From aa35d981f67caf2c9d0ce0ce38387ff254c7d2f2 Mon Sep 17 00:00:00 2001
From: provokateurin <kate@provokateurin.de>
Date: Thu, 5 Mar 2026 12:13:40 +0100
Subject: [PATCH] feat(workflow-templates): Add PHPStan

Signed-off-by: provokateurin <kate@provokateurin.de>
---
 workflow-templates/phpstan.properties.json | 10 ++++
 workflow-templates/phpstan.yml             | 62 ++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 workflow-templates/phpstan.properties.json
 create mode 100644 workflow-templates/phpstan.yml

diff --git a/workflow-templates/phpstan.properties.json b/workflow-templates/phpstan.properties.json
new file mode 100644
index 0000000..fc5de49
--- /dev/null
+++ b/workflow-templates/phpstan.properties.json
@@ -0,0 +1,10 @@
+{
+  "name": "PHPStan static analysis",
+  "description": "Run PHPStan static analysis",
+  "categories": [
+    "PHP"
+  ],
+  "filePatterns": [
+    "^composer.json$"
+  ]
+}
diff --git a/workflow-templates/phpstan.yml b/workflow-templates/phpstan.yml
new file mode 100644
index 0000000..26bd16e
--- /dev/null
+++ b/workflow-templates/phpstan.yml
@@ -0,0 +1,62 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Static analysis
+
+on: pull_request
+
+concurrency:
+  group: phpstan-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+
+    name: static-phpstan-analysis
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Get php version
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+
+      - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min-id }} in phpstan.neon
+        run: "grep 'min: ${{ steps.versions.outputs.php-min-id }}' phpstan.neon"
+
+      - name: Set up php${{ steps.versions.outputs.php-available }}
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
+        with:
+          php-version: ${{ steps.versions.outputs.php-available }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          coverage: none
+          ini-file: development
+          # Temporary workaround for missing pcntl_* in PHP 8.3
+          ini-values: disable_functions=
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install dependencies
+        run: |
+          composer remove nextcloud/ocp --dev --no-scripts
+          composer i
+
+      - name: Check for vulnerable PHP dependencies
+        run: composer require --dev roave/security-advisories:dev-latest
+
+      - name: Install nextcloud/ocp
+        run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
+
+      - name: Run coding standards check
+        run: composer run phpstan -- --no-progress