composer_ignore_platform_reqs should check for "true", not "false"

[ChristophWurst]

I wanted to add ext-zip to our project at nextcloud/server#24835. Ever since our CI fails on the Psalm security check because it's not possible to ignore (or install) platform deps.

Does composer_ignore_platform_reqs not work when paired with security_analysis?

Run docker://vimeo/psalm-github-actions
  with:
    security_analysis: true
    composer_ignore_platform_reqs: true
    report_file: results.sarif
/usr/bin/docker run --name vimeopsalmgithubactions_af1ec5 --label 442333 --workdir /github/workspace --rm -e INPUT_SECURITY_ANALYSIS -e INPUT_COMPOSER_IGNORE_PLATFORM_REQS -e INPUT_REPORT_FILE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/server/server":"/github/workspace" vimeo/psalm-github-actions
composer install --no-scripts --no-progress --no-dev 
  Installing dependencies from lock file
  Verifying lock file contents can be installed on current platform.
  Your lock file does not contain a compatible set of packages. Please run composer update.
  Error: Your lock file does not contain a compatible set of packages. Please run composer update.
  
    Problem 1
      - Root composer.json requires PHP extension ext-zip * but it is missing from your system. Install or enable PHP's zip extension.

^ --ignore-platform-reqs flag is missing from the composer install

[aromka]

If you look at entry point - https://github.com/psalm/psalm-github-actions/blob/master/entrypoint.sh - that flag should be false for it to work.

- name: Psalm Security Scan
          uses: docker://vimeo/psalm-github-actions
          with:
            composer_require_dev: false
            composer_ignore_platform_reqs: false
            security_analysis: true
            report_file: results.sarif

Docs are wrong but if you set it to false then it does the trick.

[ChristophWurst]

What about #26? Wasn't that supposed to fix this?

[ChristophWurst]

It works with composer_ignore_platform_reqs=false because

psalm-github-actions/entrypoint.sh

Line 50 in a5269d2

if [ "$CHECK_PLATFORM_REQUIREMENTS" = "false" ] || [ "$INPUT_COMPOSER_IGNORE_PLATFORM_REQS" = "false" ]; then

checks for false and not true.

[Blacksmoke16]

Resolved via #29.

@muglug Can we get docker images added for newer psalm versions as well? https://hub.docker.com/r/vimeo/psalm-github-actions/tags only has up to 4.10.0.