PHP Code Analysis #25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PHP Code Analysis | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "master" ] | |
| paths: | |
| - "plugins/**" | |
| pull_request: | |
| branches: [ "master" ] | |
| paths: | |
| - "plugins/**" | |
| permissions: | |
| contents: read | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| # This config file gets auto-loaded by Psalm | |
| # !!!! The old bcc-signon plugin and the bcc-wp-proxy plugin are excluded from analysis! | |
| - name: Set Psalm config | |
| run: | | |
| cat <<'EOF' > psalm.xml | |
| <?xml version="1.0"?> | |
| <!-- Psalm has levels of strictness (errorLevel) from 1 (most strict) to 8 (most lenient). --> | |
| <psalm | |
| xmlns="https://getpsalm.org/schema/config" | |
| errorLevel="2" | |
| threads=8 | |
| scanThreads=8 | |
| > | |
| <projectFiles> | |
| <directory name="plugins" /> | |
| <ignoreFiles> | |
| <directory name="plugins/bcc-signon" /> | |
| <directory name="plugins/bcc-wp-proxy" /> | |
| </ignoreFiles> | |
| </projectFiles> | |
| <stubs> | |
| <file name="custom-defs.stub" /> | |
| </stubs> | |
| <plugins> | |
| <pluginClass class="PsalmWordPress\Plugin"> | |
| <requireAllParams value="true" /> | |
| </pluginClass> | |
| </plugins> | |
| </psalm> | |
| EOF | |
| - name: Create stubs for dependency functions (e.g. other plugin funcions). If this grows too big it can be commited as a separate file | |
| run: | | |
| cat <<'EOF' > custom-defs.stub | |
| <?php | |
| /** | |
| * @param mixed $post_id | |
| * @return mixed|null | |
| */ | |
| function get_field( | |
| string $selector, | |
| $post_id = false, | |
| bool $format_value = true, | |
| bool $escape_html = false | |
| ) {}; | |
| /** | |
| * @return string | |
| */ | |
| function get_culture() {}; | |
| EOF | |
| - name: Install Psalm and Wordpress stubs | |
| run: | | |
| composer require --dev vimeo/psalm | |
| composer require --dev humanmade/psalm-plugin-wordpress | |
| cat psalm.xml | |
| ls | |
| - name: Run Psalm | |
| uses: docker://ghcr.io/psalm/psalm-github-actions | |
| with: | |
| security_analysis: true | |