name: Psalm

on:
  pull_request:
  push:
    branches:
      - master
      - stable*

jobs:
  generate-report:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          submodules: true

      - name: Set up php
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.0'
          extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none

      - name: Composer install
        run: composer i

      - name: Psalm
        # Make sure we pass and still upload the report
        continue-on-error: true
        run: composer run psalm -- --monochrome --no-progress --output-format=github --report=psalm.sarif

      - name: Upload report to GitHub
        if: always()
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: psalm.sarif

  generate-security-report:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          submodules: true

      - name: Set up php
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.0'
          extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none

      - name: Composer install
        run: composer i

      - name: Psalm
        # Make sure we pass and still upload the report
        continue-on-error: true
        run: composer run psalm -- --monochrome --no-progress --output-format=github --taint-analysis --report=psalm.sarif

      - name: Upload report to GitHub
        if: always()
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: psalm.sarif