aboutsummaryrefslogtreecommitdiffstats
path: root/.github
diff options
context:
space:
mode:
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/static-code-analysis.yml2
-rw-r--r--.github/workflows/update-psalm-baseline-approve-merge.yml52
-rw-r--r--.github/workflows/update-psalm-baseline.yml69
3 files changed, 1 insertions, 122 deletions
diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml
index 3c78c093b9c..63b7e947abd 100644
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@@ -66,7 +66,7 @@ jobs:
run: composer i
- name: Psalm taint analysis
- run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis
+ run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis --ignore-baseline
- name: Upload Security Analysis results to GitHub
if: always()
diff --git a/.github/workflows/update-psalm-baseline-approve-merge.yml b/.github/workflows/update-psalm-baseline-approve-merge.yml
deleted file mode 100644
index d554527c7e8..00000000000
--- a/.github/workflows/update-psalm-baseline-approve-merge.yml
+++ /dev/null
@@ -1,52 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: Auto approve psalm baseline update
-
-on:
- pull_request_target:
- branches:
- - main
- - master
- - stable*
-
-permissions:
- contents: read
-
-concurrency:
- group: update-psalm-baseline-approve-merge-${{ github.head_ref || github.run_id }}
- cancel-in-progress: true
-
-jobs:
- auto-approve-merge:
- if: github.actor == 'nextcloud-command'
- runs-on: ubuntu-latest-low
- permissions:
- # for hmarr/auto-approve-action to approve PRs
- pull-requests: write
- # for alexwilson/enable-github-automerge-action to approve PRs
- contents: write
-
- steps:
- - name: Disabled on forks
- if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
- run: |
- echo 'Can not approve PRs from forks'
- exit 1
-
- - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
- id: branchname
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- # GitHub actions bot approve
- - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
- if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
-
- # Enable GitHub auto merge
- - name: Auto merge
- uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # main
- if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update-psalm-baseline.yml b/.github/workflows/update-psalm-baseline.yml
deleted file mode 100644
index 1fdf399ebea..00000000000
--- a/.github/workflows/update-psalm-baseline.yml
+++ /dev/null
@@ -1,69 +0,0 @@
-# SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: Update Psalm baseline
-
-on:
- workflow_dispatch:
- schedule:
- - cron: "5 2 * * *"
-
-jobs:
- update-psalm-baseline:
- runs-on: ubuntu-latest
-
- if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
-
- strategy:
- fail-fast: false
- matrix:
- branches: ['master', 'stable30', 'stable29', 'stable28']
-
- name: update-psalm-baseline-${{ matrix.branches }}
-
- steps:
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- with:
- ref: ${{ matrix.branches }}
- submodules: true
-
- - name: Set up php
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
- with:
- php-version: '8.1'
- extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
- coverage: none
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Composer install
- run: composer install
-
- - name: Psalm
- run: composer run psalm:ci -- --monochrome --no-progress --output-format=text --update-baseline
- continue-on-error: true
-
- - name: Psalm OCP
- run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline
- continue-on-error: true
-
- - name: Reset composer
- run: |
- git clean -f lib/composer
- git checkout composer.json composer.lock lib/composer
-
- - name: Create Pull Request
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
- with:
- token: ${{ secrets.COMMAND_BOT_PAT }}
- commit-message: 'chore(tests): Update psalm baseline'
- committer: GitHub <noreply@github.com>
- author: nextcloud-command <nextcloud-command@users.noreply.github.com>
- signoff: true
- branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline'
- title: '[${{ matrix.branches }}] Update psalm-baseline.xml'
- body: |
- Auto-generated update psalm-baseline.xml with fixed psalm warnings
- labels: |
- automated pr
- 3. to review
- team-reviewers: server-backend