123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 |
- # SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
- # SPDX-License-Identifier: MIT
- name: Psalm static code analysis
- on:
- pull_request:
- concurrency:
- group: static-code-analysis-${{ github.head_ref || github.run_id }}
- cancel-in-progress: true
- jobs:
- static-code-analysis:
- runs-on: ubuntu-latest
- if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
- steps:
- - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- with:
- submodules: true
- - name: Set up php
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
- with:
- php-version: '8.1'
- extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
- coverage: none
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Composer install
- run: composer i
- - name: Psalm
- run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif
- - name: Show potential changes in Psalm baseline
- if: always()
- run: git diff -- . ':!lib/composer'
- - name: Upload Analysis results to GitHub
- if: always()
- uses: github/codeql-action/upload-sarif@v3
- with:
- sarif_file: results.sarif
- static-code-analysis-security:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- with:
- submodules: true
- - name: Set up php
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
- with:
- php-version: '8.1'
- extensions: ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
- coverage: none
- - name: Composer install
- run: composer i
- - name: Psalm taint analysis
- run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis
- - name: Upload Security Analysis results to GitHub
- if: always()
- uses: github/codeql-action/upload-sarif@v3
- with:
- sarif_file: results.sarif
- static-code-analysis-ocp:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- with:
- submodules: true
- - name: Set up php
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
- with:
- php-version: '8.1'
- extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
- coverage: none
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Composer install
- run: composer i
- - name: Psalm
- run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline
- - name: Show potential changes in Psalm baseline
- if: always()
- run: git diff -- . ':!lib/composer'
|