|
| 1 | +# Run Psalm Shared Workflow |
1 | 2 | name: "CodeQL" |
2 | 3 |
|
3 | 4 | on: |
|
6 | 7 | pull_request: |
7 | 8 | branches: [ "master" ] |
8 | 9 | schedule: |
9 | | - - cron: '30 12 * * 1' |
| 10 | + - cron: '30 12 1,15 * *' |
10 | 11 |
|
11 | 12 | jobs: |
12 | | - analyze: |
| 13 | + quality: |
13 | 14 | strategy: |
14 | 15 | matrix: |
15 | 16 | php-versions: [ '8.0', '8.1', '8.2', '8.3' ] |
16 | | - name: Analyze PHP ${{ matrix.php-versions }} |
17 | 17 | runs-on: ubuntu-latest |
18 | 18 | timeout-minutes: 10 |
| 19 | + name: Psalm Code Quality on PHP ${{ matrix.php-versions }} |
19 | 20 |
|
20 | 21 | steps: |
21 | | - - uses: actions/checkout@v3 |
| 22 | + - uses: actions/checkout@v6 |
22 | 23 | name: Check Out Code |
23 | 24 |
|
24 | | - - name: Setup PHP |
25 | | - uses: shivammathur/setup-php@v2 |
| 25 | + - name: Psalm |
| 26 | + uses: docker://ghcr.io/psalm/psalm-github-actions |
26 | 27 | with: |
27 | | - php-version: ${{ matrix.php-versions }} |
28 | | - tools: pecl |
29 | | - extensions: "" |
30 | | - |
31 | | - - name: Validate composer.json and composer.lock |
32 | | - run: composer validate |
33 | | - |
34 | | - - name: Setup Composer Access |
35 | | - run: composer config -g github-oauth.github.com ${{ secrets.GITHUB_TOKEN }} |
36 | | - |
37 | | - - name: Cache Composer packages |
38 | | - id: composer-cache |
39 | | - uses: actions/cache@v4 |
| 28 | + php_version: ${{ matrix.php-versions }} |
| 29 | + report_file: psalm-report.sarif |
| 30 | + continue-on-error: true |
| 31 | + |
| 32 | + - name: Upload SARIF report |
| 33 | + uses: github/codeql-action/upload-sarif@v4 |
| 34 | + with: |
| 35 | + sarif_file: psalm-report.sarif |
| 36 | + |
| 37 | + security: |
| 38 | + strategy: |
| 39 | + matrix: |
| 40 | + php-versions: [ '8.0', '8.1', '8.2', '8.3' ] |
| 41 | + runs-on: ubuntu-latest |
| 42 | + timeout-minutes: 10 |
| 43 | + name: Psalm Code Security on PHP ${{ matrix.php-versions }} |
| 44 | + |
| 45 | + steps: |
| 46 | + - uses: actions/checkout@v6 |
| 47 | + name: Check Out Code |
| 48 | + |
| 49 | + - name: Psalm |
| 50 | + uses: docker://ghcr.io/psalm/psalm-github-actions |
40 | 51 | with: |
41 | | - path: vendor |
42 | | - key: ${{ runner.os }}-composer-${{ matrix.php-versions }}-${{ hashFiles('**/composer.lock') }} |
43 | | - restore-keys: | |
44 | | - ${{ runner.os }}-composer-${{ matrix.php-versions }}- |
45 | | - ${{ runner.os }}-composer- |
46 | | -
|
47 | | - - name: Install dependencies |
48 | | - if: steps.composer-cache.outputs.cache-hit != 'true' |
49 | | - run: composer install --prefer-dist --no-progress --optimize-autoloader |
50 | | - |
51 | | - - name: Perform CodeQL Analysis using Psalm |
52 | | - run: | |
53 | | - if [ "${{ github.event_name }}" == "pull_request" ]; then |
54 | | - vendor/bin/psalm --diff --output-format=sarif --report=psalm-report.sarif || true |
55 | | - else |
56 | | - vendor/bin/psalm --no-diff --output-format=sarif --report=psalm-report.sarif || true |
57 | | - fi |
| 52 | + php_version: ${{ matrix.php-versions }} |
| 53 | + security_analysis: true |
| 54 | + report_file: psalm-report.sarif |
58 | 55 | continue-on-error: true |
59 | 56 |
|
60 | 57 | - name: Upload SARIF report |
61 | | - uses: github/codeql-action/upload-sarif@v3 |
| 58 | + uses: github/codeql-action/upload-sarif@v4 |
62 | 59 | with: |
63 | 60 | sarif_file: psalm-report.sarif |
0 commit comments