@@ -14,10 +14,49 @@ jobs:
1414 matrix :
1515 php-versions : [ '8.0', '8.1', '8.2', '8.3' ]
1616 name : Analyze PHP ${{ matrix.php-versions }}
17- uses : tithely/php-workflows/.github/workflows/codeql.yml@main
18- with :
19- github-event-name : ${{ github.event_name }}
20- php-version : ${{ matrix.php-versions }}
21- php-extensions : " "
22- secrets :
23- actions-access-token : ${{ secrets.ACTIONS_ACCESS_TOKEN }}
17+ runs-on : ubuntu-latest
18+ timeout-minutes : 10
19+
20+ steps :
21+ - uses : actions/checkout@v3
22+ name : Check Out Code
23+
24+ - name : Setup PHP
25+ uses : shivammathur/setup-php@v2
26+ with :
27+ php-version : ${{ matrix.php-versions }}
28+ tools : pecl
29+ extensions : " "
30+
31+ - name : Validate composer.json and composer.lock
32+ run : composer validate
33+
34+ - name : Setup Composer Access
35+ run : composer config -g github-oauth.github.com ${{ secrets.GITHUB_TOKEN }}
36+
37+ - name : Cache Composer packages
38+ id : composer-cache
39+ uses : actions/cache@v4
40+ with :
41+ path : vendor
42+ key : ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
43+ restore-keys : |
44+ ${{ runner.os }}-composer-
45+
46+ name : Install dependencies
47+ if : steps.composer-cache.outputs.cache-hit != 'true'
48+ run : composer install --prefer-dist --no-progress --optimize-autoloader
49+
50+ - name : Perform CodeQL Analysis using Psalm
51+ run : |
52+ if [ "${{ github.event_name }}" == "pull_request" ]; then
53+ vendor/bin/psalm --diff --output-format=sarif --report=psalm-report.sarif || true
54+ else
55+ vendor/bin/psalm --no-diff --output-format=sarif --report=psalm-report.sarif || true
56+ fi
57+ continue-on-error : true
58+
59+ - name : Upload SARIF report
60+ uses : github/codeql-action/upload-sarif@v3
61+ with :
62+ sarif_file : psalm-report.sarif
0 commit comments