feat: Add composer-dependency-analyser (fix shadow dependencies) (#1374)

* Add composer-dependency-analyser (fix shadow deps)

* Revert removal of composer/xdebug-handler

* Fix composer lock hash

.github/workflows/static-analysis.yml

@@ -107,3 +107,32 @@ jobs:
 
       - name: Psalm
         run: make psalm
+
+
+  static-code-analysis-composer-dependency-analyser:
+    name: "Static Code Analysis by composer-dependency-analyser"
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-22.04
+            php-version: 8.1
+
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: mbstring, xml, ctype, iconv
+          coverage: none
+          tools: composer
+
+      - uses: "ramsey/composer-install@v2"
+
+      - name: composer-dependency-analyser
+        run: make composer-dependency-analyser

Makefile

@@ -1,5 +1,6 @@
 BOX_BIN := ./build/box.phar
 COMPOSER_BIN := composer
+COMPOSER_DEPENDENCY_ANALYSER_BIN := ./vendor/bin/composer-dependency-analyser
 PHP_BIN := php
 PHP_CS_FIXER_BIN := ./vendor/bin/php-cs-fixer
 PHPSTAN_BIN	:= ./vendor/bin/phpstan
@@ -20,6 +21,10 @@ build: tests ## Runs tests and creates the phar-binary
 composer-install: ## Installs dependencies
 	$(COMPOSER_BIN) install --no-interaction --no-progress --optimize-autoloader --ansi
 
+.PHONY: composer-dependency-analyser
+composer-dependency-analyser: ## Performs static code analysis using composer-dependency-analyser
+	$(COMPOSER_DEPENDENCY_ANALYSER_BIN)
+
 .PHONY: deptrac
 deptrac: ## Analyses own architecture using the default config confile
 	./deptrac analyse -c deptrac.config.php --cache-file=./.cache/deptrac.cache --no-progress --ansi

composer-dependency-analyser.php

@@ -0,0 +1,10 @@
+<?php declare(strict_types = 1);
+
+use ShipMonk\ComposerDependencyAnalyser\Config\Configuration;
+use ShipMonk\ComposerDependencyAnalyser\Config\ErrorType;
+
+$config = new Configuration();
+
+return $config
+    ->ignoreErrorsOnPackage('composer/xdebug-handler', [ErrorType::UNUSED_DEPENDENCY]) // needed for e2e tests, no direct usage in code
+    ->ignoreErrorsOnPath(__DIR__ . '/tests', [ErrorType::UNKNOWN_CLASS]); // keep ability to test invalid symbols

composer.json

@@ -28,10 +28,13 @@
         "phpdocumentor/graphviz": "^2.1",
         "phpdocumentor/type-resolver": "^1.6",
         "phpstan/phpdoc-parser": "^1.5",
+        "psr/container": "^2.0",
+        "psr/event-dispatcher": "^1.0",
         "symfony/config": "^6.0",
         "symfony/console": "^6.0",
         "symfony/dependency-injection": "^6.0",
         "symfony/event-dispatcher": "^6.0",
+        "symfony/event-dispatcher-contracts": "^3.4",
         "symfony/filesystem": "^6.0",
         "symfony/finder": "^6.0",
         "symfony/yaml": "^6.0"
@@ -67,6 +70,8 @@
         "phpunit/phpunit": "^10.2",
         "rector/rector": "^0.15.17",
         "roave/infection-static-analysis-plugin": "^1.28",
+        "shipmonk/composer-dependency-analyser": "^1.2",
+        "symfony/stopwatch": "^6.4",
         "vimeo/psalm": "^5.13"
     }
 }