From 1e6c8bca58195d80e2860f88e56c77f6cfb4d23b Mon Sep 17 00:00:00 2001 From: meteor Date: Tue, 27 Aug 2024 16:04:34 +0400 Subject: [PATCH 1/4] Added code analysis --- .github/workflows/codeql-analysis.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..677c3961 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,25 @@ +name: Psalm PHP Code Security Scan +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] +jobs: + analyze: + runs-on: [ubuntu-latest] + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Psalm + uses: docker://ghcr.io/psalm/psalm-github-actions + with: + security_analysis: true + report_file: results.sarif + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif \ No newline at end of file From a0bffa82cb6122ba8cd19f9767f6f455c948ce0d Mon Sep 17 00:00:00 2001 From: meteor Date: Tue, 27 Aug 2024 16:09:01 +0400 Subject: [PATCH 2/4] Added relative_dir --- .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 677c3961..6623215c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -19,6 +19,7 @@ jobs: with: security_analysis: true report_file: results.sarif + relative_dir: ./invalidation - name: Upload Security Analysis results to GitHub uses: github/codeql-action/upload-sarif@v3 with: From 9c2bfff70da2f614876baec61f519b2429744f21 Mon Sep 17 00:00:00 2001 From: meteor Date: Tue, 27 Aug 2024 16:18:33 +0400 Subject: [PATCH 3/4] removed relative_dir --- .github/workflows/codeql-analysis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6623215c..677c3961 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -19,7 +19,6 @@ jobs: with: security_analysis: true report_file: results.sarif - relative_dir: ./invalidation - name: Upload Security Analysis results to GitHub uses: github/codeql-action/upload-sarif@v3 with: From 59fd2b013f8c62b4ffaaf0bcfeffe8057d491066 Mon Sep 17 00:00:00 2001 From: meteor Date: Tue, 27 Aug 2024 16:23:49 +0400 Subject: [PATCH 4/4] added composer.json --- .gitignore | 1 - composer.json | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 composer.json diff --git a/.gitignore b/.gitignore index e84e84e3..67e9f06e 100644 --- a/.gitignore +++ b/.gitignore @@ -6,7 +6,6 @@ .phpunit.result.cache .travis.yml bin/ -composer.json composer.lock phpunit.xml.dist tests/ diff --git a/composer.json b/composer.json new file mode 100644 index 00000000..9a0eda3e --- /dev/null +++ b/composer.json @@ -0,0 +1,9 @@ +{ + "require": { + "wp-cli/wp-cli-bundle": "^2.9" + }, + "require-dev": { + "phpunit/phpunit": "^8", + "yoast/phpunit-polyfills": "^2.0" + } +}