pull code into a function #2483
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PHP Static Security Tests | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
schedule: | |
- cron: '25 17 * * 1' | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
- name: Setup PHP with PCOV | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.2' | |
ini-values: pcov.directory=. | |
coverage: pcov | |
extensions: mbstring, intl | |
- name: Validate composer.json and composer.lock | |
run: composer validate | |
- name: Cache Composer packages | |
id: composer-cache | |
uses: actions/cache@v3 | |
with: | |
path: vendor | |
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | |
restore-keys: | | |
${{ runner.os }}-php- | |
- name: Configure composer and dependencies | |
run: composer config allow-plugins.third-party/required-plugin true && composer config minimum-stability dev && composer config prefer-stable true && composer require mediawiki/oauthclient:2.0.0 && composer require vimeo/psalm designsecurity/progpilot:1.0.2 | |
- name: Install dependencies | |
if: steps.composer-cache.outputs.cache-hit != 'true' | |
run: composer install --prefer-dist -vvv --no-progress | |
- name: PHP psalm Taint | |
run: php ./vendor/bin/psalm --taint-analysis --php-version='8.2' | |
- name: PHP Design Security | |
run: ./vendor/bin/progpilot --configuration progpilot.yml html_headers.php category.php generate_template.php gitpull.php linked_pages.php process_page.php authenticate.php | |
- name: The PHP Security Checker | |
uses: symfonycorp/security-checker-action@v4 | |
- name: PHP Security Checker | |
uses: StephaneBour/[email protected] | |