-
Notifications
You must be signed in to change notification settings - Fork 1
56 lines (44 loc) · 1.43 KB
/
static-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: "Static Analysis"
on:
pull_request:
push:
branches:
- "master"
jobs:
static-analysis-phpstan:
name: "Static Analysis with PHPStan"
runs-on: "ubuntu-22.04"
steps:
- name: "Checkout code"
uses: "actions/checkout@v4"
- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
with:
php-version: "8.1"
coverage: "none"
extensions: "json, mbstring"
tools: "cs2pr"
- name: "Install dependencies with Composer"
uses: "ramsey/composer-install@v1"
- name: "Run a static analysis with phpstan/phpstan"
run: "vendor/bin/phpstan --error-format=checkstyle | cs2pr"
static-analysis-psalm:
name: "Static Analysis with Psalm"
runs-on: "ubuntu-22.04"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
with:
coverage: "none"
php-version: "${{ matrix.php-version }}"
tools: "cs2pr"
- name: "Install dependencies with Composer"
uses: "ramsey/composer-install@v1"
- name: "Run a static analysis with vimeo/psalm"
run: "vendor/bin/psalm --output-format=github --shepherd --taint-analysis --report=results.sarif"
- name: Upload Security Analysis results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif