diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/CODEOWNERS | 2 | ||||
| -rw-r--r-- | .github/workflows/static-code-analysis.yml | 16 |
2 files changed, 8 insertions, 10 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e448bf922ce..afe17a95f84 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -37,9 +37,9 @@ /apps/files_trashbin/src* @skjnldsv # Security team +/build/psalm-baseline-security.xml @nickvergessen /resources/codesigning @mgallien @miaulalala @nickvergessen /resources/config/ca-bundle.crt @ChristophWurst @miaulalala @nickvergessen -/.drone.yml @nickvergessen # Two-Factor Authentication # https://github.com/nextcloud/wg-two-factor-authentication#members diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 32e08067b91..2e22ff533c8 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -34,18 +34,12 @@ jobs: run: composer i - name: Psalm - run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif + run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline - name: Show potential changes in Psalm baseline if: always() run: git diff --exit-code -- . ':!lib/composer' - - name: Upload Analysis results to GitHub - if: always() - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: results.sarif - static-code-analysis-security: runs-on: ubuntu-latest @@ -66,7 +60,11 @@ jobs: run: composer i - name: Psalm taint analysis - run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis --ignore-baseline + run: composer run psalm:security -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif + + - name: Show potential changes in Psalm baseline + if: always() + run: git diff --exit-code -- . ':!lib/composer' - name: Upload Security Analysis results to GitHub if: always() @@ -96,7 +94,7 @@ jobs: run: composer i - name: Psalm - run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline + run: composer run psalm:ocp -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline - name: Show potential changes in Psalm baseline if: always() |