Tim Basten
39fcb55904
All checks were successful
linter / quality (pull_request) Successful in 1m23s
security / Dependency Audit (pull_request) Successful in 1m21s
security / Static Analysis (pull_request) Successful in 1m32s
tests / ci (8.4) (pull_request) Successful in 1m42s
tests / ci (8.5) (pull_request) Successful in 1m31s
Adds a new GitHub Actions workflow that runs dependency vulnerability checks for both PHP and Node packages, plus PHPStan static analysis with Larastan. Includes a baseline for existing errors.
68 lines
1.6 KiB
YAML
68 lines
1.6 KiB
YAML
name: security
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- develop
|
|
- main
|
|
- master
|
|
pull_request:
|
|
branches:
|
|
- develop
|
|
- main
|
|
- master
|
|
|
|
jobs:
|
|
audit:
|
|
name: Dependency Audit
|
|
runs-on: ubuntu-latest
|
|
environment: Testing
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Setup PHP
|
|
uses: shivammathur/setup-php@v2
|
|
with:
|
|
php-version: '8.4'
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '22'
|
|
|
|
- name: Add Flux Credentials Loaded From ENV
|
|
run: composer config http-basic.composer.fluxui.dev "${{ secrets.FLUX_USERNAME }}" "${{ secrets.FLUX_LICENSE_KEY }}"
|
|
|
|
- name: Install PHP Dependencies
|
|
run: composer install --no-interaction --prefer-dist --optimize-autoloader
|
|
|
|
- name: Install Node Dependencies
|
|
run: npm install
|
|
|
|
- name: Composer Audit
|
|
run: composer audit
|
|
|
|
- name: NPM Audit
|
|
run: npm audit --omit=dev
|
|
|
|
phpstan:
|
|
name: Static Analysis
|
|
runs-on: ubuntu-latest
|
|
environment: Testing
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Setup PHP
|
|
uses: shivammathur/setup-php@v2
|
|
with:
|
|
php-version: '8.4'
|
|
|
|
- name: Add Flux Credentials Loaded From ENV
|
|
run: composer config http-basic.composer.fluxui.dev "${{ secrets.FLUX_USERNAME }}" "${{ secrets.FLUX_LICENSE_KEY }}"
|
|
|
|
- name: Install Dependencies
|
|
run: composer install --no-interaction --prefer-dist --optimize-autoloader
|
|
|
|
- name: Run PHPStan
|
|
run: vendor/bin/phpstan analyse --no-progress
|