Migrate remaining route annotations to attributes, add PasswordAuthen… #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Code scanning" | |
| on: | |
| push: | |
| branches: [ develop, main, master, release/*, hotfix/* ] | |
| pull_request: | |
| branches: [ develop ] | |
| schedule: | |
| - cron: '0 9 * * 1' | |
| jobs: | |
| code-scanning-php-analyze: | |
| name: Perform code scanning (PHP) - Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Upgrade PHP version | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.1' | |
| # Install Psalm | |
| - name: Install Psalm | |
| shell: bash | |
| run: composer global require vimeo/psalm --prefer-dist --no-progress --dev | |
| - name: Composer install | |
| shell: bash | |
| run: composer install --no-scripts --no-progress | |
| - name: Run psalm init before installing any plugins | |
| shell: bash | |
| run: |- | |
| ~/.composer/vendor/bin/psalm --version | |
| ~/.composer/vendor/bin/psalm --root=. --init | |
| # Perform analysis | |
| - name: Psalm run taint analysis | |
| run: |- | |
| ~/.composer/vendor/bin/psalm --root=. --version | |
| ~/.composer/vendor/bin/psalm --root=. --output-format=github --taint-analysis --report=results-taint-analysis.sarif | |
| # Upload SARIF format (supported by GitHub) to the repository | |
| - name: Upload Security Analysis results to GitHub | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: results-taint-analysis.sarif | |
| code-scanning-php-codescan: | |
| name: Perform code scanning (PHP) - Code scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Upgrade PHP version | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.1' | |
| # Install Psalm | |
| - name: Install Psalm | |
| shell: bash | |
| run: composer global require vimeo/psalm --prefer-dist --no-progress --dev | |
| - name: Composer install | |
| shell: bash | |
| run: composer install --no-scripts --no-progress | |
| - name: Run psalm init before installing any plugins | |
| shell: bash | |
| run: |- | |
| ~/.composer/vendor/bin/psalm --version | |
| ~/.composer/vendor/bin/psalm --root=. --init | |
| # Perform analysis | |
| - name: Psalm run normal | |
| continue-on-error: true | |
| run: |- | |
| ~/.composer/vendor/bin/psalm --root=. --version | |
| ~/.composer/vendor/bin/psalm --root=. --output-format=github --report=results-normal.sarif --report-show-info=false | |
| # Upload SARIF format (supported by GitHub) to the repository | |
| - name: Upload normal results to GitHub | |
| if: always() | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: results-normal.sarif |