picomapper/.github/workflows/codeql.yml at master · tithely/picomapper · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Run Psalm Shared Workflow
name: "CodeQL"

on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]
  schedule:
    - cron: '30 12 1,15 * *'

jobs:
  quality:
    strategy:
      matrix:
        php-versions: [ '8.0', '8.1', '8.2', '8.3' ]
    runs-on: ubuntu-latest
    timeout-minutes: 10
    name: Psalm Code Quality on PHP ${{ matrix.php-versions }}

    steps:
      - uses: actions/checkout@v6
        name: Check Out Code

      - name: Psalm
        uses: docker://ghcr.io/psalm/psalm-github-actions
        with:
          php_version: ${{ matrix.php-versions }}
          report_file: psalm-report.sarif
        continue-on-error: true

      - name: Upload SARIF report
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: psalm-report.sarif

  security:
    strategy:
      matrix:
        php-versions: [ '8.0', '8.1', '8.2', '8.3' ]
    runs-on: ubuntu-latest
    timeout-minutes: 10
    name: Psalm Code Security on PHP ${{ matrix.php-versions }}

    steps:
      - uses: actions/checkout@v6
        name: Check Out Code

      - name: Psalm
        uses: docker://ghcr.io/psalm/psalm-github-actions
        with:
          php_version: ${{ matrix.php-versions }}
          security_analysis: true
          report_file: psalm-report.sarif
        continue-on-error: true

      - name: Upload SARIF report
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: psalm-report.sarif