diff options
| author | Daniel <mail@danielkesselberg.de> | 2024-10-01 10:46:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-01 10:46:38 +0200 |
| commit | f0f4a31e7cf05f22929855585ab6bb702be75ede (patch) | |
| tree | 12e3fef14f0a1c6808d71ae7bc511ffd8b72cddb /.github | |
| parent | e2e5de8724e3af175cbf2d61052a47627b607520 (diff) | |
| parent | 570a9e208fa638c35f5ec1c9754acf2a66aa587d (diff) | |
| download | nextcloud-server-f0f4a31e7cf05f22929855585ab6bb702be75ede.tar.gz nextcloud-server-f0f4a31e7cf05f22929855585ab6bb702be75ede.zip | |
Merge pull request #48476 from nextcloud/ci/noid/improve-running-psalm-locally
ci: Don't upload output of normal psalm to GitHub Security section
Diffstat (limited to '.github')
| -rw-r--r-- | .github/CODEOWNERS | 2 | ||||
| -rw-r--r-- | .github/workflows/static-code-analysis.yml | 16 |
2 files changed, 8 insertions, 10 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e448bf922ce..afe17a95f84 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -37,9 +37,9 @@ /apps/files_trashbin/src* @skjnldsv # Security team +/build/psalm-baseline-security.xml @nickvergessen /resources/codesigning @mgallien @miaulalala @nickvergessen /resources/config/ca-bundle.crt @ChristophWurst @miaulalala @nickvergessen -/.drone.yml @nickvergessen # Two-Factor Authentication # https://github.com/nextcloud/wg-two-factor-authentication#members diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 32e08067b91..2e22ff533c8 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -34,18 +34,12 @@ jobs: run: composer i - name: Psalm - run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif + run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline - name: Show potential changes in Psalm baseline if: always() run: git diff --exit-code -- . ':!lib/composer' - - name: Upload Analysis results to GitHub - if: always() - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: results.sarif - static-code-analysis-security: runs-on: ubuntu-latest @@ -66,7 +60,11 @@ jobs: run: composer i - name: Psalm taint analysis - run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis --ignore-baseline + run: composer run psalm:security -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif + + - name: Show potential changes in Psalm baseline + if: always() + run: git diff --exit-code -- . ':!lib/composer' - name: Upload Security Analysis results to GitHub if: always() @@ -96,7 +94,7 @@ jobs: run: composer i - name: Psalm - run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline + run: composer run psalm:ocp -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline - name: Show potential changes in Psalm baseline if: always() |