1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
# SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Psalm static code analysis
on:
pull_request:
push:
branches:
- main
- master
- stable*
paths:
- '.github/workflows/static-code-analysis.yml'
- '**.php'
concurrency:
group: static-code-analysis-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
static-code-analysis:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: true
- name: Set up php
uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 #v2.32.0
with:
php-version: '8.1'
extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
coverage: none
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Composer install
run: composer i
- name: Psalm
run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline
- name: Show potential changes in Psalm baseline
if: always()
run: git diff --exit-code -- . ':!lib/composer'
static-code-analysis-security:
runs-on: ubuntu-latest
if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: true
- name: Set up php
uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 #v2.32.0
with:
php-version: '8.1'
extensions: ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
coverage: none
- name: Composer install
run: composer i
- name: Psalm taint analysis
run: composer run psalm:security -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif
- name: Show potential changes in Psalm baseline
if: always()
run: git diff --exit-code -- . ':!lib/composer'
- name: Upload Security Analysis results to GitHub
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
static-code-analysis-ocp:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: true
- name: Set up php
uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 #v2.32.0
with:
php-version: '8.1'
extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
coverage: none
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Composer install
run: composer i
- name: Psalm
run: composer run psalm:ocp -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline
- name: Show potential changes in Psalm baseline
if: always()
run: git diff --exit-code -- . ':!lib/composer'
static-code-analysis-ncu:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: true
- name: Set up php
uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 #v2.32.0
with:
php-version: '8.1'
extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
coverage: none
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Composer install
run: composer i
- name: Psalm
run: composer run psalm:ncu -- --threads=1 --monochrome --no-progress --output-format=github
|
