name: Psalm Security Analysis

on:
  pull_request:
  push:
    branches:
      - master
      - stable*

jobs:
  psalm:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          submodules: recursive
      - name: Psalm
        uses: docker://vimeo/psalm-github-actions:4.9.3
        with:
          security_analysis: true
          composer_ignore_platform_reqs: false
          report_file: results.sarif
      - name: Upload Security Analysis results to GitHub
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif