10.57" coverage: "none" - - uses: "ramsey/composer-install@v2" + - uses: "ramsey/composer-install@v3" - name: "Run PHPStan" run: "phpstan analyse -c phpstan.neon -l 4 getid3" From 48b3ded2d1cd13e51665f5e300e60a0b26463d90 Mon Sep 17 00:00:00 2001 From: jrfnl Date: Wed, 11 Sep 2024 07:58:57 +0200 Subject: [PATCH 3/4] PHPStan: move CLI options to config This will make it more intuitive for contributors to run PHPStan locally. --- .github/workflows/continuous-integration.yml | 2 +- phpstan.neon | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 2e23db2a..5a5b35c6 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -55,4 +55,4 @@ jobs: coverage: "none" - uses: "ramsey/composer-install@v3" - name: "Run PHPStan" - run: "phpstan analyse -c phpstan.neon -l 4 getid3" + run: "phpstan" diff --git a/phpstan.neon b/phpstan.neon index 94321ef7..1fbce308 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -1,4 +1,7 @@ parameters: + level: 4 + paths: + - getid3 excludes_analyse: polluteScopeWithLoopInitialAssignments: true dynamicConstantNames: From 0f8f08e3482f1c777537f455e44e56b3eda4cdff Mon Sep 17 00:00:00 2001 From: jrfnl Date: Wed, 11 Sep 2024 08:00:01 +0200 Subject: [PATCH 4/4] PHPStan: update to latest version PHPStan keeps improving and adding more and better checks. Let's use the latest version to get the most benefit from it ;-) Includes ignoring one newly flagged issue and fixing another. ``` ------ --------------------------------------------------------------- Line module.audio-video.quicktime.php ------ --------------------------------------------------------------- 1653 Variable $altitude in empty() always exists and is not falsy. ------ --------------------------------------------------------------- ------ ----------------------------------------------------------------------------------------- Line module.audio-video.riff.php ------ ----------------------------------------------------------------------------------------- 101 Binary operation "+" between (float|int) and array|float|int|false results in an error. ------ ----------------------------------------------------------------------------------------- ``` --- .github/workflows/continuous-integration.yml | 2 +- getid3/module.audio-video.quicktime.php | 2 +- getid3/module.audio-video.riff.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 5a5b35c6..1b974dd4 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -51,7 +51,7 @@ jobs: - uses: "shivammathur/setup-php@v2" with: php-version: "8.2" - tools: "phpstan:1.10.57" + tools: "phpstan:1.12.3" coverage: "none" - uses: "ramsey/composer-install@v3" - name: "Run PHPStan" diff --git a/getid3/module.audio-video.quicktime.php b/getid3/module.audio-video.quicktime.php index d52e85fd..9b1cfb38 100644 --- a/getid3/module.audio-video.quicktime.php +++ b/getid3/module.audio-video.quicktime.php @@ -1650,7 +1650,7 @@ public function QuicktimeParseAtom($atomname, $atomsize, $atom_data, $baseoffset @list($all, $latitude, $longitude, $altitude) = $matches; $info['quicktime']['comments']['gps_latitude'][] = floatval($latitude); $info['quicktime']['comments']['gps_longitude'][] = floatval($longitude); - if (!empty($altitude)) { + if (!empty($altitude)) { // @phpstan-ignore-line $info['quicktime']['comments']['gps_altitude'][] = floatval($altitude); } } else { diff --git a/getid3/module.audio-video.riff.php b/getid3/module.audio-video.riff.php index 3ea1bacf..59ed5819 100644 --- a/getid3/module.audio-video.riff.php +++ b/getid3/module.audio-video.riff.php @@ -98,7 +98,7 @@ public function Analyze() { $info['avdataend'] = $info['filesize']; } - $nextRIFFoffset = $Original['avdataoffset'] + 8 + $thisfile_riff['header_size']; // 8 = "RIFF" + 32-bit offset + $nextRIFFoffset = (int) $Original['avdataoffset'] + 8 + (int) $thisfile_riff['header_size']; // 8 = "RIFF" + 32-bit offset while ($nextRIFFoffset < min($info['filesize'], $info['avdataend'])) { try { $this->fseek($nextRIFFoffset);