name: security.txt checks

on:
  schedule:
    - cron: '37 13 * * *'
  workflow_dispatch:

permissions:
  contents: read

jobs:
  securitytxt:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        php-version:
          - "8.3"
        host:
          - www.michalspacek.cz
          - www.michalspacek.com
          - upcwifikeys.com
    steps:
    - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2
      with:
        coverage: none
        php-version: ${{ matrix.php-version }}
        extensions: gnupg
    - name: Install the checker
      run: composer require spaze/security-txt:dev-main
    - name: Check security.txt at ${{ matrix.host }}
      run: |
        php \
        vendor/spaze/security-txt/bin/checksecuritytxt.php \
        ${{ matrix.host }} \
        10 \
        --colors \
        --no-ipv6 \
        --strict