mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73698 Commits
374 Branches
Tree: 2b39c33b67
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2b39c33b67'
${ noResults }
nextcloud/.github/workflows/static-code-analysis.yml

static-code-analysis.yml 2.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. name: Psalm static code analysis

  2. 

  3. on:

  4.   pull_request:

  5. 

  6. concurrency:

  7.   group: static-code-analysis-${{ github.head_ref || github.run_id }}

  8.   cancel-in-progress: true

  9. 

  10. jobs:

  11.   static-code-analysis:

  12.     runs-on: ubuntu-latest

  13. 

  14.     if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

  15. 

  16.     steps:

  17.       - name: Checkout

  18.         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633

  19.         with:

  20.           submodules: true

  21. 

  22.       - name: Set up php

  23.         uses: shivammathur/setup-php@v2

  24.         with:

  25.           php-version: '8.0'

  26.           extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip

  27.           coverage: none

  28.         env:

  29.           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  30. 

  31.       - name: Composer install

  32.         run: composer i

  33. 

  34.       - name: Psalm

  35.         run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif

  36. 

  37.       - name: Show potential changes in Psalm baseline

  38.         if: always()

  39.         run: git diff -- . ':!lib/composer'

  40. 

  41.       - name: Upload Analysis results to GitHub

  42.         if: always()

  43.         uses: github/codeql-action/upload-sarif@v3

  44.         with:

  45.           sarif_file: results.sarif

  46. 

  47.   static-code-analysis-security:

  48.     runs-on: ubuntu-latest

  49. 

  50.     steps:

  51.       - name: Checkout code

  52.         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633

  53.         with:

  54.           submodules: true

  55. 

  56.       - name: Set up php

  57.         uses: shivammathur/setup-php@master

  58.         with:

  59.           php-version: '8.0'

  60.           extensions: ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip

  61.           coverage: none

  62. 

  63.       - name: Composer install

  64.         run: composer i

  65. 

  66.       - name: Psalm taint analysis

  67.         run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis

  68. 

  69.       - name: Upload Security Analysis results to GitHub

  70.         if: always()

  71.         uses: github/codeql-action/upload-sarif@v3

  72.         with:

  73.           sarif_file: results.sarif

  74. 

  75.   static-code-analysis-ocp:

  76.     runs-on: ubuntu-latest

  77. 

  78.     steps:

  79.       - name: Checkout

  80.         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633

  81.         with:

  82.           submodules: true

  83. 

  84.       - name: Set up php

  85.         uses: shivammathur/setup-php@v2

  86.         with:

  87.           php-version: '8.0'

  88.           extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip

  89.           coverage: none

  90.         env:

  91.           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  92. 

  93.       - name: Composer install

  94.         run: composer i

  95. 

  96.       - name: Psalm

  97.         run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline

  98. 

  99.       - name: Show potential changes in Psalm baseline

  100.         if: always()

  101.         run: git diff -- . ':!lib/composer'